Check Point warned that threat actors are targeting their Remote Access VPN devices in an ongoing campaign to breach enterprise networks.
Remote Access is included in all Check Point network firewalls. It can be set up as a client-to-site VPN for accessing corporate networks using VPN clients, or as an SSL VPN Portal for web-based access.
By infosecbulletin
/ Saturday , September 28 2024
Meta was fined over $100 million by the EU privacy regulator on Friday due to a security issue with Facebook...
Read More
By infosecbulletin
/ Friday , September 27 2024
Microsoft cybersecurity researchers found that the "Storm-0501" ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is...
Read More
By infosecbulletin
/ Friday , September 27 2024
Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all...
Read More
By infosecbulletin
/ Friday , September 27 2024
Cybersecurity researchers at ThreatFabric have identified a new and more dangerous variant of the Octo banking malware, called "Octo2." This...
Read More
By infosecbulletin
/ Friday , September 27 2024
To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on...
Read More
By infosecbulletin
/ Friday , September 27 2024
An intergovernmental group urged the financial sector on Wednesday to prepare for potential threats from advancements in quantum computing. The...
Read More
By infosecbulletin
/ Thursday , September 26 2024
A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense,...
Read More
By infosecbulletin
/ Thursday , September 26 2024
India's Bharti Airtel has launched India's first AI-powered solution that detects spam calls and messages, alerting customers in real-time. The...
Read More
By infosecbulletin
/ Wednesday , September 25 2024
The White Snake malware has been updated to take advantage of a new feature in the latest Google Chrome version....
Read More
By infosecbulletin
/ Tuesday , September 24 2024
Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024,...
Read More
Attackers are focusing on security gateways with outdated local accounts. They are using insecure password-only authentication instead of more secure certificate authentication, which can help prevent breaches.
“We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,” the company said.
A Check Point spokesperson told international media that, “We’ve seen 3 such attempts, and later when we further analysed it with the special teams we assembled, we saw what we believe are potentially the same pattern (around the same number). So – a few attempts globally all in all but enough to understand a trend and especially- a quite straightforward way to ensure it’s unsuccessful,”.
To defend against these ongoing attacks, Check Point advised customers to check for vulnerable accounts on Quantum Security Gateway, CloudGuard Network Security products, and on Mobile Access and Remote Access VPN software blades.
Customers should consider changing their user authentication method to more secure options or deleting vulnerable local accounts from the Security Management Server database.
The company released a Security Gateway hotfix that blocks local accounts from using weak passwords for authentication. This prevents those accounts from logging into the Remote Access VPN.