Zero-day flaw in Check Point VPNs is ‘extremely easy’ to exploit
Cybersecurity company Check Point says attackers are exploiting a zero-day vulnerability in its enterprise VPN products to break into the corporate networks of its customers.
The technology maker hasn’t said yet who is responsible for the cyberattacks or how many of its customers are affected by intrusions linked to the vulnerability, which security researchers say is “extremely easy” to exploit.
In a blog post this week, Check Point said the vulnerability in its Quantum network security devices allows for a remote attacker to obtain sensitive credentials from an affected device, which can grant the attackers access to the victim’s wider network. Check Point said attackers began exploiting the bug around April 30. A zero-day bug is when a vendor has no time to fix the bug before it is exploited. The company urged customers to install patches to remediate the flaw.