Check Point Warns About Threat To ‘Old’ VPN Accounts, Releases Patch
by nlqip
![Check Point Warns About Threat To ‘Old’ VPN Accounts, Releases Patch](https://kartwheelnewz.info/wp-content/uploads/2024/05/Check-Point-Warns-About-Threat-To-‘Old-VPN-Accounts-Releases.png)
The cybersecurity vendor says that a now-fixed VPN vulnerability has been exploited in attacks.
Check Point has released emergency patches for a VPN vulnerability that the cybersecurity vendor said has been exploited in a small number of attacks.
Initially disclosed by Check Point on Monday, the company released more details Tuesday as well as fixes for the zero-day vulnerability (tracked at CVE-2024-24919) affecting its Security Gateways.
[Related: 5 Things To Know About The Latest Firewall, VPN Attacks]
In its updated advisory Tuesday, Check Point said that “the vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled.”
“The attempts we’ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication,” the company said.
A “small number of customers” are known to have been affected so far, Check Point said.
“We’re working with customers who we believe were affected to remediate the situation. Check Point’s network is not affected by this,” the company said.
In a statement provided to CRN, Check Point Chief of Staff Gil Messing said that “while there have only been a few attempts globally, it’s enough to recognize a trend and, more importantly, a straightforward way to ensure it’s unsuccessful.”
The attacks are the latest instances that involve threat actors targeting network security devices and remote access services, as a means of breaching customer environments.
Given the prime position of network security products, there’s no question that “they are big targets for attackers of all stripes,” said Caitlin Condon, director of vulnerability research and intelligence at Rapid7, in a previous interview.
Source link
lol
The cybersecurity vendor says that a now-fixed VPN vulnerability has been exploited in attacks. Check Point has released emergency patches for a VPN vulnerability that the cybersecurity vendor said has been exploited in a small number of attacks. Initially disclosed by Check Point on Monday, the company released more details Tuesday as well as fixes…
Recent Posts
- Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy
- Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security
- Friday Squid Blogging: Sunscreen from Squid Pigments
- Here Are The 8 Biggest IT Services M&A Deals In Q2 2024
- Crypto exchange Gemini discloses third-party data breach