Enhance your VPN Security Posture!

Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises.
Attackers are motivated to gain access to organizations over remote-access setups so they can try to discover relevant enterprise assets and users, seeking for vulnerabilities in order to gain persistence on key enterprise assets.
We have recently witnessed compromised VPN solutions, including various cyber security vendors.
In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point's customers.
By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method.
We have assembled special teams of Incident Response, Research, Technical Services and Products professionals which thoroughly explored those and any other potential related attempts.
Relying on these customers notifications and Check Point's analysis, the teams found within 24 hours a few potential customers which were subject to similar attempts.
Password-only authentication is considered an unfavourable method to ensure the highest levels of security, and we recommend not to rely on this when logging-in to network infrastructure.
Check Point has released a solution, as a preventative measure to address these unauthorised remote access attempts.
Check if you have local accounts, if they were used and by whom.
If you have local accounts which you want to use and are password-only authenticated, add another layer of authentication to increase your environments IT security.
As said, If you are a Check Point customer, deploy our solution on your Security Gateways.
This will automatically prevent unauthorized access to your VPNs by local accounts with password-only authentication method.
Learn more and receive practical guidance for configuration monitoring and practices to enhance your VPN security posture.
For any additional assistance required, please contact Check Point technical support Center or your local Check Point representative.
We value the collaboration of our customers and dedication of our teams to reach a solution which effectively addresses any such attempts.


This Cyber News was published on blog.checkpoint.com. Publication date: Mon, 27 May 2024 12:43:09 +0000


Cyber News related to Enhance your VPN Security Posture!

VPN for Your Phone: Key to Global Email Security While Traveling - You'll need to enter the details of your VPN connection, including the VPN name, type, server address, and any required authentication credentials. One essential way to use a VPN is to protect your email communications. A VPN can be side-loaded for ...
1 year ago Securityboulevard.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
7 months ago Cybersecurity-insiders.com
Mullvad VPN Review: Features, Pricing, Pros & Cons - Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Visit Mullvad VPN. Mullvad offers a flat rate of €5 or $5.48 per month, regardless of subscription length. If you're looking ...
11 months ago Techrepublic.com
Atlas VPN Free vs. Premium: Which Plan Is Best For You? - When VPN providers offer free versions, you may be inclined to stick with that version. Atlas VPN Free is a lifetime-free version of the Atlas VPN service, which allows users to enjoy VPN services in four locations. In comparison, Atlas VPN Premium ...
10 months ago Techrepublic.com
5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
9 months ago Techrepublic.com
Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
1 year ago Cybersecurity-insiders.com
5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
11 months ago Techrepublic.com
What is Security Posture? - Security posture is a term often mentioned in cybersecurity, with businesses often told to improve or maintain a robust security posture. With the onset of 2024, now is a better time than ever to take stock of your company's security posture and plan ...
11 months ago Securityboulevard.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age - A U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content. While VPNs appear ...
7 months ago Cysecurity.news
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
2 months ago Cyberdefensemagazine.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
11 months ago Techrepublic.com
Why Automation and Consolidation are Key to Restoring Confidence in Cybersecurity - Our research shows that security leaders would need to find a 40% budget increase to restore confidence in their security posture. It's unsurprising that a lack of security skills and budget - both for training as well as general cybersecurity - are ...
1 year ago Securityboulevard.com
Legit Posture Score empowers security teams to measure and manage their AppSec posture - Help Net Security - This new feature further enhances the Legit ASPM platform, providing security and development teams with the ability to measure, compare, and improve their application security posture over time, ensuring their software factories and applications in ...
2 months ago Helpnetsecurity.com
6 Benefits of Vulnerability Management - Vulnerability management is an ongoing process that helps identify, evaluate, remediate, and mitigate computer and software system vulnerabilities. It's a vital tactic in managing IT environment cybersecurity risks. Since vulnerabilities are ...
9 months ago Hackersonlineclub.com
2024 Trends for Securing Your Business Premises: Essential Strategies and Technologies - As you look ahead to 2024, the landscape of physical security is evolving rapidly, with new trends emerging that could reshape how you protect your business premises. Advances in technology, such as artificial intelligence, are playing a pivotal role ...
1 year ago Hackread.com
ZTNA over VPN Can Be a Good Place to Start Your Zero Trust Journey - Zero-trust network access has become the leading project for organizations looking to adopt zero-trust principles. Gartner predicts that 60% of organizations will be adopting zero trust by 2025,1 so there are lots of zero-trust projects going on. As ...
1 year ago Feeds.fortinet.com
Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
AVG Secure VPN vs Surfshark: Which VPN Is Better? - If you've been checking out competitor AVG Secure VPN and are wondering how it stacks up against Surfshark, I've got you covered in this review. I signed up for both VPNs and compared AVG and Surfshark head-to-head to help you decide which one is the ...
5 months ago Techrepublic.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Securityboulevard.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackersonlineclub.com
Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0 - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
9 months ago Securityboulevard.com
US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Is it possible to use an external SSD to speed up your Mac - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)