Flaws in widely used corporate VPNs put company secrets at risk

From techcrunch.com

GettyImages 111035051

Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets.

Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit.

These VPNs — or virtual private networks — aren’t your traditional consumer VPN apps designed to mask where you are and hide your identity, but are used by staff who work remotely to access resources on a company’s network. Typically employees must enter their corporate username and password, and often a two-factor code. By connecting over an HTTPS (SSL) connection, these providers create a secure tunnel between the user’s computer and the corporate network.

Read more…