1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Zero-day VPN software flaw exploited by APT hackers

    From TechnologyDaily@1337:1/100 to All on Mon Nov 22 12:15:04 2021
    Zero-day VPN software flaw exploited by APT hackers

    Date:
    Mon, 22 Nov 2021 12:03:53 +0000

    Description:
    Unidentified APT group cleverly wipes traces of its malicious activity post exploitation, suggests the FBI.

    FULL STORY ======================================================================

    An advanced persistent threat (APT) group has been actively exploiting a zero-day flaw in FatPipes software that powers its virtual private networking ( VPN ) devices, the FBI has warned.

    While the FBI hasnt shared details about the attackers, its cybersecurity sleuths have discovered that the group has been using the flaw since at least May 2021.

    The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root
    access, leading to elevated privileges and potential follow-on activity,
    notes the FBI in its advisory. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    Interestingly, analysis of the groups activity has shown that the threat actors took various steps to cover evidence of their break-in, including wiping their session activity to avoid detection. Patch now

    According to the FBI, the bug hasnt yet been assigned a CVE number, but has been fixed by FatPipe.

    Explaining the bug in its own advisory, FatPipe notes that it exists in the softwares web management interface.

    The vulnerability is due to a lack of input and validation checking
    mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device, explains FatPipe.

    The vulnerability affects all FatPipe WARP, MPVPN, and IPVPN device software prior to the latest version releases, 10.1.2r60p93 and 10.2.2r44p1. Since there arent any known workarounds to the bug, both the FBI and FatPipe urge users to upgrade to the latest patched release without delay.

    If you are concerned about online privacy, use one of the best business VPN services



    ======================================================================
    Link to news story: https://www.techradar.com/news/zero-day-vpn-software-flaw-exploited-by-apt-hac kers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)