Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline (which got pwned by the REvil ransomware crooks with an old VPN password) or the 87,000 (at least) Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month.
Read full article on Threat Post