Warning: Detecting a very serious vulnerability in Cyberoam, a common firewall system in Vietnam
VSEC is broadcasting a warning about an extremely dangerous vulnerability with the code name CVE-2019-17059 on Cyberoam. According to experts, this gap is dangerous at 9/10 - almost the highest in the rating scale, which can greatly affect many Vietnamese businesses. This vulnerability was discovered on the version of CyberoamOS before 10.6.6 MR-6.
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
Cyberoam is a firewall protecting website based on user authentication, supporting real-time protection of organizations and businesses against attacks and cyber security threats.
Currently, more than 96,000 devices in the world use Cyberoam publicly. In Vietnam, Cyberoam devices are also used by many companies and banks for their security solutions.
To exploit this vulnerability, hackers will access and send packets containing exploit code to the web admin interface or SSL VPN Consoles (SSL VPN Consoles) to hijack the device. If successful, the bad guy can remotely execute unauthorized commands without providing a username and password.
The danger is that the bad guy will gain the highest level of access to allow any action on the victim's Cyberoam device, such as a deeper attack on the system, tracking all message data, turning off functions. protection, install backdoors into the intranet .
As recommended by VSEC, Vietnamese organizations and businesses using Cyberoam should immediately implement the following measures to ensure safety.
- Cyberoam needs to be updated immediately to the latest version.
- When transmitting data, it is necessary to use encryption methods, including in internal networks.
- Improve user awareness of information security.
- In addition to firewall devices, it is necessary to simultaneously conduct security testing, evaluation and vulnerability scanning on open systems, applying world security standards such as OWASP, ISO 27008.
You should read it
- Internet Explorer has vulnerabilities, unused users are still hacked
- Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
- Top 30 serious security holes are being exploited by hackers the most
- Take a look at the most significant threats from the security world in 2019
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Microsoft silently updated Windows 10 to patch 2 serious security holes
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- 10 interesting facts about black holes in the universe (Part 1)
May be interested
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connectioninternational security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams.
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!a group of free security researchers recently announced the zero-day vulnerability in the dropbox version of the windows app.
- 12-year vulnerability in pkexec gives hackers root privileges on Linuxresearchers have just issued a warning about a vulnerability in polkit's pkexec component that is assigned the code cve-2021-4034 (and is known as pwnkit).
- ZoneAlarm Free Firewall 158_181_18901, download ZoneAlarm Free Firewall herezonealarm free firewall is software that provides advanced layers of protection to monitor and block unwanted traffic, protect personal data, and prevent hackers and malware from performing bad behavior with the system. .
- Configure the firewall after installing Windows XP SP2after installing windows xp service pack 2 (sp2), you will see some changes to the firewall system; and depending on the system, you may have to adjust the firewall's configuration to make it more stable.
- Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 yearsusing microsoft azure can help companies better secure their data. however, a newly discovered vulnerability shows the opposite result.
- How to turn firewall on and off in Windows 10how to turn the firewall on and off in windows 10. firewall system - firewall helps you to protect from many threats on the internet or devices that want to connect to your computer. however, sometimes it also becomes an obstacle that makes us uncomfortable when
- 10 free firewall software is most worthwhilewindows has a great integrated firewall, but do you know there are completely free and alternative firewall software that you can install? yes, there are many firewall software that are easier to use and have more features, options that are easier to understand than microsoft 's built - in firewall.
- How to check the firewallyou may have turned on the firewall feature of your pc or wireless router at some point, but how do you know if it really works?
- Why You Probably Don't Need a Third-Party Firewall App on Windowsfirewalls are your windows system's first line of defense against online threats, but is windows defender firewall up to the task?