"APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn"
The National Security Agency (NSA) and the National Cyber Centre (NCSC) in the United Kingdom issued alerts pertaining to the exploitation of vulnerabilities in outdated VPN technologies from Pulse Secure, Fortinet, and Palo Alto Networks by state-sponsored advanced persistence threat (APT) groups. According to the alerts, the exploitation of these vulnerabilities could allow APT actors to gain access to VPN devices, change configuration settings, run secondary exploits, and more. Officials recommend a number of mitigation techniques for these vulnerabilities, which include applying patches for VPNs, updating existing credentials, and using multi-factor authentication. This article continues to discuss the release of warnings about the abuse of flaws in unpatched VPNs, the vulnerabilities contained by outdated VPN technologies, and mitigation techniques recommended by officials.
Threatpost reports "APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn"