Stories
Slash Boxes
Comments

SoylentNews is people

American Intelligence Follows British Lead in Warning of Serious VPN Vulnerabilities

posted by Fnord666 on Saturday October 12 2019, @05:46PM   Printer-friendly
from the like-father-like-son dept.
Security

upstart writes:

Submitted via IRC for Bytram

American intelligence follows British lead in warning of serious VPN vulnerabilities

The US National Security Agency (NSA) is warning admins to patch a set of months-old security bugs that have recently come under active attack.

The NSA's bulletin, issued earlier this week, says that state-sponsored hacking groups are now actively targeting the remote takeover and connection hijacking flaws in VPNs that were first publicized in April of this year.

"These vulnerabilities allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Other vulnerabilities in the series allow for interception or hijacking of encrypted traffic sessions," the NSA warned.

"Exploit code is freely available online via the Metasploit framework, as well as GitHub. Malicious cyber actors are actively using this exploit code."

Original Submission

This discussion has been archived. No new comments can be posted.
American Intelligence Follows British Lead in Warning of Serious VPN Vulnerabilities | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Insightful) by opinionated_science on Saturday October 12 2019, @06:39PM

    by opinionated_science (4031) on Saturday October 12 2019, @06:39PM (#906402)

    uses RSA keys, so as long as they are not easy to break, a pretty good tool.

    Also, *way* less complicated than openvpn, which we used to use...!

  • (Score: 2, Insightful) by fustakrakich on Saturday October 12 2019, @07:37PM (3 children)

    by fustakrakich (6150) on Saturday October 12 2019, @07:37PM (#906411) Journal

    Now the arsonist has to be the fireman.

    --
    La politica e i criminali sono la stessa cosa..

    • (Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:20PM (2 children)

      by Anonymous Coward on Sunday October 13 2019, @12:20PM (#906592)

      It is perhaps possible, if not plausible, to distinguish between the threat and consequences of a fire at the bottom of a hill and the houses at the top.

      • (Score: 2, Interesting) by khallow on Sunday October 13 2019, @02:11PM

        by khallow (3766) Subscriber Badge on Sunday October 13 2019, @02:11PM (#906612) Journal
        Perhaps. But you still have to wonder about motive, and who started that fire at the bottom of the hill in the first place. The NSA has deliberately broken [columbia.edu] encryption standards/software before and currently insists on neutering all civilian encryption software.

        How do we know they're sincere this time when it's perhaps another move in their SIGINT game?

      • (Score: 1) by fustakrakich on Sunday October 13 2019, @04:54PM

        by fustakrakich (6150) on Sunday October 13 2019, @04:54PM (#906656) Journal

        You don't understand. The NSA lit the fire. They were caught. Now they need to cover up with this "warning"

        --
        La politica e i criminali sono la stessa cosa..

  • (Score: 2, Funny) by Anonymous Coward on Saturday October 12 2019, @07:55PM (3 children)

    by Anonymous Coward on Saturday October 12 2019, @07:55PM (#906417)

    Is that still a thing?

    • (Score: 3, Touché) by MostCynical on Saturday October 12 2019, @08:10PM

      by MostCynical (2589) on Saturday October 12 2019, @08:10PM (#906419) Journal

      Sign says that on the door..

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

    • (Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:27AM (1 child)

      by Anonymous Coward on Sunday October 13 2019, @12:27AM (#906474)

      Not in your house.

      • (Score: 0) by Anonymous Coward on Sunday October 13 2019, @05:35AM

        by Anonymous Coward on Sunday October 13 2019, @05:35AM (#906543)

        Why. So. SERIOUS???

  • (Score: 0) by Anonymous Coward on Sunday October 13 2019, @12:23AM

    by Anonymous Coward on Sunday October 13 2019, @12:23AM (#906473)

    So a gaggle of "vpn" like things leave cookies that can be used to decrypt sessions? And some proprietary junk has remote code vulnerabilities? Whatever will we do?

    If the NSA is alerting about it, the usefulness of this particular back door must be done.

    Funny how this isn't a problem with openvpn.

(1)