Heimdal
Home > Cybersecurity News

Check Point VPNs under Attack. Vendor releases Hotfix for CVE-2024-24919

Using Password-Only Authentication on Old Local VPN Accounts Puts Networks at Risk.

Last updated on May 29, 2024

article featured image

Contents:

Researchers warn that hackers target Check Point remote access VPNs in an attempt to breach corporate networks. Using password-only authentication on old local accounts enables attackers to gain initial access to the company’s network.

Check Point released a security update on May 27th advising users to bolster VPN security. One day later, the vendor released a fix for this security issue, dubbed CVE-2024-24919.

According to its description on MITRE’s site, the flaw is

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.

Source – MITRE

Remote access is available on all Check Point network firewalls. IT teams can use it as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.

If you’re using a Check Point VPN solution, the first step to secure your network against this type of attack is to apply their recent patch.

Safety measures against remote access VPN attacks

CISA already advised security professionals worldwide to use multi-factor authentication to protect sensitive data and infrastructure. IT assets that rely on password-only protection are vulnerable to brute force attacks and password spraying.

Privileged accounts, jump servers, VPNs, etc. should all be protected by an MFA solution. They work as gateways into the internal network, so in case hackers succeed compromising them, they’ll get free passage inside your system.

Keeping an up-to-date inventory of privileged accounts, like local admin accounts, is also high on the list of network security best practices.

Closely monitor privileges. Disable unused local accounts, revoke unnecessary privileges and enforce the principle of least privilege.

To make things more efficient and bolster security, use a Privileged Access Management tool that automates processes.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Heimdal Official Logo
System admins waste 30% of their time manually managing user rights or installations

Heimdal® Privileged Access Management

Is the automatic PAM solution that makes everything easier.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

What Is the Principle of Least Privilege (POLP)?Removing Admin Rights – How to Balance Safety and ProductivityPrivileged Access Management (PAM) Best PracticesWhat Is a Brute Force Attack?Password Spraying: Definition, How It Works, and How to Stop ItWhat Is Multi-Factor Authentication (MFA)?Network Security 101 – Definition, Types, Threats, and MoreNSA and CISA Release Security Tips Regarding VPN Security

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V