In order to fulfill the basic functions of our service, the user hereby agrees to allow Xiaomi to collect, process and use personal information which shall include but not be limited to written threads, pictures, comments, replies in the Mi Community, and relevant data types listed in Xiaomi's Private Policy. By selecting "Agree", you agree to Xiaomi's Private Policy and Content Policy .
Agree

Tech

[News] Hackers are actively trying to steal passwords from two widely used VPNs

2019-08-25 02:30:08
231 5


Hi Mi Fans

Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from servers that have failed to apply critical fixes for two widely used virtual private network (VPN) products, researchers said.

The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. The pre-authorization file-reading vulnerabilities resided in the Fortigate SSL VPN, installed on about 480,000 servers, and the competing Pulse Secure SSL VPN, installed on about 50,000 machines, researchers from Devcore Security Consulting reported.

The Devcore researchers discovered other critical vulnerabilities in both products. These make it possible for attackers to, among other things, remotely execute malicious code and change passwords. Patches for the Fortigate VPN became available in May and in April for Pulse Secure. But installing the patches can often cause service disruptions that prevent businesses from carrying out essential tasks.

Internet scans performed on Saturday by security intelligence service Bad Packets show there are 2,658 Pulse Secure VPN endpoints vulnerable to flaw currently being exploited. The scans found that vulnerable endpoints belonged to a variety of sensitive organizations, including:

- US military, federal, state, and local governments agencies
- Public universities and schools
- Hospitals and health care providers
- Major financial institutions
- Other Fortune 500 companies



Spraying the Internet

Over the past 36 hours, hackers have started spraying the Internet with code that attempts to opportunistically exploit that difficulty, independent researcher Kevin Beaumont said. He said he found attacks against Fortigate servers coming from 91.121.209.213, an IP address that has a history of previous misconduct. A scan on Friday using the BinaryEdge search engine showed a new IP address, 52.56.148.178, had also begun spraying exploits for the same vulnerability.



Earlier this month, two samples of exploit code for CVE-2018-13379, as the vulnerability is tracked, became publicly available here and here. The first one actually obtains data stored on vulnerable machines, while the latter merely checks if a machine is vulnerable.

unpatched Pulse Secure servers are coming from 2.137.127.2. Exploit code became publicly available earlier this week. Troy Mursch, the independent researcher behind Bad Packets, said he also found attacks coming from 81.40.150.167 that also attempt to exploit or test for the vulnerability, which is indexed as CVE-2019-11510. In the event one of the mass scans identifies a vulnerable server, it may then exploit a code-execution flaw the Devcore researchers also discovered.

“These scans are targeting endpoints that are vulnerable to arbitrary file reading leading to sensitive information disclosure of private keys and user passwords,” Mursch told Ars. “These credentials can then be used to conduct further command injection attacks (CVE-2019-11539) and gain access to the private network allowing for further malicious activity.”



Mursch said the honeypot server he used to detect the attacks was also able to identify that the IP address 2.137.127.2 was also targeting the Pulse Secure vulnerability. He said he didn’t believe either of the IPs was operated by a researcher who was merely scanning for unpatched servers. His honeypot was unable to detect code attacking the Fortigate vulnerability. Beaumont was using a honeypot provided by BinaryEdge.

The vulnerabilities are serious because they affect a piece of software that’s required to be accessible to the Internet and that acts as a gateway to highly sensitive parts of an organization’s network. Obtaining hashed and in some cases plain-text passwords, encryption keys, and other sensitive data, could allow people to penetrate those networks. With more work, attackers who identify unpatched servers could also exploit the other vulnerabilities the Devcore researchers found. One Fortigate flaw, which they dubbed “The Magic Backdoor,” allows remote attackers who know a hard-coded key to change passwords.

Representatives from both Fortinet and Pulse Secure said the companies have been urging customers for months to patch their systems as soon as possible. Neither company could confirm or expand upon the reports of scanning coming from Beaumont and Mursch. Organizations using either of these VPNs should take time now to make sure they’re not vulnerable.

Source

Thanks for your time

2019-08-25 02:30:08
Favorites2 RateRate
I've nothing to say about "hack",but really njoy some ...
2019-08-25 07:56:26

Grand Master Bunny

Ian Adoe | from Redmi Note 5A Prime

#2

Noted...
      
2019-08-25 08:02:27

Advanced Bunny

6180329966 | from MI 9

#3

I do remember a poll a few days ago if anti-virus and security software is a waste of money. Most voted it a waste of money...
2019-08-25 15:11:40

Master Bunny

Suter | from Redmi 3

#4


Makes using a vpn a worry?
Good article, keeps us from being complacent.

2019-08-25 17:06:33

Advanced Bunny

sabai-sabai | from Mi A2 Lite

#5

6180329966
I do remember a poll a few days ago if anti-virus and security software is a waste of money. Most voted it a waste of money...

a patched device is hardly "hacked". The users need regular vaccinations :-)
2019-08-26 04:00:24
please sign in to reply.
Sign In Sign Up

Mohammed Abdalfattah

News Reporter

  • Followers

    626

  • Threads

    681

  • Replies

    6234

  • Points

    21966

3 Days Check-In
7 Days Check-In
21 Days Check-In
40 Days Check-In
70 Days Check-In
100 Days Check-In
عيد الأضحي المبارك
Mi coin
New Home
x1 طبق قطايف
x3 طبق قطايف
20K Mi Fans
30K Members
أرنب Mi عيد الربيع
المستخدم الأكثر تفاعل
Mi Love U & I
 إصدارات MIUI
Bunny Winner
Mi 9 & Mi 9 SE
Android Q
Mother's Day
هاتف  Redmi Note 7 في الفضاء
تحدي جديد للتصوير الفوتوغرافي
توقع اسم Android Q
Best Mi
Happy Mother's Day
Android Q
50K Mi Fans
Mobile Photography Lover
قصتك مع السوار الذكي Mi Band
70K Mi Fans
Challenger
40K Registered Users
Eid Mubarak
المستخدم الأكثر تفاعل
المستخدم الأكثر تفاعل
المستخدم الأكثر تفاعل
أول هاتف لك من شاومى
أمنياتكم في عيد الفطر
أجمل لحظات عيد الفطر
Eid ul-Fitr Mubarak
المستخدم الأكثر تفاعل
Brain Teaser
 اختبار شخصيات X-MEN Dark Phoenix
المستخدم الأكثر تفاعل
Tech Talent
100K Mi Fans
المستخدم الأكثر تفاعل
50K Users
MIUI Geek
Happy July
Mi 9T
Global Fans
App Maniac
My Country My Pride
Mi 9 SE
60K Registered Users
ميدالية هاتف Mi 9T
مميزات هاتف Mi 9T
Like
Check in
Reply
Favorites
Post
FortuneGlobal500
المستخدم الأكثر تفاعل
المستخدم الأكثر تفاعل
المستخدم الأكثر تفاعل
Profile Medal
Eid Al-Adha Mubarak
MIUI 9th Birthday
Global Community
Mi A3
70K
مجتمع تواصل شاومي العالمي
هاتف Redmi 7A
Mi A3
MIUI Weekly Poll
80K Medal
140%  نمو في الحصة السوقية
ضوء القمر الأبيض
هاتف Mi A3

Read moreGet new
Copyright©2016-2019 Xiaomi.com, All Rights Reserved
Content Policy
Quick Reply To Top Return to the list