CSO and VPN - Cyber Security Informer

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

CSO Magazine

APRIL 20, 2021

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure. Sign up for CSO newsletters. ]. .

VPN

VPN CSO Hacking Authentication

7 VPN alternatives for securing remote network access

CSO Magazine

OCTOBER 11, 2021

Learn the 5 key tasks to optimize VPNs for security. | Get the latest from CSO by signing up for our newsletters. ] Since then, it has become the norm for large numbers of employees to regularly work from home, with many only going to the office sporadically (if at all). To read this article in full, please click here

VPN

VPN CSO

Espionage campaign loads VPN spyware on Android devices via social media

CSO Magazine

NOVEMBER 3, 2022

A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. To read this article in full, please click here

VPN

VPN Spyware Media Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

How to choose the best VPN for security and privacy

CSO Magazine

APRIL 21, 2022

And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments, such as that shown by Cloudflare’s data on VPN usage. To read this article in full, please click here

VPN

VPN Government

SonicWall warns customers about zero-day vulnerabilities

CSO Magazine

JANUARY 25, 2021

Sign up for CSO newsletters. ]. Initially the company suspected that several of its Secure Mobile Access (SMA) series physical and virtual appliances, as well as the NetExtender VPN client and SonicWall firewalls were vulnerable. However, after further investigation, the list of vulnerable products was revised Saturday.

CSO

CSO Firewall VPN Manufacturing

Attackers deploy sophisticated Linux implant on Fortinet network security devices

CSO Magazine

JANUARY 13, 2023

Remote code execution in FortiOS SSL-VPN. The vulnerability, tracked as CVE-2022-42475 , is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.

Network Security

Network Security VPN Authentication Government

4 tips to prevent easy attacker access to Windows networks

CSO Magazine

JUNE 23, 2021

With the recent Colonial Pipeline attack , the initial infection point was reportedly an old, unused, but still open VPN account. The VPN account did not have two-factor authentication ( 2FA ) enabled, allowing the attacker to merely log in.

VPN

VPN Accountability Phishing Authentication

BrandPost: Mercury Financial gains a competitive advantage with zero trust

CSO Magazine

MAY 4, 2023

Its transformation overhaul was driven by three reasons: compliance with financial services regulations like PCI DSS, replacing traditional VPN technology to improve user experiences and traffic visibility, and strengthening security controls to its Amazon Web Services (AWS) environment. To read this article in full, please click here

Financial Services

Financial Services VPN Architecture Technology

BrandPost: Remote Work Opens Up New Vulnerabilities

CSO Magazine

FEBRUARY 8, 2021

With most companies forced to transition to remote work, even employees far removed from IT are now actively relying on VPN gateways to secure interactions with co-workers, partners, and clients. The US Cybersecurity and Infrastructure Security Agency (CISA) has documented a number of attacks through vulnerabilities in VPN gateways.

VPN

VPN Government Software Hacking

New ransomware group CACTUS abuses remote management tools for persistence

CSO Magazine

MAY 8, 2023

In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) tools to achieve persistence on the network.

Ransomware

Ransomware VPN Cyber threats Encryption

BrandPost: In an Increasingly Dangerous Cyberspace, MFA Is Not Optional

CSO Magazine

OCTOBER 18, 2022

for days, began with attackers using a stolen password to gain access to a legacy VPN system. In an all-too-familiar pattern, last year’s Colonial Pipeline ransomware attack, which crippled the delivery of fuel supplies to the Southeastern U.S. That was underscored by a recent joint alert from the U.S.

VPN

VPN Passwords Cybersecurity Ransomware

PureVPN introduces quantum-resistant feature to enhance security, tackle threats

CSO Magazine

APRIL 26, 2022

Virtual private network (VPN) provider PureVPN has introduced a quantum-resistant feature to its OpenVPN protocol to provide users with more security and privacy for the post-quantum world.

VPN

VPN Encryption

BrandPost: Why Bad Actors Target VPNs, and What Can Be Done to Stop Attacks

CSO Magazine

NOVEMBER 5, 2021

In reality, however, many of the DDoS attacks waged against enterprises target components that have long been a part of the network—things such as virtual private network (VPN) devices, firewalls, load balancers and other edge devices. Such devices contain state information used to route and manage traffic.

DDOS

DDOS VPN Firewall Technology

BrandPost: 7 Key Considerations Before Purchasing a SASE Solution

CSO Magazine

DECEMBER 9, 2022

These malicious hackers were then able to infiltrate networks by hijacking encrypted VPN tunnels. Cybercriminals moved quickly from attacking the corporate network to targeting poorly defended remote and non-traditional workplaces. To read this article in full, please click here

VPN

VPN Encryption Authentication Ransomware

BrandPost: Four Essential SASE Security Must-haves

CSO Magazine

APRIL 5, 2021

This also degrades the user experience of those remote workers that still rely on conventional, virtual private network (VPN)-only solutions to access the network. This has resulted in a growing gap between network functionality and security coverage, exposing organizations to more points of compromise.

VPN

VPN Cybersecurity

BrandPost: Today’s New Business Normal Creates Threat Opportunities

CSO Magazine

SEPTEMBER 2, 2021

IT departments rushed to install, expand, or upgrade remote desktop access (RDA) servers, virtual private network (VPN) concentrators , and remote access routers to meet surging workforce demand for remote access to data centers. For many, this triggered an increased reliance on remote-access infrastructure and cloud-delivered services.

DNS

DNS VPN Software

Researchers show techniques for malware persistence on F5 and Citrix load balancers

CSO Magazine

NOVEMBER 9, 2022

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks.

Firmware

Firmware Malware VPN

BrandPost: Building Network Efficiency at Hundreds of Locations Worldwide with Fortinet Secure SD-WAN

CSO Magazine

AUGUST 30, 2021

Previously, the company relied on a hub-and-spoke wide-area network (WAN) architecture that used a combination of two managed IP MPLS VPN links and broadband, one MPLS and two broadband, or one broadband and 4G depending on location.

VPN

VPN Architecture Manufacturing Firewall

BrandPost: What It Takes to Implement Zero Trust With Employees Working From Home

CSO Magazine

FEBRUARY 23, 2021

Traditionally, the way IT dealt with ensuring identity was by forcing users to access the network via a virtual private network (VPN). However, with the global pandemic forcing many users to work from home, VPNs quickly proved to be unscalable and caused performance issues. To read this article in full, please click here

Digital transformation

Digital transformation VPN Authentication Technology

Security Roundup October 2023

BH Consulting

OCTOBER 15, 2023

It found the most common intrusion tactics are phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing, and exploiting Virtual Private Network (VPN) vulnerabilities. MORE Joe Sullivan, Uber’s CSO during its data breach, shares his perspective. MORE Have you signed up to our monthly newsletter?

Ransomware

Ransomware Data breaches CSO Cyber Attacks

Best advice for responding to today's biggest cyber threats

CSO Magazine

APRIL 6, 2022

They will merely hop on another VPN and come in from another location. Blocking traffic from Russia and Belarus may help you limit noise from your log files, and if you run a customer-facing website, from trolls and spam comments, but blocking their location will not slow a dedicated attacker.

Cyber threats

Cyber threats VPN Technology Risk

BrandPost: Using TLS to Avoid Detection is On the Rise

CSO Magazine

JUNE 30, 2021

TLS has historically served as the underpinning for VPN technology. TLS, also known as HTTPS, is a form of network traffic encryption that has grown in use over recent years, according to Dan Schiappa, Sophos Chief Product Officer.

VPN

VPN Encryption Malware Internet

Pulse Secure: New Deadline for Government to Patch

SecureWorld News

APRIL 22, 2021

Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices. And Pulse Secure's CSO says the company is doing all it can to prevent one: "A secure computing environment is more important each and every day to how we work and live, as threats evolve and emerge.

Government

Government CSO Software VPN

Security Roundup November 2021

BH Consulting

NOVEMBER 11, 2021

A report by Restore Privacy found that some untrustworthy companies are not just buying VPNs to consolidate the industry, but also snapping up the ‘review’ sites that rank them highly. Its analysis claims most VPN users don’t realise these sites are recommending apps that share the same parent company.

Ransomware

Ransomware CSO Surveillance VPN

Cybersecurity First: #BeCyberSmart at Work and Home

Security Through Education

OCTOBER 27, 2021

Connect to a secure network and use a company-issued Virtual Private Network (VPN). Typically, corporate networks are equipped with firewalls, a Chief Security Officer (CSO), and a whole cybersecurity department to keep them safe. Lock down your login. Keep your personal and corporate devices on separate Wi-Fi networks.

Cybersecurity

Cybersecurity Social Engineering Firewall Engineering

The Rise of an Overlooked Crime – Cyberstalking

Security Affairs

AUGUST 29, 2018

With a specialized cyber security tool such as a VPN , anyone can become completely anonymous and invisible online, making it impossible for anyone to detect your presence or activities. They can even hack into your webcam and watch you live, without you knowing about it. About Author: Anas Baig is a Cybersecurity & Tech Writer.

Identity Theft

Identity Theft Internet Internet Surveillance

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

The Last Watchdog

DECEMBER 14, 2023

Instead of arguing about MFA strength, VPN vendor, or nation-state treat actors, let’s finish our conversation about using dedicated administrator accounts and unique passwords. Richard Bird , CSO, Traceable AI Bird The bad guys are showing no restraint in exploiting API security weakness to their advantage.

Cybersecurity

Cybersecurity Risk Cyber threats CSO

Okta admits 366 customers may have been impacted by LAPSUS$ breach

Malwarebytes

MARCH 23, 2022

In an article on Okta’s website , CSO David Bradbury provided a timeline of the incidents which took place in January. For example, on 10 March, it said it was looking to recruit tech company “employees/insiders” who were prepared to provide remote access, such as VPN or Citrix access. Okta’s statement.

CSO

CSO Engineering Passwords VPN

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

CSO Magazine

MARCH 20, 2023

“While ForgeRock already offers passwordless authentication for mobile and web applications, the new Enterprise Connect Passwordless authentication extends passwordless capabilities to common enterprise infrastructure like workstations, databases, servers, and VPN s,” said Peter Barker, ForgeRock's chief product officer.

Authentication

Authentication VPN Mobile Passwords

Cyber Security Informer

Spy groups hack into companies using zero-day flaw in Pulse Secure VPN

7 VPN alternatives for securing remote network access

Webinars

Trending Sources

Espionage campaign loads VPN spyware on Android devices via social media

Webinars

How to choose the best VPN for security and privacy

SonicWall warns customers about zero-day vulnerabilities

Attackers deploy sophisticated Linux implant on Fortinet network security devices

4 tips to prevent easy attacker access to Windows networks

BrandPost: Mercury Financial gains a competitive advantage with zero trust

BrandPost: Remote Work Opens Up New Vulnerabilities

New ransomware group CACTUS abuses remote management tools for persistence

BrandPost: In an Increasingly Dangerous Cyberspace, MFA Is Not Optional

PureVPN introduces quantum-resistant feature to enhance security, tackle threats

BrandPost: Why Bad Actors Target VPNs, and What Can Be Done to Stop Attacks

BrandPost: 7 Key Considerations Before Purchasing a SASE Solution

BrandPost: Four Essential SASE Security Must-haves

BrandPost: Today’s New Business Normal Creates Threat Opportunities

Researchers show techniques for malware persistence on F5 and Citrix load balancers

BrandPost: Building Network Efficiency at Hundreds of Locations Worldwide with Fortinet Secure SD-WAN

BrandPost: What It Takes to Implement Zero Trust With Employees Working From Home

Security Roundup October 2023

Best advice for responding to today's biggest cyber threats

BrandPost: Using TLS to Avoid Detection is On the Rise

Pulse Secure: New Deadline for Government to Patch

Security Roundup November 2021

Cybersecurity First: #BeCyberSmart at Work and Home

The Rise of an Overlooked Crime – Cyberstalking

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 2)

Okta admits 366 customers may have been impacted by LAPSUS$ breach

ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises

Stay Connected