Corporate VPNs In The Bullseye

When the corporate virtual private network gets 0wned.
Kelly Jackson Higgins:

Virtual private network (VPN) connections can provide a false sense of security, and two separate and newly discovered attack campaigns exploiting the much-vaunted corporate channel serve as a wakeup call for how attackers can abuse and use VPNs.

Researchers at Volexity have witnessed attackers going after the corporate VPN by altering the login pages to Cisco Systems’ Web-based VPN, Clientless SSL VPNs via JavaScript code injected into the login pages in order to pilfer corporate user credentials at the VPN login phase.  It’s all in the name of the “P” in APT: “persistence.”
To read the entire article, please click here.
Source: http://www.darkreading.com/

Facebooktwittergoogle_plusredditlinkedinmail

Leave A Comment