Tag Archive for: Juniper

Bad actors race to exploit Juniper firewall vulnerability

/in

Now that Juniper has created a patch for its vulnerable firewall/VPN appliances, bad actors are setting to work reverse engineering the flaw so they can exploit devices that users don’t patch, and also make a profit by selling their exploits to others.

“That’s what they do,” says John Pironti, president of IP Architects, who says he spent Friday responding to concerns about the compromised Juniper firewalls with his clients.

The pattern cyber criminals follow after vendors patch vulnerabilities is to compare the patched code to the unpatched code, figure out what the flawed code was and figure out how to use it to break into the device and the network it protects, Pironti says.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Juniper firewalls compromised by bad code: What you need to know

/in

Juniper Networks is warning customers to patch their NetScreen enterprise firewalls against bad code that enables attackers to take over the machines and decrypt VPN traffic among corporate sites and with mobile employees.

The danger is that attackers could exploit the code “to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper says in a security announcement.

It would enable smart attackers to exploit the vulnerability and wipe out log files, making compromises untraceable, the company says.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Juniper warns of spying code in firewalls

/in

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.

The affected products are those running ScreenOS, one of Juniper’s operating systems that runs on a range of appliances that act as firewalls and enable VPNs. ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable, according to an advisory.

The unauthorized code was found during a recent internal review, wrote Bob Worrall, Juniper’s chief information officer. He did not indicate where Juniper thinks the code originated.

To read this article in full or to leave a comment, please click here

Network World Security

Juniper jettisons mobile security biz – Network World

/in

Juniper jettisons mobile security biz
Network World
As some expected, Juniper sold off its Junos Pulse mobile security unit to Siris Capital, the company announced today. Junos Pulse products were designed to bring integrated connectivity, security and application acceleration to Android, Apple's iOS, …
Juniper Networks To Sell Mobile Security Suite For $ 250 MillionCRN
Juniper Networks divests mobile products for $ 250 millionSC Magazine
Juniper sells Junos and announces growth for Q2TechTarget UK
Computer Business Review –Wall Street Journal
all 62 news articles »

“mobile security” – read more