Wide-ranging cyberattacks launched against web-based utility tools and enterprise VPN solutions are being called “some of the worst” (opens in new tab) to occur this year.
The tools and solutions in question are Webmin, a web-based utility for managing Linux and *NIX systems, as well as Pulse Secure and Fortinet's FortiGate – enterprise VPN solutions in use by, among others, US government institutions.
As all of the vulnerabilities allow hackers to fully take over an attacked network or system, all are considered equally dangerous.
Cybersecurity firm Bad Packets says there are several hackers, or hacking groups, that are currently exploiting the Webmin vulnerability, one of which appears to also have been behind the IoT botnet called Cloudbot. The patch was released last Sunday, and all administrators are urged to update their Webmin to V1930 as soon as possible.
There are more than a million active Webmin installs on the internet at the moment, with all of the versions available at Sourceforge being vulnerable. To make matters even worse, the version 1890 has the backdoor (opens in new tab)active by default.
When it comes to Pulse Secure and FortiGate, the vulnerability allows hackers to either authenticate on the devices or fake an active VPN session (opens in new tab).
Bad Packets said they identified Pulse Secure VPNs on the networks of US government agencies, including the military, public universities and schools, financial institutions, healthcare organisations and many others.
Allegedly, there are roughly 42,000 Pulse Secure VPN systems available online, 14,000 of which are yet unpatched.