Showing only posts tagged VPN. Show all posts.

Single point of software failure could hamstring 15K car dealerships for days

Source

Enlarge / Ford Mustang Mach E electric vehicles are offered for sale at a dealership on June 5, 2024, in Chicago, Illinois. (credit: Scott Olson / Getty Images) CDK Global touts itself as an all-in-one software-as-a-service solution that is "trusted by nearly 15,000 dealer locations." One connection, over an always-on …

Ivanti CEO pledges to “fundamentally transform” its hard-hit security model

Source

Enlarge (credit: Getty Images) Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent months, has pledged a "new era," one that "fundamentally transforms the Ivanti security operating model" backed by "a significant investment" and full board support. CEO Jeff Abbott's open letter promises …

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Source

Enlarge (credit: Getty Images ) Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday. Ivanti reported bare-bones details concerning the zero-days …

iOS VPNs have leaked traffic for more than 2 years, researcher claims

Source

Enlarge (credit: Getty Images) A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs as a user might expect, a potential security issue the device maker has known about for years. Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly …

Authenticate AWS Client VPN users with AWS Single Sign-On

Source

AWS Client VPN is a managed client-based VPN service that enables users to use an OpenVPN-based client to securely access their resources in Amazon Web Services (AWS) and in their on-premises network from any location. In this blog post, we show you how you can integrate Client VPN with …

How to restrict IAM roles to access AWS resources from specific geolocations using AWS Client VPN

Source

You can improve your organization’s security posture by enforcing access to Amazon Web Services (AWS) resources based on IP address and geolocation. For example, users in your organization might bring their own devices, which might require additional security authorization checks and posture assessment in order to comply with …

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

Source

More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. [...]

Backdoor in Zyxel Firewalls and Gateways

Source

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. [...] Installing patches removes the backdoor account, which, according to Eye …