VIRTUAL DESKTOP TOOLS
NordVPN | January 20, 2023
NordVPN, a cybersecurity company, has confirmed its third no-log policy assurance engagement, which was conducted by Deloitte, a leading Big Four auditing firm. NordVPN is committed to protecting the privacy, security, and anonymity of its customers. This third no-log policy assurance engagement is part of that commitment.
The engagement included a thorough analysis of NordVPN's processes and configurations for standard VPN, obfuscated VPN, onion over VPN, double VPN, and P2P servers, as well as an inspection of the server configuration and central infrastructure. This showed that NordVPN's customers get a VPN service that complies with its no-logs policy.
Product strategist at NordVPN, Vykintas Maknickas, said, “We are proud to be examined for the third time, representing our continuous efforts to assure transparency to our users. We are delighted to receive the Deloitte stamp of approval, which proves that when we say privacy, we truly mean it."
(Source - Globenewswire)
The assurance engagement is the third that NordVPN has undergone, with the first being in 2018 and the second in 2020, showing the company's commitment to privacy. The full "no logs assurance engagement report" is available on NordVPN's website. Through these engagements, NordVPN has been able to provide customers with assurance that their data is secure and private.
NordVPN is a virtual private network (VPN) provider that masks your IP address and encrypts your internet connection to protect your privacy and security online. It prevents third-party snoopers such as ISPs or advertisers from tracking your online activities, and allows you to securely connect to public Wi-Fi hotspots without worrying about hackers stealing your data. With NordVPN, you can surf the internet without any restrictions, as it offers access to over 5600 servers in 60 countries. NordVPN is one of the most advanced VPN service providers in the world, offering features like double VPN encryption, Onion Over VPN, zero tracking, and Threat Protection. It is user-friendly and offers competitive pricing.
VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION,SERVER HYPERVISORS
Strata Identity | January 04, 2023
Strata Identity, a company that provides identity orchestration services, has joined the Cloud Security Alliance (CSA), a global organization focused on promoting best practices for secure cloud computing. Strata Identity will work with CSA members on projects related to the open source IDQL Standard and identity orchestration. The open source IDQL Standard and identity orchestration are two ways that Strata Identity is working to make cloud computing safer.
Strata Identity's platform allows incompatible cloud identity systems to work together, allowing customers to unify access policies and governance. The company is also a founding member of Hexa, an open source identity federation software, and the IDQL Standard for policy orchestration. Strata Identity wants to make cloud computing safe for its customers by helping them bring their access policies and governance together.
"Lack of interoperability between individual cloud identity platforms and their legacy on-premises brethren is holding back app modernization and cloud migration projects. We look forward to collaborating with the CSA’s extensive community of vendors, enterprises, and industry influencers to advance open standards for cloud identity orchestration."
Eric Olden, CEO of Strata Identity
Eric Olden, CEO of Strata Identity, said the company is looking forward to collaborating with the CSA to advance open standards for cloud identity orchestration. The CEO of the CSA, Jim Reavis, said that Strata Identity's expertise in multi-cloud identity orchestration will help CSA members deal with problems related to app modernization. Strata Identity is going to work with the Cloud Security Alliance (CSA) to help advance open standards for cloud identity orchestration.
About Strata Identity
Strata Identity has made a name for itself as the leader in identity orchestration for hybrid and multi-cloud environments with its innovative Maverics platform. This recipe-driven solution enables organizations to integrate and manage even the most incompatible identity systems while preserving a consistent user experience. By separating applications from identity, Maverics makes it possible to use modern authentication methods like password-less login and enforce consistent access policies without having to spend a lot of money refactoring source code.
VIRTUAL DESKTOP TOOLS,SERVER VIRTUALIZATION,SERVER HYPERVISORS
Fortinet | December 14, 2022
Fortinet issued an advisory Monday detailing the heap-based buffer overflow flaw, tracked as CVE-2022-42475, affecting multiple versions of its FortiOS SSL-VPN. Ranked a 9.3 on the common vulnerability scoring system, Fortinet warned the critical flaw could allow a remote unauthenticated attacker to execute arbitrary code.
"Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise," Fortinet wrote in the advisory.
Patches are available, and Fortinet recommended upgrading to the latest versions as well as the unaffected earlier version of FortiOS. In an email to TechTarget Editorial, Fortinet said it also continues to monitor the situation.
While the company's Product Security Incident Response team made the advisory publicly available Monday, it was not the first notification on the critical flaw. Olympe Cyberdefense, a France-based cyber threat intelligence vendor, released an alert Friday citing that a "new critical flaw, not yet made public" affected Fortinet SSL-VPN.
The alert, which was first reported Monday by TechTarget sister publication Le Mag IT, warned the zero-day vulnerability was easy to exploit and that attackers could gain full control of intended devices. Additionally, Olympe Cyberdefense recommended disabling VPN-SSL functionality if it's not essential.
Olympe updated its alert once Fortinet confirmed the vulnerability and urged customers to patch.
In a statement sent to TechTarget Editorial, Claire Tills, senior researcher engineer at Tenable, noted the time gap between the Olympe's initial disclosure and Fortinet's advisory. "Three days after its initial public disclosure, Fortinet patched CVE-2022-42475 and confirmed it has been exploited in the wild," Tills said.
"Fortinet SSL-VPNs have been a major target for years now -- to the extent that the FBI and CISA issued a dedicated advisory to these flaws and their exploitation in 2021. Nation state actors are still known to exploit those legacy vulnerabilities in Fortinet SSL-VPNs. Given that this new vulnerability has already been exploited, organizations should patch CVE-2022-42475 immediately before it joins the ranks of other legacy VPN flaws."
Attacks targeting VPNs have been on the rise, with multiple government warnings since 2020 when remote work increased amid the COVID-19 pandemic. In October, FortiOS faced another critical vulnerability that allowed attackers to bypass authentication and was exploited in the wild. Like Monday's advisory, Fortinet was not the first to publicly disclose the flaw.