Check Point researchers has discovered a zero-day vulnerability in their VPN product that has left their corporate clients’ networks open and vulnerable to exploitation.
Needless to say, this is a worst-case scenario for the cybersecurity company: Corporations use VPNs to avoid this sort of problem, not usher it in. And yet, it happens — as with any technology, not every VPN is invulnerable.
The vulnerability has been exploited already, but we still don’t know who’s behind the attacks or what customers have been impacted by it. Here’s what to know about the vulnerability that researchers are saying is “extremely easy” to expoit.
Check Point VPN’s Big Problem
Check Point revealed the security flaw in a blog post this week. The vulnerability is in the brand’s Quantum network security gateways, and the company has issued a patch that clients can use now to shore up their VPNs.
They found the issue following a “small number” of customers getting in touch about it. Here’s how the analysts explained the flaw:
This just in! View
the top business tech deals for 2024 👨💻
“The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. The attempts we’ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication.”
The good news is that the patch should address the problem, so future VPN users can stay safe.
Always Use Multi-Factor Authentication
We’ve said it before and we’ll say it again: Password-only authentication is easy to break into. Hackers simply need to guess, crack, or steal one single password in order to break in successfully.
And thanks to the constant churn of major data breaches — like the recent TicketMaster hack that exposed over half a billion accounts’ data — bad actors have plenty of passwords to work with. You’ll want multi-factor authentication, which sends a verifiction code to your email or phone, even after you’ve entered the right password.
That extra layer of security goes a long way towards keeping you safe. In the case of the Check Point VPN situation, it would have completely stopped hackers from gaining access.
VPNs to Check Out
Looking for a VPN? After reading this news, you’ll likely prioritize one that offer multi-factor authentication. There are plenty of other VPNs features and functions to check out, however, from the number of servers (3,000 or more is common) to the number of countries (anywhere from 60-100 countries is the norm) and core functions like a kill switch.
Our top pick right now is Surfshark, which offers unlimited connections and all the key functionalities you’ll need, for just a few bucks a month.
But there are lots of other options worth considering for their speed or security protocols. Check out our guide to the best VPNs for businesses for all the research to know.
