1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Rogue VPN servers used to spread malware via malicious updates

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 27, 2024 17:15:04
    Rogue VPN servers used to spread malware via malicious updates

    Date:
    Wed, 27 Nov 2024 17:04:10 +0000

    Description:
    Hackers can get victims to connect to a malicious VPN server, then use it to drop malware.

    FULL STORY ======================================================================Research ers from AmberWolf find two flaws in popular VPN products Flaws can be abused to get the VPNs to connect to malicious servers The servers can use the connection to steal login credentials, drop malware, and more

    Hackers have been using compromised VPN servers to steal sensitive
    information from connected VPN clients, security researchers are warning.

    Earlier this year, cybersecurity experts from AmberWolf discovered criminals were tricking people into connecting their SonicWall NetExtender and Palo
    Alto Networks GlobalProtect VPN clients to VPN servers under their control.

    The criminals were using malicious websites, or documents in social engineering and phishing, to get people to connect. Fixing the problem

    Since the vulnerable VPN clients fail to properly authenticate or verify the legitimacy of the VPN server, attackers get to impersonate trusted servers, and are allowed several malicious actions, including stealing the victims login credentials, running arbitrary code with elevated privileges,
    installing malware through software updates, and more.

    AmberWolf named the vulnerabilities NachoVPN, and reported them to the respective organizations.

    On SonicWalls side, the bug was tracked as CVE-2024-29014, and was fixed in July 2024, while on Palo Alto Networks side, it was tracked as CVE-2024-5921, and was addressed in November 2024.

    The first clean version of NetExtender Windows is 10.2.341. For Palo Alto, users should either install GlobalProtect 6.2.6, or run their VPN client in FIPS-CC mode.

    Besides reporting the bugs to SonicWall and Palo Alto Networks, AmberWolf
    also shared an open-source tool, also called NachoVPN, which simulates the attack, BleepingComputer has found.

    "The tool is platform-agnostic, capable of identifying different VPN clients and adapting its response based on the specific client connecting to it. It
    is also extensible, encouraging community contributions and the addition of new vulnerabilities as they are discovered," AmberWolf said.

    "It currently supports various popular corporate VPN products, such as Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect, and Ivanti
    Connect Secure," the company concluded in its announcement.

    Via BleepingComputer You might also like Zyxel VPN security flaw targeted by new ransomware attackers Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/rogue-vpn-servers-used-to-spread-malwar e-via-malicious-updates


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)