Virtual Private Network | Breaking Cybersecurity News | The Hacker News

Virtual Private Networks (VPNs) , which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN product by Cisco Systems to install backdoors that collect employees' usernames and passwords used to login to corporate networks. The product in question is Cisco Systems' Web-based VPN – Clientless SSL VPN . Once an employee is authenticated, Clientless SSL VPNs allows him/her to access internal web resources, browse internal file shares, and launch plug-ins, which let them access internal web resources through telnet, SSH, or similar network protocols. The backdoor contains malicious JavaScript code that attackers used to inject into the login pages. Once injected, the backdoor is hard to detect because the malicious JavaScript is hosted on an external compromised

Good news for all Android Lollipop-ers! Google appears to be secretly working on a Virtual Private Network (VPN) service, dubbed ' Google VPN '. The news is still not confirmed, but the folks at Pocketables discovered an interesting hidden app called " Google Connectivity Services " under " All Apps " in the app manager, while digging through settings and apps after installing the latest version, Android 5.1 Lollipop on a Nexus 6 phone. After clicking on the created shortcut, the app greeted with a pop-up message that reads,  " Google VPN:  To help protect you on open Wi-Fi networks, your data will be transmitted securely through a Google VPN." The pop-up also has the " learn more " and " got it " options. However, since Google VPN feature is currently not in a functional state, you get redirected to a support page from Google if you click on " learn more " option. But if you click on the "

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or