Cybersecurity company Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to break into its customers’ corporate networks.
The technology maker has not yet clarified who is responsible for the cyberattacks or how many of its customers are affected by intrusions linked to the vulnerability, which security researchers say is “extremely easy” to exploit.
In a blog post published this week, Check Point said the vulnerability in its Quantum network security appliances allows a remote attacker to obtain sensitive credentials from an affected device, which may allow attackers to gain access to the victim’s wider network. Check Point said attackers began exploiting the bug around April 30. A zero day bug occurs when a vendor does not have time to fix the bug before it is exploited.
The company urged its customers to install patches to fix the flaw.
Check Point has more than 100,000 customers, according to its website. A Check Point spokesperson did not respond to a request for comment asking how many of its customers are affected by the exploitation.
Check Point is the latest security company to reveal a security vulnerability in its security products in recent months, the very technologies designed to protect businesses against cyberattacks and digital intrusions.
These network security devices sit at the edge of a company’s network and serve as digital gatekeepers that users are granted access to, but tend to contain security vulnerabilities that can in some cases easily bypass their security defenses and lead to compromising the customer’s network. .
Several other security and enterprise vendors, including Ivanti, ConnectWise and Palo Alto Networks, have rushed in recent months to patch flaws in their enterprise security products that malicious attackers have exploited to compromise their customers’ networks and steal data. All of the bugs in question are very serious in nature, largely due to their ease of exploitation.
In the case of the Check Point vulnerability, security research firm watchTowr Labs said in its analysis of the vulnerability that the bug was “extremely easy” to exploit once located.
The bug, which watchTowr Labs described as a path traversal vulnerability, means it is possible for an attacker to remotely trick an affected Check Point device into returning files that should have been protected and prohibited, such as as passwords to access the root. device operating system level.
“This is much more powerful than the vendor review seems to imply,” said Aliz Hammond, a researcher at watchTowr Labs.
The US cybersecurity agency CISA said it has added the Check Point vulnerability to its public catalog of known and exploited vulnerabilities. In brief remarks, the government cybersecurity agency said the vulnerability in question is often used by malicious cyber actors and that these types of flaws pose “significant risks to the federal enterprise.”
techcrunch
/cdn.vox-cdn.com/uploads/chorus_asset/file/24390407/STK149_AI_02.jpg?w=390&resize=390,220&ssl=1)
