ZDNet

Some enterprise VPN apps store authentication/session cookies insecurely

At least four Virtual Private Network (VPN) applications sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC) ...
Bleeping Computer

Multiple Enterprise VPN Apps Allow Attackers to Bypass Authentication

Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a ...
Network World

Using your Active Directory for VPN authentication on ASA

For a long time the only way to use Active Directory (AD) for VPN authentication and authorization was to use a RADIUS server such as Cisco ACS that could use AD as an external database. With the ...
Security Boulevard

IP Lookup for Enterprise Authentication: How to Use IP Reputation, VPN/Proxy Detection, and Risk-Based MFA

Learn how IP lookup, reputation checks, VPN detection, and risk-based MFA strengthen enterprise authentication and prevent fraud.
The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
Bleeping Computer

Cisco won’t fix authentication bypass zero-day in EoL routers

Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923 ...