A new zero-day vulnerability is affecting various VPN brands, specifically IPVPN, MPVPN, and FatPipe WARP. Since the FBI (Federal Bureau of Investigation) already issued a warning against the latest security flaw, it seems like this security issue is quite serious.
A student from an engineering school attends, on Meudon, west of Paris, overnight on March 16, 2013, the first edition of the Steria Hacking Challenge. AFP PHOTO / THOMAS SAMSON / AFP / THOMAS SAMSON
Recently, hackers usually use zero-day flaws in popular gadgets, such as iPhones. However, it seems like this vulnerability is now expanding to more services.
In its latest forensic analysis, the FBI confirmed that the new zero-day vulnerability is being used by APT (Advanced Persistent Threat) malicious actors. However, the security department did not provide the exact details of the new hacking group.
New Zero-Day VPN Vulnerability
According to ZDNet's latest report, the attackers use the new VPN flaw to acquire access. They would then use this access to breach the unrestricted file function of the virtual private network service they are eyeing on.
(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers.
Also Read: Amazon's Ring Doorbell Just Rolled Out its Holday-Themed Greetings and Ringtones
Once this step is successful, the APT actors would send a webshell of exploitation activity with root access. As of the moment, the Federal Bureau of Investigation warns that the new zero-day attack could lead to possible follow-up attacks.
"Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actor," said FBI.
Right now, the department is urging system admins to enhance or upgrade their devices using VPNs as much as possible. You can click this link to see more details of the report.
Palo Alto Security Also Suffers From Zero-Day
Aside from the mentioned VPN services above, other companies are also affected by different kinds of zero-day attacks. These include Palo Alto Security Appliances.
Threat Post reported that the company's GlobalProtect firewall had been breached by the new CVE 2021-3064, a critical zero-day exploit with a rating of 9.8 severity score.
In other news, NCSC's new cybersecurity report says businesses are not taking the evolving ransomware attacks seriously. On the other hand, DuckDuckGo announced that it would provide more anonymity to its users to prevent tracking applications.
For more news updates about zero-days and other security threats, always keep your tabs open here at TechTimes.
Related Article: North Korea-Backed Hackers Allegedly Modify Malware to Breach US, UK, and Other Countries
This article is owned by TechTimes
Written by: Griffin Davis
