ZDNet

Some enterprise VPN apps store authentication/session cookies insecurely

At least four Virtual Private Network (VPN) applications sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC) ...

An audit found that DuckDuckGo's VPN doesn't track user activity

If you use DuckDuckGo's VPN, your traffic doesn't appear to be visible the company.
Bleeping Computer

Multiple Enterprise VPN Apps Allow Attackers to Bypass Authentication

Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a ...
Network World

Using your Active Directory for VPN authentication on ASA

For a long time the only way to use Active Directory (AD) for VPN authentication and authorization was to use a RADIUS server such as Cisco ACS that could use AD as an external database. With the ...
news.ucsb.edu

Multi-factor Authentication Q&A

UC Santa Barbara will roll out multi-factor authentication (MFA) for VPN access this summer, with plans to use the protocol for a number of other applications over the course of the next year. The ...
Bleeping Computer

Cisco won’t fix authentication bypass zero-day in EoL routers

Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923 ...
Australian Broadcasting Corporation

Give yourself an online privacy check-up and start 2020 securely

Do get a password manager Do clean up your online accounts Don't use public internet without a VPN Avoid most "internet of things" devices First, let's be clear. Most internet services are built to ...