VPN Archives - Cyber Security Minute

Iranian Hackers Deploy New Ransomware Against Israeli Firms

Issued by: DataBreach Today

Security researchers have discovered an Iran-linked APT group carrying out a new chain of ransomware attacks using a new strain of malware against Israeli organizations. Researchers at Check Point found a ransomware strain called Moneybird that is reminiscent of the Iranian Agrius group’s previous campaigns. Agrius gained notoriety for targeting Israel-based entities with wiper variants,…

Vulnerabilities

Zyxel firewall and VPN devices affected by critical flaws

Issued by: Security Affairs

Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices. Below are the description for both issues provided by the vendor in…

Network Security, Software Security

What is Zero Trust Security? Breaking Down a Zero Trust Architecture

Issued by: Panda Security

As cloud-based enterprises and remote workers continue to grow in popularity, the need to implement zero-trust security models has never been more relevant. But what is zero trust security? In short, zero trust security is a model founded on the assumption that no user or device can be trusted and must be verified — including…

Network Security, Software Security

Security tool adoption jumps, Okta report shows

Issued by: CSO Online

Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise. Okta…

Network Security

Remote.it takes steps toward zero trust with ‘single line of code’ provisioning

Issued by: CSO Online

Network management company Remote.it today announced new features for its core SaaS-based service, including support for the Okta user identification platform and Docker containers, and what it’s describing as “programmatic deployment” of zero trust networks. Essentially, the company said, the idea is to provide automated provisioning and deployment of network access to managed assetts —…

Vulnerabilities

Synology fixes multiple critical vulnerabilities in its routers

Issued by: Security Affairs

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….

Cloud Security

Tony Jarvis on Shifting Security Gears as We Move to the Cloud

Issued by: Dark Reading

The pandemic-propelled shift to work-from-home and bring-your-own-devices accelerated the already expanding move to the cloud. IDC predicts that global cloud spending will grow from $703 billion in 2021 to $1.3 trillion in 2025. Statista reports that the percentage of corporate data stored on the cloud rose from 30% in 2015 to 48% at the beginning…

Vulnerabilities

Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls

Issued by: Security Week

The flaw, tracked as CVE-2022-30525, affects ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The affected products are recommended for businesses and they provide VPN, SSL inspection, intrusion protection, web filtering and email security capabilities. The Shodan search…

Network Security

Zero Trust VPN Company Tailscale Raises $100 Million

Issued by: Security Week

The investment round was led by CRV and Insight Partners, with participation from existing investors Accel, Heavybit, Uncork Capital, and angel investors. Founded in 2019, the Toronto-based company offers a WireGuard-based private network connectivity solution with zero-config and end-to-end encryption, which integrates with services such as Google Workspace, Microsoft 365, Okta, Caddy Server, Syncthing, and…

Vulnerabilities

Citrix Patches Critical Vulnerability in ADC, Gateway

Issued by: Security Week

The most severe of the two bugs is CVE-2021-22955, a critical security hole that could lead to a DoS condition on appliances that have been configured as a VPN (Gateway) or AAA virtual server. The security flaw was identified in Citrix Application Delivery Controller (ADC, formerly NetScaler ADC), and Gateway (formerly NetScaler Gateway). Tracked as…