The FBI issued a warning stating that the Advanced Persistent Threat Groups (APTs) exploited a zero-day flaw in FatPipe’s virtual private network to break through companies and gain access to internal networks. The FBI stated that the threat groups have been exploiting the zero-day vulnerability since at least May. The FBI conducted a forensic analysis that uncovered the exploitation of the vulnerability that was patched this week. The fault lies in the device software for FatPipe’s WARP WAN redundancy product, its MPVPN router clustering device, and its IPVPN load balancing device for VPNs. The products offer a variety of services and are typically installed and used on network perimeters to enable employees to remotely access internal apps over the Internet.

The products work partly as gateways, partly as firewalls. The FBI warning stated that the bug allowed APT actors to take advantage of a file upload feature in the buggy firmware, eventually leading to Web …



Source link

Leave a Reply