Total Tests:

Hackers chain Windows, VPN bugs to access government systems

By Steve Zurier for SC Media
Monday, October 12, 2020

CISA also found multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks. And to a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505.

A growing number of state and federal agencies can be easily compromised even without hackers having any technical skills, said Ilia Kolochenko, founder and CEO of ImmuniWeb.

“Government agencies have a myriad of unprotected IT and cloud systems exposed to the Internet, with default or weak credentials, or even without passwords,” Kolochenko said. “Furthermore, it’s possible to easily find a great wealth of stolen credentials belonging to governmental employees on the dark web and, in view of a widespread and continuing trend of password reuse, can silently login to some state systems that process or store critical national data.” Read Full Article


Previous Media Publications:

Security Buyer: Apple cyber vulnerabilities

Information Security Buzz: Expert Insight: CPS Under Fire Again After Data Breach Cases Jump 18%

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential