Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk
Microsoft researchers have revealed a series of medium-severity vulnerabilities within OpenVPN, an essential open-source VPN solution embedded in myriad routers, PCs, and smart devices worldwide. The vulnerabilities, if exploited, could allow attackers to execute remote code and escalate privileges, gaining unauthorized access to potentially millions of devices.
The research team demonstrated how these vulnerabilities could be chained together to form a potent attack sequence, culminating in attackers taking complete control over affected devices. This complex attack vector requires user authentication and a sophisticated understanding of OpenVPN’s architecture, highlighting the need for robust security measures.
The NSA and CISA publish advice for selecting and hardening remote access VPN solutions
The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have joined forces to publish guidelines design to help people make informed choices when selecting a VPN.
In the joint NSA-CISA information sheet, the organizations provide help and advice in a range of areas including not only choosing a reliable, trustworthy VPN, but also how to configure a VPN for maximum security and a reduced attack surface.
