A Smartphone running malicious code

Latest Articles

FBI warning:
VPN software flaw

Blog icon written by XCell Technologies
Calendar icon

Published on August 23, 2021

Remember our warnings regarding VPN use and security flaws that all VPNs have? Now this:

FBI warning: This zero-day VPN software flaw was exploited by APT hackers.

The FBI has warned that a sophisticated group of attackers have exploited a zero-day flaw in a brand of virtual private networking (VPN) software since May.

The FBI said its forensic analysis showed that the exploitation of the zero-day vulnerability in the FatPipe WARP, MPVPN, and IPVPN software, by an advanced persistent threat (APT) group, went back to at least May 2021. It did not provide any further information about the identity of the group.

The vulnerability allowed the attackers to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity, the FBI said, noting: “Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”

The FBI said the vulnerability affects all FatPipe WARP, MPVPN, and IPVPN device software prior to the latest version releases, 10.1.2r60p93 and 10.2.2r44p1.

It warned that detection of exploitation activity might be difficult, as cleanup scripts designed to remove traces of the attackers’ activity were discovered in most cases.

“Organizations that identify any activity related to these indicators of compromise within their networks should take action immediately,” the FBI said in an alert.

“FBI strongly urges system administrators to upgrade their devices immediately and to follow other FatPipe security recommendations such as disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.”

FatPipe has its own advisory FPSA006, which notes: “A vulnerability in the web management interface of FatPipe software could allow a remote attacker to upload a file to any location on the filesystem on an affected device.

“The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device.”

security breach

Will this flaw affect my XStealth?

Definitely no. As you already know, all apps we install for you on XStealth, including VPN software, have security patches already applied and no breaches has been reported nor detected. All your comms are secure and will stay secure with us.

Let’s keep in touch!

We’d love to keep you updated with our latest news and offers

Further articles

How confidential are your calls

How confidential are your calls?​

This case, discovered by Indian cybersecurity researcher Anand Prakash, was just a bug of bad programming, and is euphemistically called IDOR, short for Insecure Direct Object Reference.

A smartphone using Protonmail

Attention Proton-Mail users!

We have to remind you of our approach when it comes to encryption: it is for average people to use and will only defend you against (some) hackers. It will not protect you at all against law enforcement, as you will read in this article.