trending news

This VPN and Windows 10 bug combo is every organization’s nightmare

trending news
Read Time:1 Minute, 47 Second

By chaining vulnerabilities in VPN services and Windows 10 together, hackers have managed to gain access to government networks according to a new joint security alert released by the FBI and CISA.

These attacks have targeted federal as well as state, local, tribal and territorial (SLTT) government networks, though non-government networks have also been targeted.

The FBI and CISA warned in their joint cybersecurity advisory that information about the 2020 election could be at risk from hackers accessing these government networks, saying:

“Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks. CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.”

READ  Medicare For All Touted as 'Common Sense' and 'Fair' on Kal Penn Election Show

Exploiting multiple vulnerabilities

The joint alert revealed that hackers are combining a vulnerability in the Fortinet ForitOS Secure Socket Layer (SSL) VPN, tracked as CVE-2018-13379, and the Zerlogon vulnerability in Windows 10’s Netlogon protocol, tracked as CVE-2020-1472, to launch this recent wave of attacks.

While the vulnerabilities in Fortinet’s VPN software provide hackers with initial access to a network, Zerologon allows them to gain complete control over a targeted network by taking over domain controllers which are servers used to manage a network and often contain the passwords for all connected workstations.

The FBI and CISA’s joint alert didn’t name the hackers behind this new wave of attack outright but it did say they were “advanced persistent threat (APT) actors” which means they are likely state-sponsored hackers.

READ  Tiger Shroffâs reply to a young fan proves heâs the perfect role model for kids

To avoid falling victim to these attacks, the agencies recommend that both public sector and private sector organizations update their systems immediately as patches have been available for months. However, by failing to install them, organizations have left themselves and their networks open to attack.

  • We’ve also highlighted the best VPN services

Via ZDNet

Source link

The post This VPN and Windows 10 bug combo is every organization’s nightmare appeared first on nextbreakingnews.

Visit Source

Leave a Reply

Your email address will not be published. Required fields are marked *