Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
A VPN creates an encrypted tunnel between devices and a remote network, making its configuration and flaws important to privacy and access control.
Search across headline titles and summaries.
Background for this topic.
VPN (virtual private network) creates an encrypted tunnel between a device and a VPN gateway, or between networks, across an untrusted network such as the internet. It is commonly used for remote access and site-to-site connectivity. Encryption protects traffic in transit between the tunnel endpoints, but it does not secure a compromised device, protect data after it reaches the destination, or automatically make the VPN provider trustworthy; logging and traffic visibility depend on its configuration and operator.
VPN gateways are high-value entry points: vulnerabilities in internet-facing appliances, weak protocols or configurations, and stolen credentials can enable unauthorized access to internal systems. Organizations should patch and securely configure gateways, require phishing-resistant or otherwise strong multi-factor authentication where practical, restrict access and segment remote sessions, and monitor authentication and connection logs. During an incident, VPN account and gateway records can help identify access, while compromised gateways may require credential resets and network-wide review.
Weekly headline count for the current query.
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]