Kuala Lumpur, 25th Nov – Malaysia (552) and Thailand (992) corporate SSL VPN Gateway IPs are listed as part of the exposed VPN weakness. Although patches (for CVE-2018-13379 ) have been out for several months but it seems that corporations are taken it lightly on this vulnerability. Globally this exploits affected government agencies, big enterprises and financial institutions. As this gateway are connected to public routable IP addresses, attacker can be from anywhere executing it now.
Ask4key Thailand and Malaysia recommend the following
– Patch the SSL VPN Gateway asap
– Introduce MFA for authentication
– Let discuss about Zscaler Private access (zero trust)
Want to check your IP is one of them – contact us !
Read the original articles from here