CyberSecurityBoard
Sponsor Register Login

Attackers Target Check Point VPNs to Access Corporate Networks

In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access.
Multiple cybersecurity vendors' solutions have been compromised, according to a recent Check Point blog post, prompting them to look into their own gear and whether it's being targeted.
Threats to Remote Access VPNs Remote access VPNs are a bit different than the VPNs most people are used to.
Where regular ones route an individual's Internet traffic through shared servers in order to conceal their Internet activity, remote access VPNs are used to provide specific individuals with secure access to specific networks.
They're useful in providing remote workers access to their employer's internal resources.
Rather than having to, say, exploit a publicly facing server, or a zero-day vulnerability, a hacker could use a remote access VPN for clean, unfettered access to an organization's IT environment.
From there, they could begin establishing persistence, probing for vulnerabilities, and much more.
The easiest way is via insufficiently protected accounts.
In the cases Check Point uncovered, attackers attempted to leverage old VPN accounts that were protected only with a single password, but otherwise up for grabs.
Protecting Remote Access VPNs To protect user accounts, besides monitoring or even disabling them, Check Point recommended that organizations require authentication checks beyond simple passwords.
Jason Soroko, senior vice president of product at Sectigo, echoes the point.
He points to the latest Ivanti VPN balagan as an indication of where VPNs naturally fall short.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 28 May 2024 19:30:28 +0000


Cyber News related to Attackers Target Check Point VPNs to Access Corporate Networks

The best travel VPNs of 2023: Expert tested and reviewed - The service you use at home may be great for streaming movies, but VPNs are also a vital tool to protect your data abroad. Connecting to Wi-Fi in an airport, hotel, or café may be convenient, but it definitely isn't secure. The best VPNs create ...
6 months ago Zdnet.com
Attackers Target Check Point VPNs to Access Corporate Networks - In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access. Multiple cybersecurity vendors' solutions have been compromised, according to a recent ...
1 month ago Darkreading.com
5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
3 months ago Techrepublic.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
1 month ago Cybersecurity-insiders.com
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
1 month ago Darkreading.com
Unveiling Free VPN Risks: Protecting Online Privacy and Security - If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network. Virtual Private Networks are specifically crafted to accomplish this task. A quality VPN channels your web ...
5 months ago Cysecurity.news
Check Point warns of threat actors targeting VPNs - Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication. The warning came via a Monday blog post urging readers to improve their VPN security ...
1 month ago Techtarget.com
The 5 Best VPN Trials of 2023: A Comprehensive Guide - In today's digital world, it's more important than ever to protect your online privacy. A Virtual Private Network (VPN) is an excellent way to start. VPNs provide tunnels that mask your online communication by encrypting data transmissions, packets, ...
1 year ago Zdnet.com
GigaOm's Cloud Network Security Radar Ranks Check Point as the Industry Leader - This article introduces GigaOm's inaugural Radar for Cloud Network Security and explains why Check Point was ranked as the Leader as well as a Fast Mover. Firstly, it is the cloudified version of Check Point's on-premises network security, from which ...
6 months ago Blog.checkpoint.com
VPN for Your Phone: Key to Global Email Security While Traveling - You'll need to enter the details of your VPN connection, including the VPN name, type, server address, and any required authentication credentials. One essential way to use a VPN is to protect your email communications. A VPN can be side-loaded for ...
6 months ago Securityboulevard.com
Hackers target Check Point VPNs to breach enterprise networks - Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured ...
1 month ago Bleepingcomputer.com
The best VPN services for iPhone and iPad in 2023: Tested and reviewed - We've analyzed and ranked the top VPN services we've tested and researched over the years that offer solid iPhone and iPad clients, good performance, strong security and are suitable for the Apple ecosystem. Also: The best travel VPNs. Based on ...
6 months ago Zdnet.com
Check Point VPN zero-day exploited in attacks since April 30 - Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. Check Point warned ...
1 month ago Bleepingcomputer.com
Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age - A U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content. While VPNs appear ...
1 month ago Cysecurity.news
Check Point discovers vulnerability tied to VPN attacks - Check Point Software Technologies disclosed a zero-day vulnerability connected to recent attempted attacks against its VPN technology. The cybersecurity vendor advised customers against using password-only authentication for local accounts and issued ...
1 month ago Techtarget.com
UAE Cybersecurity Official Warns of VPN Abuse - The top cyber official in the United Arab Emirates worries that virtual private networks are being misused in the country. UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the ...
4 months ago Darkreading.com
Check Point releases emergency fix for VPN zero-day exploited in attacks - Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. On Monday, the company first warned about a spike in attacks targeting VPN devices, ...
1 month ago Bleepingcomputer.com
5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
5 months ago Techrepublic.com
Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
6 months ago Cybersecurity-insiders.com
Unpatchable VPN Vulnerability Exposes Data to Attackers: What You Need to Know - In a recent revelation that has sent shockwaves through the cybersecurity community, researchers have unearthed a significant vulnerability in virtual private networks dubbed TunnelVision. This flaw, described as deep and unpatchable, poses a ...
1 month ago Cysecurity.news
6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
5 months ago Techrepublic.com
Enhance your VPN Security Posture! - Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises. Attackers are motivated to gain access to organizations over ...
1 month ago Blog.checkpoint.com
Check Point Supercharges Brisbane Catholic Education's Security Stack to Improve Threat Detection and Streamline Manageability - Brisbane Catholic Education is a learning community comprising more than 140 schools that deliver quality learning outcomes to 77,000 prep-to-year-12 students. BCE's education and administrative workflows are powered by a large and distributed hybrid ...
2 months ago Blog.checkpoint.com
Best VPN for streaming in 2023 - If you're traveling, or looking to avoid location-based blackouts for sports, you can often connect to a VPN server and use your streaming account to watch. In return, VPN vendors go to great lengths to make the case that their services can be used ...
6 months ago Zdnet.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)