VPN
PAN-OS vuln mitigation howler: “Disabling telemetry” no help
POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work.
VPN
Palo Alto Networks: CVSS 10 bug in Pan-OS is being exploited in the wild
Patch? You'll need to wait until Sunday. Turn off telemetry (no, really; it's a mitigation!) and go to the pub. OK, maybe don't.
Fortinet
Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...
"Disable SSL VPN (disable webmode is NOT a valid workaround..."
networks
Opinion: It's time to level up the network for the hybrid workforce
"Enterprises are deploying a mix of technologies for secure remote access, including VPN, ZTNA, SD-WAN and SASE – on average respondents are using 2.3 different solutions, but..."
Cybersecurity
Ivanti VPN appliance exploitation now happening at scale
VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."
0days
Why firewalls, VPNs and hypervisors are a hacker's new favourite target
TTPs and telemetry suggest a real focus on zero days and appliances by Chinese APTs.
Zscaler
Shoddy VPNs have companies living in fear
Zscaler's latest report says the use of buggy VPNs by end-users could be putting networks at risk of attack
Cybersecurity
The slow demise of the VPN: 5 lessons from DoD's Zero Trust framework
From culture to SASE, DevSecOps to network segmentation
Cybersecurity
Hackers <3 VPN bugs: Fix this pre-auth RCE bug in SonicWall VPNs asap
Patch, patch, patch...
Cybersecurity
Critical pre-auth RCE revealed in Palo Alto Networks' GlobalProtect
Wait, what? (Patch this one urgently...)
Cybersecurity
Colonial Pipeline hackers gained access via unprotected VPN account: password leaked, no MFA
1 password leaked; 1 pipeline down...