zCat on Nostr: New NachoVPN attack uses rogue VPN servers to install malicious updates A set of ...
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them.
AmberWolf security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering or phishing attacks.
Threat actors can use the rogue VPN endpoints to steal the victims' login credentials, execute arbitrary code with elevated privileges, install malicious software via updates, and launch code-signing forgery or man-in-the-middle attacks by installing malicious root certificates.
See more:
Bleeping Computer: https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/
SecurityWeek:
https://www.securityweek.com/new-vpn-attack-demonstrated-against-palo-alto-networks-sonicwall-products/
#cybersecurity
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them.
AmberWolf security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering or phishing attacks.
Threat actors can use the rogue VPN endpoints to steal the victims' login credentials, execute arbitrary code with elevated privileges, install malicious software via updates, and launch code-signing forgery or man-in-the-middle attacks by installing malicious root certificates.
See more:
Bleeping Computer: https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/
SecurityWeek:
https://www.securityweek.com/new-vpn-attack-demonstrated-against-palo-alto-networks-sonicwall-products/
#cybersecurity