Posted on
August 25, 2019 at
5:28 PM

The assumption is that Virtual Private Networks, or VPNs, are online resources that help users encrypt their data and communications on the Internet to avoid hackers and content snoopers, gaining privacy in the process.

However, the effectiveness of a VPN brand
depends on many factors, most notably its and policies.
According to researchers at the Black Hat conference held last month
in Las Vegas, cybercriminals are performing attacks to steal passwords,
encryption keys, and other valuable information from unreliable VPN servers of
two famous brands.

These companies, namely Fortigate SSL VPN and
Pulse Secure SSL VPN, have several servers that haven’t applied some crucial
fixes, a situation that has made both of them extremely vulnerable to hackers
stealing the aforementioned information from the servers.

Problems With Unpatched
Servers

According to the investigators at the Black
Hat meeting, these vulnerabilities can be exploited if the hacker or entity
sends unpatched servers Web requests with a particular characters sequence.

The file-reading exploits were found at Fortigate, installed on nearly 500,000 servers, and Pulse Secure, found on 50,000 of them, according to information presented by Devcore Security Consulting specialists and researchers.

The folks at Devcore also unveiled other key
associated with both brands. If attackers take advantage of them, they
will be able to execute malicious code and modify passwords from a remote
location. In the case of Fortigate VPN, it developed patches for this situation
in May, whereas Pulse Secure did it in April.

However, several users have reported that once
the patches have been installed, they often experienced service disruptions
that become an obstacle for them to perform essential operations of a VPN
.

Bad Packets, a security intelligence service,
performed Internet scans in recent hours. The results pointed out that Pulse
Secure had 2,658 endpoints vulnerable to flaws that are being exploited at the
moment. According to the scan, these endpoints belonged to institutions and
organizations such as the US military and other federal, state, and local
governments agencies. Others are public universities and schools, ,
hospitals, and health care providers. The majority of endpoints are located in
the United States.

Over the past two days, cybercriminals have
spent much of their time spraying the Internet with code that tries to exploit
the situation, according to known independent researcher Kevin Beaumont.

Known Offenders

Beaumont said that he found attacks coming to
Fortigate’s way through the 91.121.209.213 IP address, one that has been
associated with misconduct in the past. Another address, the 52.56.148.178, was
discovered to spray exploits on a Friday scan with the BinaryEdge engine.

Beaumont pointed out that the offenses towards
the unpatched Pulse Secure servers are coming from 2.137.127.2, with the
exploit code becoming available this week. Independent researcher Troy Mursch,
the one behind Bad Packets, explained that he identified attacks coming from
81.40.150.167.

If a mass scan manages to spot a vulnerable or
exploitable server, it could exploit a code-execution flaw that the specialists
at Devcore unveiled.

Mursch observed that the scans target endpoints that are vulnerable to arbitrary file reading, a situation that leads to the leaking of critical data, most notably users credentials and private keys. They can, subsequently, be used to perpetrate further command injections to access private networks.

Essentially, Mursch used a server to attract
the attacker and more information about it, and the server he used to
detect said attacks also managed to spot the fact that the 2.137.127.2 IP
address was targeting the Pulse Secure exploit, as well.

His belief is that either of the IP addresses
was being operated by researchers with the intention of investigating on the
matter, scanning for unpatched servers. The “honeypot” was provided
by BinaryEdge.

The exploits are extremely delicate since they can affect that is needed to be accessible to the Internet and act as a gateway to enter parts of an entity’s network that are supposed to be private or sensitive.

Summary

Cybercriminals Are Exploiting Vulnerable Servers of Two Famous VPNs  - wAAACwAAAAAAQABAEACAkQBADs  - Cybercriminals Are Exploiting Vulnerable Servers of Two Famous VPNs

Article Name

Cybercriminals Are Exploiting Vulnerable Servers of Two Famous VPNs

Description

The file-reading exploits were found at Fortigate, installed on nearly 500,000 servers, and Pulse Secure, found on 50,000 of them, according to information presented by Devcore Security Consulting specialists and researchers.

Author


Ali Raza

Publisher Name


Koddos

Publisher Logo



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here