What is the issue?
The UK’s National Cyber Security Centre (NCSC) has warned that Advanced persistent threat (APT) groups have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure.
A brief overview
APT actors are targeting the UK and other international organizations in the healthcare sector, educational sector, government, and military. The vulnerabilities exist in several VPN products that allow an attacker to retrieve arbitrary files containing sensitive data including authentication credentials.
More details on the vulnerabilities
The list of vulnerabilities that are being exploited include:
“System administrators who suspect that exploitation may have occurred or cannot rule out this possibility should revoke credentials that were at risk of theft. This may include both administrative and user credentials. Resetting authentication credentials will defend against unauthorised access using credentials acquired prior to patching affected systems,” NCSC said.