Clothing retailer Monsoon Accessorize has been relying on VPN servers that have critical vulnerabilities, escalating the risk of hacking or ransomware attack, confirmed VPNpro.
The researchers revealed that Monsoon has been utilizing unpatched Pulse Connect Secure VPN servers containing vulnerabilities that enable cyber-criminals to check active users on the company’s VPN along with their plaintext passwords.
This information can then be used further to access the servers and attack the companies in multiple ways. The biggest threat to organizations includes such vulnerability of having their servers locked down with ransomware.
VPNpro confirmed that the researchers could gain access to Monsoon’s internal files, including sensitive business documents, sales and revenue numbers, customer information, and much more.
Source: Infosecurity