Tech

Got FatPipe VPN? Update now: FBI warning about wrongdoing of the day gone

Hackers have been exploiting a zero-day vulnerability in FatPipe VPN software since May, the FBI has announced.

A patch has been released, so anyone using FatPipe WARP, MPVPN or IPVPN software should update immediately to protect themselves in the future.

No company is wrong when it comes to zero-day vulnerabilities, from Apple come Google, but it’s sad to see in a VPN, a service explicitly designed to keep its users safe.

What to know

According to the FBI’s forensic analysis, the attackers were a group sophisticated enough to be labeled an “enhanced persistent threat,” and used the vulnerability to gain access to companies’ internal networks. company for months, according to forensic analysis by the FBI.

NS FBI statement itself explains that the vulnerability allowed hackers to exploit a file upload function:

“The vulnerability allows APT agents with access to unrestricted file upload functionality to drop a webshell for exploits with root access, resulting in elevated privileges and potential tracking activity. power. Exploitation of this vulnerability was then seen as a starting point for other infrastructure for APT agents. ”

The statement includes technical details that IT teams can use to monitor their intranets, and advises that any organization that finds activity that indicates they have been compromised should “act immediately.” instantly”.

However, that is easier said than done because the FBI found that, in most cases, hackers used cleanup scripts to hide traces of their activity.

Can you trust your VPN?

Yes, the vulnerability in question has been patched for now, but it’s little consolation for companies now knowing that they’ve been completely exposed and potentially hacked in the past six months. . In situations like these, the security of any virtual private network service must be closely monitored.

FatPipe not enabled our list of the safest and most trusted VPNs, where we ranked NordVPN, IPVanish, and PureVPN among the business data privacy creams.

But perhaps the best test of detecting a software vulnerability is to see how well the protections and fallbacks already in place work to mitigate any harm the vulnerability could cause. out. Take for example NordVPN’s Data breach of 2018: Only one of the company’s 3,000+ servers was affected, and NordVPN was quick to address that. No user data was compromised during the incident, and NordVPN’s no-logs policy means no data to be available to be compromised.

If you’re interested in a new VPN or simply trying out one that has enough protections to ensure your company’s internal network isn’t hacked, check out our roundup of The most powerful business VPNs are here. Or, just check out this table for a quicker comparison of all the facts about each category:

https://tech.co/news/fatpipe-vpn-update-zero-day-flaw Got FatPipe VPN? Update now: FBI warning about wrongdoing of the day gone

Caroline Bleakley

USTimeToday is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@ustimetoday.com. The content will be deleted within 24 hours.

Related Articles

Back to top button