NCSC Warns that APT Hacker Groups Exploiting Vulnerabilities in Popular Enterprise VPN

APT groups exploiting vulnerabilities in popular enterprise VPN products to retrieve arbitrary files that include login credentials, change configuration settings, or connect to further internal infrastructure.

According to the National Cyber Security Centre (NCSC) research, threat actors actively attacking the UK and International organizations. The vulnerability affecting following VPN products Pulse secure, Palo Alto and Fortinet.

Enterprise VPN Vulnerabilities

The vulnerabilities exist in the VPN allows an unauthenticated attacker to retrieve the arbitrary files, including the one that contains login credentials.

By having the login credentials attackers can get connected with the VPN network and change the network configuration or further penetrate the network. Attackers can also escalate privilege and also can execute secondary arbitrary code to gain toot access.

The following are the highest-impact vulnerabilities exploited by the APT groups.

Pulse Connect Secure:

Fortinet:

  • CVE-2018-13379: Pre-auth arbitrary file reading
  • CVE-2018-13382: Allows an unauthenticated attacker to change the password
  • of an SSL VPN web portal user.
  • CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto:

The attack targets several industry sectors including government, military, academic, business and healthcare.

Pulse SecurePalo Alto and Fortinet already released patches to fix these vulnerabilities. Users are recommended to apply patches and reset authentication credentials that associated with the VPN.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

2 days ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

2 days ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

2 days ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

2 days ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

2 days ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

2 days ago