Cybersecurity firm Check Point says attackers are exploiting zero-day vulnerabilities in corporate VPN products to break into its customers’ corporate networks.
The technology manufacturer has not yet revealed who was responsible for the cyberattack or how many of its customers are affected by intrusions related to this vulnerability. Security researchers say this vulnerability is “very easy” to exploit.
In a blog post this week, Check Point said: Vulnerabilities in Quantum network security devices Allows a remote attacker to obtain sensitive credentials on an affected device, giving the attacker access to the victim’s wider network. Check Point said attackers began exploiting the bug around April 30. A zero-day bug is when the vendor does not have time to fix the bug before it is exploited.
the company Customers were urged to install the patch. To correct defects.
According to its website, Check Point has over 100,000 customers. A Check Point spokesperson did not respond to a request for comment asking how many customers were affected by the attack.
Check Point is the latest security company in recent months to disclose security vulnerabilities in its security products, technology designed to protect companies from cyberattacks and digital intrusions.
These network security devices sit at the edge of a company’s network and act as digital gatekeepers that allow users in and out, but in some cases they tend to contain security flaws that can easily bypass security defenses and compromise customer networks. .
Several other companies and security vendors, including Ivanti, ConnectWise and Palo Alto Networks, have rushed in recent months to fix flaws in their enterprise-grade security products that malicious attackers have exploited to compromise customer networks and steal data. All of the bugs in question are inherently high severity, because they are very easy to exploit.
Check Point’s vulnerability was revealed in a report by security research firm watchTowr Labs. Vulnerability Analysis Once discovered, the bug was “very easy” to exploit.
The bug, described by watchTowr Labs as a path traversal vulnerability, means an attacker could remotely trick an affected Check Point device into returning files that should be protected and unrestricted, such as passwords for root access. Level operating system of the device.
“This is much more powerful than the vendor recommendations imply,” said Aliz Hammond, a researcher at watchTowr Labs.
The U.S. cybersecurity agency CISA said it had added the Checkpoint vulnerability to its public catalog of known exploit vulnerabilities. The government cyber agency said in a brief statement that the vulnerabilities in question are frequently used by malicious cyber actors and that these kinds of flaws pose “serious risks to federal enterprises.”