NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities
The National Security Agency (NSA) has released an advisory on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review NSA’s Cybersecurity Advisory and CISA’s Current Activity on Vulnerabilities in Multiple VPN Applications for more information and apply the necessary updates or mitigations.
What are ATPs?
ATP are stealthy cyber attacks where a person or a group gains unauthorised access to a network and remains undetected.
In most cases, these attacks are conducted by nation-state, or criminal organisations (see article there). Their purposes are to extract information, intellectual property, financial data and can be used to steal cask when banks are attacked.
If it is free, there is probably a catch. If you possess an Android device and have installed free apps from Google play, it is interesting to read the warning about what you are authorising the apps to do on your device. Frequently the app collect information about yourself , your location and your contacts. These details are likely to be sold or used for marketing and advertising purpose. There is nothing wrong with people trying to make a living after all.
But can you trust the companies that are collecting the data? Rovio, the company behind the Angry Birds game has decided, according to its chief executive to review its relationship with advertising networks. The Guardian, New York Times and ProPublica have last month revealed that the US and UK spy agencies are collecting data from some smartphone apps. According to the article in the Guardian, the agencies would be able to collect almost every key detail of a user’s life, including
- home country
- current location
- zip code
- marital status – options included “single”, “married”, “divorced”, “swinger”
- sexual orientation
- education level
- number of children
It is worth reading the full article, as it also describe the range of tools available to the NSA and GCSQ to spy and access your devices. Spokespeople for the NSA and GCHQ told NBC all programs were carried out in accordance with US and UK law.