Hackers are actively trying to steal passwords from two widely used VPNs
Security researchers are warning that threat actors have begun scanning the web for servers vulnerable to flaws affecting two highly popular VPN solutions. By exploiting vulnerable servers, hackers could steal login credentials , encryption keys and other sensitive information belonging to users of Fortigate VPN and Pulse Secure VPN.
The security flaws in both solutions were discovered and patched earlier this year, but thousands of servers that haven’t been updated to the latest versions are still vulnerable. Fortigate VPN is installed on around 480,000 servers and Pulse Secure VPN on about 50,000 servers. Internet-wide vulnerability scans show that the vulnerable entities being targeted include government and military agencies as well as organizations in the education, finance and healthcare sectors.