Critical Auth Bypass Bug Exploited in Wild, Check Point Warns
▼ Summary
– A critical vulnerability in Check Point’s Remote Access VPN and Mobile Access solutions has been exploited.
– The exploitation has been attributed to the threat actor known as Qilin.
A critical security flaw in Check Point’s Remote Access VPN and Mobile Access platforms is now under active exploitation, with the notorious Qilin ransomware group leading the attacks. The company has confirmed that the vulnerability, which allows attackers to bypass authentication entirely, is being used to compromise corporate networks.
The bug, identified as a zero-day authentication bypass, enables an unauthenticated attacker to gain full access to network resources without valid credentials. Check Point’s security team issued an urgent advisory, warning that exploitation attempts have been detected in the wild. The vulnerability affects a wide range of their VPN and mobile access gateways, putting thousands of organizations at risk.
Qilin, a ransomware gang known for its aggressive double-extortion tactics, has been observed leveraging this flaw to infiltrate systems and deploy ransomware. The group typically encrypts files while simultaneously exfiltrating sensitive data, threatening to leak it unless a ransom is paid. According to Check Point’s threat intelligence, the attacks have escalated significantly over the past week.
The company has released emergency patches for all affected products and strongly urges administrators to apply them immediately. In the interim, Check Point recommends enabling multi-factor authentication (MFA) for all VPN users and reviewing access logs for any suspicious activity. Organizations that cannot patch immediately should consider disabling Remote Access VPN until the fix can be deployed.
This incident underscores the persistent danger of authentication bypass vulnerabilities in widely used enterprise tools. As remote work remains common, VPN gateways have become prime targets for ransomware actors. Security experts advise that organizations maintain rigorous patch management and monitor for signs of unauthorized access, as attackers often exploit such flaws before public disclosure.
Check Point has not disclosed the total number of affected customers, but given the widespread deployment of their VPN solutions, the potential impact is substantial. The company continues to investigate the scope of the compromise and is working with law enforcement to track the Qilin group’s activities.
(Source: Infosecurity Magazine)
