Corporate VPNs In The Bullseye

When the corporate virtual private network gets 0wned.
Kelly Jackson Higgins:

Virtual private network (VPN) connections can provide a false sense of security, and two separate and newly discovered attack campaigns exploiting the much-vaunted corporate channel serve as a wakeup call for how attackers can abuse and use VPNs.

Researchers at Volexity have witnessed attackers going after the corporate VPN by altering the login pages to Cisco Systems’ Web-based VPN, Clientless SSL VPNs via JavaScript code injected into the login pages in order to pilfer corporate user credentials at the VPN login phase. ┬áIt’s all in the name of the “P” in APT: “persistence.”
To read the entire article, please click here.


Leave A Comment