Hackers target Check Point VPNs to breach enterprise networks

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory.
Remote Access is integrated into all Check Point network firewalls.
It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.
Check Point says the attackers are targeting security gateways with old local accounts using insecure password-only authentication, which should be used with certificate authentication to prevent breaches.
To defend against these ongoing attacks, Check Point warned customers to check for such vulnerable accounts on Quantum Security Gateway and CloudGuard Network Security products and on Mobile Access and Remote Access VPN software blades.
Customers are advised to change the user authentication method to more secure options or delete vulnerable local accounts from the Security Management Server database.
The company has also released a Security Gateway hotfix that will block all local accounts from authenticating with a password.
In April, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti devices.
That campaign started around March 18, 2024, with the attacks originating from TOR exit nodes and using various other anonymization tools and proxies to evade blocks.
One month earlier, Cisco warned about a wave of password-spraying attacks targeting Cisco Secure Firewall devices running Remote Access VPN services, likely part of first-stage reconnaissance activity.
Last month, the company also revealed that the UAT4356 state-backed hacking group has been using zero-day bugs in Cisco Adaptive Security Appliance and Firepower Threat Defense firewalls to breach government networks worldwide since at least November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.
FBI warns of gift card fraud ring targeting retail companies.
Intercontinental Exchange to pay $10M SEC penalty over VPN breach.
Rockwell Automation warns admins to take ICS devices offline.
Norway recommends replacing SSL VPN to prevent breaches.
Microsoft fixes VPN failures caused by April Windows updates.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 27 May 2024 18:20:41 +0000


Cyber News related to Hackers target Check Point VPNs to breach enterprise networks

5 Best VPNs for Travel in 2024 - VPNs are software that encrypt your online activity and adjust your IP address, protecting sensitive company data and allowing you to access geo-restricted content at the same time. In this article, we take a look at the five best VPNs for travelers. ...
9 months ago Techrepublic.com
Zcaler ThreatLabz 2024 VPN Risk Report - The growing sophistication of cyberthreats alongside the expansion of remote workforces and cloud technologies have exposed significant vulnerabilities in VPNs. Due to their legacy architecture, VPNs grant overly broad network access once credentials ...
7 months ago Cybersecurity-insiders.com
Attackers Target Check Point VPNs to Access Corporate Networks - In recent months, researchers have observed an increase in attackers using remote access virtual private networks as a golden ticket for initial network access. Multiple cybersecurity vendors' solutions have been compromised, according to a recent ...
6 months ago Darkreading.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Check Point warns of threat actors targeting VPNs - Check Point Software Technologies warned of attempted attacks against its VPNs by targeting accounts that use passwords as the only means of authentication. The warning came via a Monday blog post urging readers to improve their VPN security ...
6 months ago Techtarget.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Unveiling Free VPN Risks: Protecting Online Privacy and Security - If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network. Virtual Private Networks are specifically crafted to accomplish this task. A quality VPN channels your web ...
11 months ago Cysecurity.news
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
7 months ago Darkreading.com
Hackers target Check Point VPNs to breach enterprise networks - Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured ...
6 months ago Bleepingcomputer.com
Check Point VPN zero-day exploited in attacks since April 30 - Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. Check Point warned ...
6 months ago Bleepingcomputer.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
VPN for Your Phone: Key to Global Email Security While Traveling - You'll need to enter the details of your VPN connection, including the VPN name, type, server address, and any required authentication credentials. One essential way to use a VPN is to protect your email communications. A VPN can be side-loaded for ...
1 year ago Securityboulevard.com
GigaOm's Cloud Network Security Radar Ranks Check Point as the Industry Leader - This article introduces GigaOm's inaugural Radar for Cloud Network Security and explains why Check Point was ranked as the Leader as well as a Fast Mover. Firstly, it is the cloudified version of Check Point's on-premises network security, from which ...
11 months ago Blog.checkpoint.com
Check Point releases emergency fix for VPN zero-day exploited in attacks - Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. On Monday, the company first warned about a spike in attacks targeting VPN devices, ...
6 months ago Bleepingcomputer.com
Unpatchable VPN Vulnerability Exposes Data to Attackers: What You Need to Know - In a recent revelation that has sent shockwaves through the cybersecurity community, researchers have unearthed a significant vulnerability in virtual private networks dubbed TunnelVision. This flaw, described as deep and unpatchable, poses a ...
7 months ago Cysecurity.news
Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age - A U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content. While VPNs appear ...
7 months ago Cysecurity.news
5 Best VPNs for Android in 2024 - See details VIsit ProtonVPN. see details Visit CyberGhost VPN. As more Android users rely on their smartphones to surf the web, virtual private networks have become essential tools to help secure your mobile connection, no matter where you are. One ...
11 months ago Techrepublic.com
Check Point discovers vulnerability tied to VPN attacks - Check Point Software Technologies disclosed a zero-day vulnerability connected to recent attempted attacks against its VPN technology. The cybersecurity vendor advised customers against using password-only authentication for local accounts and issued ...
6 months ago Techtarget.com
6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
11 months ago Techrepublic.com
UAE Cybersecurity Official Warns of VPN Abuse - The top cyber official in the United Arab Emirates worries that virtual private networks are being misused in the country. UAE residents increased their downloads of VPN apps by 1.83 million in 2023, reaching a total of 6.1 million, according to the ...
10 months ago Darkreading.com
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
10 months ago Bleepingcomputer.com
Cybersecurity Insiders - As the threat landscape rapidly evolves, VPNs cannot provide the secure, segmented access organizations need. The 2023 VPN Risk Report reveals the complexity of today's VPN management, user experience issues, vulnerabilities to diverse cyberattacks, ...
1 year ago Cybersecurity-insiders.com
Enhance your VPN Security Posture! - Over the past few months, we have observed increased interest of malicious groups in leveraging remote-access VPN environments as an entry point and attack vector into enterprises. Attackers are motivated to gain access to organizations over ...
6 months ago Blog.checkpoint.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)