Govt Warns Users Of Vulnerability In Check Point Gateway Products

Share via:


SUMMARY

This vulnerability could potentially enable hackers to compromise users’ data

Attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN

Check Point has also released a solution to prevent exploitation of this vulnerability

The Indian Computer Emergency Response Team (CERT-In) has identified a vulnerablity in cybersecurity solutions provider Check Point’s gateway products.

As per the advisory, the vulnerability could potentially enable hackers to compromise users’ data. 

It further said that attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN, remote access VPN or mobile access software blades.

“This vulnerability exists in Check Point Network Security gateway products due to the unrecommended password-only authentication method,” the advisory said.

“Successful exploitation of this vulnerability could allow the attacker to access certain information on internet-connected gateways configured with IPSec VPN, remote access VPN, or mobile access software blades. This, in certain scenarios, could potentially lead the attacker to move laterally and gain domain admin privileges,” it added.

Check Point issued the advisory last Tuesday. The company has released a solution to prevent exploitation of this vulnerability.

“Check Point’s dedicated task force continues investigating attempts to gain unauthorised access to VPN products used by our customers. On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade. Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway,” it said.

With increasing digitisation, there has also been a rise in cybercrimes in the country. The Centre is taking various measures to curb this surge in cybercrimes and financial frauds. 

The Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app last month, aiding law enforcement in real-time tracking of cyber criminals. 

Additionally, the Department of Telecommunications introduced the Digital Intelligence Platform for real-time information sharing among stakeholders, and the Chakshu portal for reporting fraud communications.

Besides, many new startups are emerging to tackle cybersecurity challenges, recognising the increasing importance of safeguarding digital assets in today’s interconnected world.

Some startups in this space are TAC Infosec, Safe Security, BluSapphire Cyber Systems, among others.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Govt Warns Users Of Vulnerability In Check Point Gateway Products


SUMMARY

This vulnerability could potentially enable hackers to compromise users’ data

Attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN

Check Point has also released a solution to prevent exploitation of this vulnerability

The Indian Computer Emergency Response Team (CERT-In) has identified a vulnerablity in cybersecurity solutions provider Check Point’s gateway products.

As per the advisory, the vulnerability could potentially enable hackers to compromise users’ data. 

It further said that attackers could exploit this vulnerability to gain access to specific information on internet-connected gateways configured with IPSec VPN, remote access VPN or mobile access software blades.

“This vulnerability exists in Check Point Network Security gateway products due to the unrecommended password-only authentication method,” the advisory said.

“Successful exploitation of this vulnerability could allow the attacker to access certain information on internet-connected gateways configured with IPSec VPN, remote access VPN, or mobile access software blades. This, in certain scenarios, could potentially lead the attacker to move laterally and gain domain admin privileges,” it added.

Check Point issued the advisory last Tuesday. The company has released a solution to prevent exploitation of this vulnerability.

“Check Point’s dedicated task force continues investigating attempts to gain unauthorised access to VPN products used by our customers. On May 28, 2024 we discovered a vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade. Exploiting this vulnerability can result in accessing sensitive information on the Security Gateway,” it said.

With increasing digitisation, there has also been a rise in cybercrimes in the country. The Centre is taking various measures to curb this surge in cybercrimes and financial frauds. 

The Ministry of Home Affairs’ cyber crime unit launched the ‘Pratibimb’ app last month, aiding law enforcement in real-time tracking of cyber criminals. 

Additionally, the Department of Telecommunications introduced the Digital Intelligence Platform for real-time information sharing among stakeholders, and the Chakshu portal for reporting fraud communications.

Besides, many new startups are emerging to tackle cybersecurity challenges, recognising the increasing importance of safeguarding digital assets in today’s interconnected world.

Some startups in this space are TAC Infosec, Safe Security, BluSapphire Cyber Systems, among others.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Talent Acquisition in GCCs: Talent-hungry GCCs fish for professionals...

Global capability centres (GCCs) of foreign companies expanding...

Titanium iPhone vs steel weight difference

Brought to you by Uniq: Uniq’s new FlexGrip™...

Tech leaders recommend colleagues for Trump’s cabinet

Some tech investors and executives have been trying...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!