NSA, FBI warn of bugs attackers use to attack VPN and network devices


The NSA, FBI and CISA have warned of 16 vulnerabilities in networking software from 10 brands including Cisco, Fortinet, Netgear, MikroTik, Pulse Secure and Citrix. Most vulnerabilities are classified as critical and were released between 2018 and 2021.

The alert includes exploitation of flaws affecting small business routers, Network Attached Storage (NAS) devices, and corporate VPNs. It also includes compromised specialized authentication servers used by major telecom companies and network service providers.

According to security agencies, the hackers exploiting the flaw work for China, and the campaign is part of a broader effort to steal and manipulate network traffic.

To protect against such vulnerabilities, authorities recommend patching affected devices, removing or isolating vulnerable devices from the network, and replacing obsolete hardware.

Other security measures include disabling unused or unnecessary services,…


Source link

Leave a Reply