Tag

Vpn

5 briefs RSS

AWS Discovery API Calls from VPN ASN by New Identity

This rule detects the initial use of AWS discovery APIs from VPN-associated ASNs by a previously unseen identity, indicating potential reconnaissance activity.

Amazon Web Services cloud aws discovery vpn

2r 1t 3d ago

critical advisory

OpenVPN-auth-oauth2 Authentication Bypass in Plugin Mode

2 rules 1 TTP

A critical authentication bypass vulnerability exists in openvpn-auth-oauth2 versions 1.26.3 through 1.27.2 when deployed in the experimental plugin mode; clients that do not support WebAuth/SSO are incorrectly granted VPN access without completing OIDC authentication.

openvpn-auth-oauth2 openvpn authentication-bypass vpn

2r 1t 1w ago

high advisory

Synology SSL VPN Client Plaintext Password Storage Vulnerability (CVE-2021-47961)

2 rules 1 TTP 1 CVE

Synology SSL VPN Client before 1.4.5-0684 stores passwords in plaintext, allowing remote attackers to potentially access or manipulate user PIN codes, leading to unauthorized VPN configuration and traffic interception.

plaintext-password vpn synology

2r 1t 1c 3w ago

high advisory

Fortigate VPN CVE-2023-27997 Exploitation Attempt

2 rules 1 TTP 1 IOC

IDS alerts indicate a potential exploitation attempt against a Fortigate VPN server using CVE-2023-27997, characterized by repeated GET requests to the /remote/logincheck endpoint originating from a specific IPv6 address.

fortigate vpn cve-2023-27997 exploit initial-access

2r 1t 1i Feb 28, 2026

high advisory

Fortigate VPN Exploit Attempt via CVE-2023-27997 and Suspicious User-Agent

3 rules 2 TTPs 3 IOCs

Multiple IDS alerts indicate potential exploitation attempts against Fortigate VPN servers using CVE-2023-27997, alongside traffic from a suspicious user agent, possibly indicating reconnaissance or exploit activity.

fortigate vpn cve-2023-27997 exploit network

3r 2t 3i Feb 26, 2026