Monday, 12 October 2015

Companies Hacked Via Leak In Cisco Web VPN

Attackers abuse a vulnerability in the Cisco Clientless SSL VPN to hack into companies and organizations, warns security firm Volexity. The Cisco SSL VPN Service, also referred to as Cisco Web VPN, is a web-based Virtual Private Network (VPN) to employees via their browser to access the corporate network and servers can get.

To log in to the VPN, users must enter a user name and password. A vulnerability in the Cisco Web VPN, which was patched in October 8, 2014, makes it possible to add malicious code to the login page. Remote attackers can do this and have developed a password or other credentials required. Through the malicious code that is placed on the login page it possible to store the credentials of users, which the attackers themselves can then login.

Cisco warned in February this year for attacks where the vulnerability was used, but that still take place, according Volexity. Medical companies, universities, academic institutions, manufacturing companies and think tanks could now be attacked using this method worldwide.

According to the security company, it is not clear whether the vulnerability has been used for all attacks. It is not excluded that some other attacks observed the attackers themselves already had access to the login page and so could add malicious code. It does not matter if companies use two-factor authentication since the second code to be entered when logging can be intercepted using the custom login page.

No comments:

Post a Comment