A new zero-day vulnerability is affecting various VPN brands, specifically IPVPN, MPVPN, and FatPipe WARP. Since the FBI (Federal Bureau of Investigation) already issued a warning against the latest security flaw, it seems like this security issue is quite serious.
Recently, hackers usually use zero-day flaws in popular gadgets, such as iPhones. However, it seems like this vulnerability is now expanding to more services.
In its latest forensic analysis, the FBI confirmed that the new zero-day vulnerability is being used by APT (Advanced Persistent Threat) malicious actors. However, the security department did not provide the exact details of the new hacking group.
New Zero-Day VPN Vulnerability
According to ZDNet's latest report, the attackers use the new VPN flaw to acquire access. They would then use this access to breach the unrestricted file function of the virtual private network service they are eyeing on.
Once this step is successful, the APT actors would send a webshell of exploitation activity with root access. As of the moment, the Federal Bureau of Investigation warns that the new zero-day attack could lead to possible follow-up attacks.
"Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actor," said FBI.
Right now, the department is urging system admins to enhance or upgrade their devices using VPNs as much as possible. You can click this link to see more details of the report.
Palo Alto Security Also Suffers From Zero-Day
Aside from the mentioned VPN services above, other companies are also affected by different kinds of zero-day attacks. These include Palo Alto Security Appliances.
Threat Post reported that the company's GlobalProtect firewall had been breached by the new CVE 2021-3064, a critical zero-day exploit with a rating of 9.8 severity score.
In other news, NCSC's new cybersecurity report says businesses are not taking the evolving ransomware attacks seriously. On the other hand, DuckDuckGo announced that it would provide more anonymity to its users to prevent tracking applications.
For more news updates about zero-days and other security threats, always keep your tabs open here at TechTimes.
This article is owned by TechTimes
Written by: Griffin Davis