New Zero-Day VPN Vulnerability Affects Various Brands | FBI Says Flaw May Lead to Follow-Up Attack

A new zero-day vulnerability is affecting various VPN brands, specifically IPVPN, MPVPN, and FatPipe WARP. Since the FBI (Federal Bureau of Investigation) already issued a warning against the latest security flaw, it seems like this security issue is quite serious.

New Zero-Day VPN Vulnerability Affects Various Brands | FBI says Flaw Could Lead to Follow-Up Attack
A student from an engineering school attends, on Meudon, west of Paris, overnight on March 16, 2013, the first edition of the Steria Hacking Challenge. AFP PHOTO / THOMAS SAMSON / AFP / THOMAS SAMSON Photo credit should read THOMAS SAMSON/AFP via Getty Images

Recently, hackers usually use zero-day flaws in popular gadgets, such as iPhones. However, it seems like this vulnerability is now expanding to more services.

In its latest forensic analysis, the FBI confirmed that the new zero-day vulnerability is being used by APT (Advanced Persistent Threat) malicious actors. However, the security department did not provide the exact details of the new hacking group.

New Zero-Day VPN Vulnerability

According to ZDNet's latest report, the attackers use the new VPN flaw to acquire access. They would then use this access to breach the unrestricted file function of the virtual private network service they are eyeing on.

New Zero-Day VPN Vulnerability Affects Various Brands | FBI says Flaw Could Lead to Follow-Up Attack
(FILES) In this file photo taken on August 04, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - As the number of online devices surges and super-fast 5G connections roll out, record numbers of companies are offering up to seven-figure rewards to ethical hackers. Photo by NICOLAS ASFOURI/AFP via Getty Images

Once this step is successful, the APT actors would send a webshell of exploitation activity with root access. As of the moment, the Federal Bureau of Investigation warns that the new zero-day attack could lead to possible follow-up attacks.

"Exploitation of this vulnerability then served as a jumping-off point into other infrastructure for the APT actor," said FBI.

Right now, the department is urging system admins to enhance or upgrade their devices using VPNs as much as possible. You can click this link to see more details of the report.

Palo Alto Security Also Suffers From Zero-Day

Aside from the mentioned VPN services above, other companies are also affected by different kinds of zero-day attacks. These include Palo Alto Security Appliances.

Threat Post reported that the company's GlobalProtect firewall had been breached by the new CVE 2021-3064, a critical zero-day exploit with a rating of 9.8 severity score.

In other news, NCSC's new cybersecurity report says businesses are not taking the evolving ransomware attacks seriously. On the other hand, DuckDuckGo announced that it would provide more anonymity to its users to prevent tracking applications.

For more news updates about zero-days and other security threats, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics