Breaking News:

The Final Cut Reviews; Deet n Bax Save th’ World – A Stoner Comedy Starring Jason Mewes, Craig Michaelson and Weston Cage.
Deet n Bax Save the World Movie Starring Jason Mewes Premier on 4/20/2015 in Portland
Feature Film “Deet n Bax Save the World” Starring Jason Mewes to be Released on 4/20/2015 ”Deet n Bax Save the World” an Action Stoner Comedy starring Jason Mewes produced by TruEarth Entertainment.
TruEarth Entertainment to Deliver First Feature Film Starring Jason Mewes
Deet n Bax Save the World Movie – Sex, Guns & Weed!
Deet n Bax Save the World wrapped on November 4th!
Deet n Bax Save the World resumes filming this Monday in Portland Oregon!
Deet and Bax Save The World Movie Resumes Filming Soon!
Sri Lanka attack: British mother and son KILLED in blast while daughter is still missing
Man Utd boss Ole Gunnar Solskjaer threatens to AXE stars: ‘I am going to be successful’
Astronauts to wear SWIMMING GOGGLES in space – SHOCK study
FREAK WEATHER: Extreme snowstorm strikes Middle East amid ‘APOCALYPTIC’ flash flood fears
Roman Polanski sues Oscar organisers over expulsion
Ukraine election result: Who won the Ukraine presidential election? SHOCK result
Ukraine elections: Comedian Zelenskiy to become PRESIDENT following landslide victory
Sri Lanka bombings: ‘I can BEAT terrorists’ Indian PM Modi makes impassioned rally speech
HMRC tax refund: Does HMRC send you a text for tax rebate? Is this a SCAM?
Governments ‘SILENT’ on global spread of INCURABLE SUPERBUG that kills 60% of infected
TECHNOLOGY

Homeland Security warns of security flaws in enterprise VPN apps

0 1

Several enterprise virtual private networking apps are vulnerable to a security bug that can allow an attacker to remotely break into a company’s internal network, according to a warning issued by Homeland Security’s cybersecurity division.

An alert was published Friday by the government’s Cybersecurity and Infrastructure Security Agency following a public disclosure by CERT/CC, the vulnerability disclosure center at Carnegie Mellon University.

The VPN apps built by four vendors — Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks — improperly store authentication tokens and session cookies on a user’s computer. These aren’t your traditional consumer VPN apps used to protect your privacy, but enterprise VPN apps that are typically rolled out by a company’s IT staff to allow remote workers to access resources on a company’s network.

The apps generate tokens from a user’s password and stored on their computer to keep the user logged in without having to reenter their password every time. But if stolen, these tokens can allow access to that user’s account without needing their password.

But with access to a user’s computer — such as through malware — an attacker could steal those tokens and use them to gain access to a company’s network with the same level of access as the user. That includes company apps, systems and data.

So far, only Palo Alto Networks has confirmed its GlobalProtect app was vulnerable. The company issued a patch for both its Windows and Mac clients.

Neither Cisco nor Pulse Secure have patched their apps. F5 Networks is said to have known about storing since at least 2013 but advised users to roll out two-factor authentication instead of releasing a patch.

CERT warned that hundreds of other apps could be affected — but more testing was required.


Enterprise – TechCrunch

Please like & share:

Related Posts

LEAVE YOUR COMMENTS

Wad News Junior Sponsor

Join us on Facebook and Twitter!

Subscribe To Wad News


Support Wad News Shop Here!

Join Us

Enjoy this blog? Please spread the word :)