Check Point Software Technologies disclosed a zero-day vulnerability connected to recent attempted attacks against its VPN technology.
The cybersecurity vendor advised customers against using password-only authentication for local accounts and issued a hotfix for its Security Gateway products to block such authentication for those accounts.
In an update to the blog post on Tuesday, Check Point said it discovered the root cause of the attempted logins: A zero-day vulnerability tracked as CVE-2024-24919.
Check Point released hotfixes for the zero-day flaw and urged customers to apply the patches.
Check Point rated the severity of CVE-2024-24919 as high, though no CVSS score has been assigned to the vulnerability yet.
While the vulnerability was exploited, it's unclear whether any of the attempted attacks result in threat actors gaining access to customers' VPNs or their networks.
VPNs, along with other edge or network boundary devices, have become popular targets for a variety of threat actors in recent years.
With the shift to remote work during the COVID-19 pandemic, government agencies frequently warned that nation-state threat actors were exploiting known vulnerabilities in several VPN products to gain initial access to targeted organizations.
Cybercriminal and ransomware groups have also focused on VPNs. Last year, for example, the Akira and LockBit ransomware gangs targeted Cisco VPNs that were not configured with MFA protection.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team.
He drives breaking infosec news and trends coverage.
This Cyber News was published on www.techtarget.com. Publication date: Wed, 29 May 2024 16:13:20 +0000