Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 127

VPN Firewall Accountability Cybersecurity 127

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 86

Firewall VPN Firmware Internet 86

The Hacker News

JULY 3, 2023

No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. CVE-2023-27997

Firewall 93

Firewall VPN Internet Internet 93

eSecurity Planet

SEPTEMBER 5, 2023

August 28, 2023 Ransomware Group Exploits Citrix NetScaler Vulnerability In July, Citrix released a patch for a critical remote code execution vulnerability ( CVE-2023-3519 ), which affected the company’s NetScaler ADC and NetScaler Gateway products and carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale.

VPN 104

VPN Authentication Ransomware Antivirus 104

CyberSecurity Insiders

DECEMBER 21, 2022

While many of the same trends and threats remain, 2023 is likely to keep us on our toes as these threats mature and the landscape continues to shift. With hybrid work, VPN and remote access will start to become greater network-based targets. More workers have returned to the office, with hybrid work increasingly the new normal.

Cybersecurity 135

Cybersecurity Education Scams Internet 135

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. In September, they had a staggering 53 victims.

Ransomware 112

Ransomware Social Engineering Backups Engineering 112

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 210

Risk VPN Internet Internet 210

Malwarebytes

JULY 21, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats. The actively exploited CVE patched in this update is CVE-2023-3519 a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability with a CVSS score of 9.8

Authentication 98

Authentication VPN Cybercrime Cybersecurity 98

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. This vulnerability was assigned CVE-2023-20887. Previous vulnerabilities present in Fortinet SSL products triggered an internal code review of all SSL VPN products.

VPN 52

VPN Backups Authentication Encryption 52

Security Affairs

JANUARY 17, 2024

Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

VPN 110

VPN Software Authentication Internet 110

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 110

VPN Cybercrime Ransomware Hacking 110

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall 93

Firewall Firmware VPN DDOS 93

eSecurity Planet

FEBRUARY 19, 2024

Among the vulnerabilities is CVE-2024-21412 , an Internet Shortcut Files flaw that allows an unauthenticated attacker to send a malicious file to a user. It bypasses Internet Shortcut Files’ security measures. Palo Alto’s Unit 42 research team said that Akira led the number of ransomware posts from new leak sites in 2023.

VPN 113

VPN DNS Ransomware Software 113

Malwarebytes

JANUARY 19, 2024

Normally, the Directive requires those agencies to remediate internet-facing vulnerabilities on its catalog within 15 days, and all others within 25 days. CVE-2023-6549 is an improper restriction of operations within the bounds of a memory buffer in NetScaler ADC and NetScaler Gateway with a CVSS score of 8.2

Authentication 99

Authentication VPN Internet Internet 99

Security Affairs

JANUARY 21, 2023

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability , tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers.

Hacking 97

Hacking Small Business VPN Internet 97

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. The flaw, tracked as CVE-2023-28771 (CVSS score: 9.8), is a command injection issue that could potentially allow an unauthorized attacker to execute arbitrary code on vulnerable devices. through 5.35.

DDOS 97

DDOS Firmware VPN Firewall 97

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT 91

IoT DDOS Passwords Malware 91

SecureList

NOVEMBER 23, 2023

In our previous summary of consumer predictions , we delved into tactics that we expected scammers and cybercriminals to use in 2023. Despite the fact that our predictions regarding Metaverse did not fully materialize in 2023, we reiterate what we said earlier, as we consider this a long-term trend.

VPN 95

VPN Scams Education Internet 95

Security Affairs

AUGUST 15, 2023

Researchers from the Synack Red Team found multi flaws ( CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189 ) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs. Lagona addressed the vulnerabilities in July 2023 with the release of ScrutisWeb version 2.1.38.

Software 96

Software Hacking VPN Firewall 96

Security Affairs

JANUARY 18, 2024

CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability. CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

Authentication 119

Authentication VPN Software Engineering 119

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. CVE-2023-6317 allows for the bypass of permission procedures, enabling unauthorized users to be added.

Firewall 109

Firewall VPN Software Risk 109

NopSec

DECEMBER 1, 2023

Wipe the gravy off your face, roll up your sleeves, and drop to a command line as we cover the trending CVEs for November 2023. Citrix Bleed CVE-2023-4966 Citrix Bleed is an information disclosure vulnerability that impacts Citrix NetScaler ADC and NetScaler Gateway. Severity Complexity CVSS Score Critical Low 9.4 NetScaler ADC 13.1-FIPS

Authentication 59

Authentication VPN Internet Internet 59

Security Affairs

FEBRUARY 9, 2023

Global internet monitor NetBlocks reported that Twitter has been restricted in Turkey in the aftermath of the earthquake. Global internet monitor NetBlocks reported that network data confirm that Twitter has been restricted in Turkey in the aftermath of the earthquake. ” reported Netblocks.

Internet 82

Internet Internet Media VPN 82

Security Affairs

AUGUST 29, 2023

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519 , in a large-scale campaign. The flaw CVE-2023-3519 (CVSS score: 9.8) php) on victim machines.

VPN 106

VPN Ransomware DNS Malware 106

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned.

Malware 103

Malware VPN Encryption Hacking 103

Malwarebytes

MAY 26, 2023

Affected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface. Patch 1, USG20(W)-VPN firmware versions 4.25 Patch 1, VPN series firmware versions 4.30 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 80

Firmware VPN Firewall Accountability 80

Security Affairs

MAY 1, 2024

Researchers at Lumen’s Black Lotus Labs discovered a new malware family, named Cuttlefish, which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. ” The malware has been active since at least July 27, 2023, with indications of earlier versions.

Malware 105

Malware DNS Authentication Telecommunications 105

Security Affairs

DECEMBER 3, 2023

The addressed issues are tracked as CVE-2023-35136 , CVE-2023-35139 , CVE-2023-37925 , CVE-2023-37926 , CVE-2023-4397 , CVE-2023-4398 , CVE-2023-5650 , CVE-2023-5797 , CVE-2023-5960. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall 108

Firewall Authentication VPN Cyber Attacks 108

Malwarebytes

NOVEMBER 24, 2023

Known ransomware attacks by ransomware group, October 2023 Mandiant states it is currently tracking four distinct uncategorized groups involved in exploiting this vulnerability. The CVE for the vulnerability known as Citrix Bleed is CVE-2023-4966 ( CVSS score 9.4 out of 10). NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15

Government 104

Government Ransomware Backups Software 104

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 109

Telecommunications Authentication Data collection Passwords 109

Security Affairs

JUNE 19, 2023

The firmware released by the company addressed nine vulnerabilities, including CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, and CVE-2022-26376. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.”

Firmware 85

Firmware VPN Wireless Passwords 85

CyberSecurity Insiders

MARCH 21, 2023

With the increasing need for online privacy and security, Virtual Private Networks (VPNs) have become a popular solution for internet users. VPNs allow users to access the internet securely and privately by encrypting their internet traffic and hiding their IP addresses. What is a VPN?

VPN 116

VPN Internet Internet Encryption 116

SecureList

APRIL 22, 2024

Diagram of SSH tunnel creation SoftEther VPN The next tool that the attackers used for tunneling was the server utility (VPN Server) from the SoftEther VPN package. To launch the VPN server, the attackers used the following files: vpnserver_x64.exe IP Country + ASN Net name Net Description Address Email 103.27.202[.]85

VPN 111

VPN Passwords Encryption Malware 111

Cisco Security

JANUARY 27, 2023

In 2023, Cisco will recognize top advocates by region for the Global Advocate Awards. Mark’s support to other Cisco customers has also led to his election as Vice-Chair of the Internet Society Cybersecurity Special Interest Group. We celebrate these individuals’ efforts with annual awards in various disciplines and locales.

Cybersecurity 75

Cybersecurity Digital transformation Marketing Technology 75

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Small Business 91

Small Business Password Management VPN Healthcare 91

Security Affairs

AUGUST 31, 2023

Leaked credentials could have been used for credential stuffing attacks, which try to log into companies’ internet-connected tools such as VPN portals, HR management platforms, or corporate emails. The data was publicly accessible for 5 months, as the leak was first indexed by IoT search engines on January 31st, 2023.

Backups 139

Backups Manufacturing Passwords Internet 139

Security Affairs

MARCH 21, 2023

On March 17-18th, 2023, GENERAL BYTES experienced a security incident. “Please keep your CAS behind a firewall and VPN. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it.

Cryptocurrency 82

Cryptocurrency VPN Manufacturing Firewall 82