vpn

Subscribe to vpn via RSS

On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis.

According to Microsoft “[D]uring this time of crisis, as

The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain access to users’ devices. The hackers are leveraging vulnerabilities in older versions of VPN applications, and if successful, the attackers can then remotely execute

The Department of Homeland Security (DHS) issued a warning on April 15, 2019, entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.”

The affected products identified by DHS are:

  • Palo Alto Networks GlobalProtect Agent

I am speaking at a conference in one of my favorite cities (okay, it’s Chicago) and I was having dinner at the bar when the patron next to me asked me what I do for a living. I am a friendly sort of person and like to meet new people, so I told her what

Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information

Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a VPN bug that could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code” and “allow an attacker to take full control of the system.”

Because the bug, known as DVE-2018-0101 is easy to

The U.S. Department of Homeland Security (DHS) recently issued a warning that Smiths Medical Medfusion 4000 wireless syringe infusion pumps contain a security vulnerability that can be exploited by hackers to alter the performance of the medical devices.

The devices are used to infuse small doses of medication to patients and are used in acute care settings. Eight different vulnerabilities have been identified in pump versions 1.1, 1.5 and 1.6. According to DHS, hackers can exploit the vulnerabilities remotely, which can cause harm to patients, and can be used to gain access to other healthcare information technology systems if they are not segmented on the healthcare organization’s network.

Smiths Medical is working with DHS to resolve the flaws in its new version, which will be released in January of 2018. Until then, Smiths recommends the following:
Continue Reading Security Vulnerabilities Identified in Wireless Syringe Infusion Pumps

By Executive Order, the Trump Administration recently reversed an Obama Administration order aimed at protecting consumer’s personal information from use by their Internet Service Provider (ISP). ISPrior to the Trump’s EO, ISPs were required to get customer’s consent before using or selling their browsing habits, online shopping habits, financial information, etc. The reversal of Obama’s protection order has caused a resurgence of interest in VPN services. In theory, using a VPN service creates an encrypted tunnel between your device and the service provider, thus keeping your browsing habits and personal information private from your ISP. However, a paper published in early 2015 by researchers at Sapienza University of Rome and Queen Mary University of London, found that 11 of the 14 providers they tested leaked customer information.
Continue Reading Virtual Private Network (VPN) Providers: How Private Are They?