Connect with us


VPN users: If you’re on Fortinet, Palo Alto, Pulse Secure, patch now, warns spy agency



Chinese hackers are scanning the internet for Fortinet and Pulse Secure VPN servers
Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers.

If your employees are using virtual private networks (VPNs) from Fortinet, Palo Alto, or Pulse Secure, you really need to patch the products and search through system logs for signs of compromise. 

As ZDNet reported in September, a group of Chinese state-backed hackers known as APT5 have been attacking enterprise VPN servers using Fortinet and Pulse Secure products. 

But APT5 might not be the only state-sponsored hacking group attempting to use the flaws. The UK’s National Cyber Security Centre (NCSC), a unit of UK spy agency GCHQ, is now warning organizations that Palo Alto’s GlobalProtect portal and GlobalProtect Gateway interface products are also under attack by state-sponsored attackers.

“This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business, and healthcare. These vulnerabilities are well documented in open source,” NCSC warns. 

NCSC highlights six of the highest-impact vulnerabilities across the products that are being exploited by APT groups. 

Patches for each vulnerability are available, and the agency is recommending admins update immediately to avoid compromise because exploit code for the bugs is available on the internet. 

Some of the bugs were detailed at Black Hat USA in August, shortly before attacks on Fortinet and Pulse Secure were first detected. 

The VPN flaws would allow attackers to gain authentication credentials that can be used to connect to the VPN and change configuration settings or provide privileges to use additional exploits to gain a root shell.

The bugs include two flaws affecting the Pulse Connect Secure VPN, CVE-2019-11510 and CVE-2019-11539; three vulnerabilities in Fortinet’s Fortigate devices, CVE-2018-13379, CVE-2018-13382 and CVE-2018-13383; and a critical remote code execution bug in Palo Alto’s GlobalProtect portal and GlobalProtect Gateway interface products, CVE-2019-1579.

In light of the attacks, the NCSC has provided detailed and product-specific instructions for admins to check logs for signs of past exploitation. 

For example, for CVE-2019-11510 affecting Pulse Secure, it suggest search logs for “URLs containing ? and ending with /dana/html5acc/guacamole/ (Regular Expression: ?.*dana/html5acc/guacamole/)”.

“If any are found dated before the patch was applied, it may indicate a compromise. The matching string will contain the name of the file the attacker attempted to read,” it notes. 

The Fortinet bug CVE-2018-13379 may have been exploited if admins find that sslvpn_websession was downloaded. The file is at least 200kB in size and contains the usernames and passwords of active users. 

For Palo Alto VPNs, it recommends searching logs for past crashes, which may have been caused by failed exploit attempts. 

The NCSC is recommending organizations targeted by state-backed hackers to check all VPN settings and carry out checks on logs for services such as email that users connect to the network through a VPN.

It also recommends wiping devices if they may have been compromised. Additionally, organizations should implement two-factor authentication for VPNs and disable unnecessary functionality and ports on the VPN. 

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Major tire recall issued by Cooper Tire & Rubber Co.



Many years ago, a major recall was issued on Firestone tires that were failing and causing accidents that were sometimes fatal. Recalls in the automotive industry aren’t uncommon, and Cooper Tire & Rubber Co. has now issued a tire recall the covers more than 430,000 light truck tires in the US. The tires are being recalled due to sidewall bulges that could lead to tire failure.

Cooper says the recall covers only certain Discoverer, Evolution, Courser, Deegan, Adventurer, Hercules, Back Country, Multi-Mile, Wild Country, and Big O tires in multiple sizes. Some of those tires are also commonly used on Jeeps and other off-road vehicles as upgrades to factory rubber. Sidewall bulges pose a risk of sidewall separation that would make the tires lose air rapidly and increase the crash risk.

Cooper reports there has been no property damage, death, or injury due to the problem. The recall is expected to begin on March 25, and owners of the tires will be notified. Dealers will replace the tires at no cost. It’s unclear if there is any sort of caveat to the free replacement, such as miles or tire condition.

Some who’ve been using these tires for a while might find the recall results in newer and fresher tires. Having a blowout at high-speed certainly poses the risk of accidents and even death. Recently, automaker Hyundai issued a massive recall on electrified vehicles due to a potential risk of fire.

Reports indicate the recall in Hyundai’s instance will cost as much as $900 million and will see the automaker replacing battery systems in about 82,000 electric cars around the world. That particular recall was among the first for electric vehicles and will show how automakers and battery makers will work together for electric vehicle recalls in the future.

Continue Reading


Rumor claims Mercedes-AMG C63 will go hybrid



One of the hottest AMG cars made by Mercedes-AMG is the C63. This car has traditionally had a big burly V-8 engine under the hood, making gobs of power. A new rumor has surfaced that claims that will change with the V-8 engine out and a hybrid four-cylinder powertrain in.

Automotive enthusiasts know that means an exhaust note that will lack the throaty rumble of the V-8 engine, but the hybridized four-cylinder will reportedly have massive amounts of power. What’s expected to live under the hood of the car is the AMG M139 turbocharged engine, which is used in the A45 S, combined with an electric rear-wheel-drive unit and integrated starter generator.

The turbocharger used on the four-cylinder also has electric assistance to reduce lag and improve throttle response. When all the electric and gas power is combined, rumor has it total output will be over 550 horsepower with maximum torque up to 590 pound-foot. The car will have active all-wheel drive, but a Drift mode will be standard for those who feel like putting on a smoke show.

All that power goes to the road via a nine-speed sport transmission, and the car will feature adaptive suspension and staggered tires. The vehicle will use a 400-volt electrical architecture rather than the 48-volt system used in other C-Class cars. Another interesting tidbit is that the car is tipped to drive about 40 miles on electricity alone.

One downside with hybridizing cars is the additional weight, with reports indicating the electric components add about 250 kilograms pushing the car close to 2000 kilograms overall. The upside is the smaller four-cylinder engine is reportedly 60 kilograms lighter than the outgoing V-8, and the vehicle will have a 50:50 weight distribution. The car is expected the land in the UK in early 2022, with the reveal by the end of the year.

Continue Reading


2021 Jeep Grand Cherokee L starts at $37,000



Many SUV fans and Jeep fans are excited to hear that an all-new three-row Grand Cherokee was coming. Jeep has officially announced the starting prices for the all-new 2021 Jeep Grand Cherokee L line, including the entry-level Laredo, Limited, Overland, and Summit models. This vehicle marks the first three-row Grand Cherokee Jeep has ever offered.

The Laredo trim will start at $36,995 and promises a host of standard safety features. Standard features include adaptive cruise control and blind-spot monitoring along with all new LED exterior lighting, leather-wrapped steering wheel, tip and slide second-row seats, and a 10.25-inch frameless digital driver cluster with customizable menu options.

The next step up the ladder is the Limited model starting at $43,995. It includes Capri leather seats, a heated steering wheel, standard heated seats in the first two rows, remote start, and a power liftgate. The Overland model starts at $52,995, and 4×4 versions of this model include the Jeep Quadra-Trac II system and a unique Overland appearance.

Overland models get Nappa leather seats and door panels, standard ventilated front seats, premium navigation, LED ambient lighting, length adjustable front-row cushions, hands-free foot-activated power liftgate, and a dual-pane sunroof. Overland buyers can also opt for the optional Trail Rated-Road Group on 4×4 versions that adds skid plates, electronic limited-slip differential, 18-inch wheels, and all-season tires.

The Summit model starts at $56,995 and packs quilted leather seats, real wood veneers, 16-way adjustable front-row seats, and much more. The Summit Reserve starts at $61,995 and features quilted Palermo leather, open-pore waxed walnut wood trim, ventilated second-row seats, and a 950 Watt McIntosh audio system. None of the MSRP’s include the $1695 destination charge.

Continue Reading