Top Categories

Spotlight

Major crypto projects at risk as Squarespace domain breach unfolds

todayJuly 13, 2024

Computer Forensic Sewa

Major crypto projects at risk as Squarespace domain breach unfolds

Digital Forensics: Major crypto projects at risk as Squarespace domain breach unfolds Oluwapelumi Adejumo · 15 hours ago · 2 min read Security experts recommend that projects enhance their protection by enabling 2FA on Squarespace. 2 min read Updated: Jul. 12, 2024 at 10:09 pm UTC Cover art/illustration via CryptoSlate. [...]

Top Voted
Sorry, there is nothing for the moment.

Norway recommends replacing SSL VPN to prevent breaches

Computer Forensic Expert Sewa todayJune 30, 2024

Background
share close

Computer Forensics Company:

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.

The organization recommends that the transition be completed by 2025, while organizations subject to the ‘Safety Act’ or those in critical infrastructure should adopt safer alternatives by the end of 2024.

NCSC’s official recommendation for users of Secure Socket Layer Virtual Private Network (SSL VPN/WebVPN) products is to switch to Internet Protocol Security (IPsec) with Internet Key Exchange (IKEv2).

SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user’s device and the VPN server using an “encryption tunnel.”

IPsec with IKEv2 secures communications by encrypting and authenticating each packet using a set of periodically refreshed ke

“The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security (IPsec) with Internet Key Exchange (IKEv2),” reads the NCSC announcement.

While the cybersecurity organization admits IPsec with IKEv2 isn’t free of flaws, it believes switching to it would significantly reduce the attack surface for secure remote access incidents due to having reduced tolerance for configuration errors compared to SSLVPN.

The proposed implementation measures include:

  • Reconfiguring existing VPN solutions or replacing them
  • Migrating all users and systems to the new protocol
  • Disabling SSLVPN functionality and blocking incoming TLS traffic
  • Using certificate-based authentication

Where IPsec connections are not possible, the NCSC suggests using 5G broadband instead.

Meanwhile, NCSC has also shared interim measures for organizations whose VPN solutions do not offer the IPsec with IKEv2 option and need time to plan and execute the migration.

These include implementing centralized VPN activity logging, strict geofencing restrictions, and blocking access from VPN providers, Tor exit nodes, and VPS providers.

Other countries have also recommended using IPsec over other protocols, including the USA and the UK.

Computer Forensics Company: An abundance of exploited SSLVPN flaws

Unlike IPsec, which is an open standard that most companies follow, SSLVPN does not have a standard, causing network device manufacturers to create their own implementation of the protocol.

However, this has led to numerous bugs discovered over the years in SSL VPN implementations from Cisco, Fortinet, and SonicWall that hackers actively exploit to breach networks.

As an example, Fortinet revealed in February that the Chinese Volt Typhoon hacking group exploited two FortiOS SSL VPN flaws to breach organizations, including a Dutch military network.

In 2023, the Akira and LockBit ransomware operations exploited an SSL VPN zero-day in Cisco ASA routers to breach corporate networks, steal data, and encrypt devices.

Earlier that year a Fortigate SSL VPN vulnerability was exploited as a zero-day against government, manufacturing, and critical infrastructure.

NCSC’s recommendations come after the organization recently alerted about an advanced threat actor exploiting multiple zero-day vulnerabilities in Cisco ASA VPNs used in critical infrastructure since November 2023.

Cisco disclosed the particular campaign as ‘ArcaneDoor,’ attributing it to the threat group tracked as ‘UAT4356’ or ‘STORM-1849,’ who gained unauthorized access to WebVPN sessions associated with the device’s SSL VPN services.

The attacks involved the exploitation of two zero-days, namely CVE-2024-20353 and CVE-2024-20359, which enabled the hackers to achieve authentication bypass, device takeover, and privilege elevation to administrative rights.

Although Cisco fixed the two vulnerabilities on April 24, the cybersecurity and networking equipment firm couldn’t identify how the threat actors initially gained access to the device.

Read More

Written by: Sewa

Rate it

Previous post

Similar posts

Computer Forensic Expert Sewa / June 30, 2024

Zambia Working on Establishing an AI Framework, Says Minister

Computer Forensics Company: Zambia has reportedly initiated a process to establish an artificial intelligence framework and is collaborating with the Tony Blair Institute to formulate an artificial intelligence strategy. Sarah Luyele Njamu said Zambia can leverage AI for economic growth, improved healthcare, enhanced education, and sustainable development. Zambia Revising Cyber Security and Crime Law The ...

Read more trending_flat

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *


 


LOGO

 

  • info@thorsolution.com


Products


Company


Contacts

Support