The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute and download files and intercept encrypted network traffic.
The purpose of a VPN is to allow remote users to use their computer to obtain access to company systems via extremely secure connections to the local network. But apparently some companies and users have not patched the VPN application and older vulnerabilities are being targeted by attackers.
The advisory urges companies and users to update their VPN services with patches that have been issued by the service providers. The advisory illustrates the importance of staying current with patching of all applications, and this one is vitally important.