Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

VPN 91

VPN Hacking Cyber Attacks Software 91

Security Affairs

JULY 23, 2023

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

VPN 89

VPN Cyber Attacks Software Cybersecurity 89

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services.

IoT 91

IoT DDOS Passwords Malware 91

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware 112

Ransomware Backups VPN Authentication 112

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. This vulnerability was assigned CVE-2023-20887. Previous vulnerabilities present in Fortinet SSL products triggered an internal code review of all SSL VPN products.

VPN 52

VPN Backups Authentication Encryption 52

CyberSecurity Insiders

DECEMBER 6, 2022

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

Security Affairs

AUGUST 31, 2023

. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.”

Authentication 114

Authentication Ransomware VPN Hacking 114

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware 87

Ransomware Backups VPN Authentication 87

SecureList

APRIL 22, 2024

Diagram of SSH tunnel creation SoftEther VPN The next tool that the attackers used for tunneling was the server utility (VPN Server) from the SoftEther VPN package. To launch the VPN server, the attackers used the following files: vpnserver_x64.exe IP Country + ASN Net name Net Description Address Email 103.27.202[.]85

VPN 111

VPN Passwords Encryption Malware 111

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 109

Firewall VPN Software Risk 109

Security Affairs

JANUARY 24, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware 110

Ransomware VPN Government Retail 110

Security Affairs

AUGUST 29, 2023

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519 , in a large-scale campaign. The flaw CVE-2023-3519 (CVSS score: 9.8) php) on victim machines.

VPN 105

VPN Ransomware DNS Malware 105

Security Affairs

JUNE 19, 2023

The firmware released by the company addressed nine vulnerabilities, including CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, and CVE-2022-26376. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.”

Firmware 84

Firmware VPN Wireless Passwords 84

eSecurity Planet

FEBRUARY 19, 2024

Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur. Palo Alto’s Unit 42 research team said that Akira led the number of ransomware posts from new leak sites in 2023. Changing passwords, secrets, and pre-shared keys.

VPN 113

VPN DNS Ransomware Software 113

Security Affairs

FEBRUARY 17, 2024

An attacker can trigger the vulnerability to extract sensitive data from the memory of the affected devices, including usernames and passwords. However, there are now indications that this vulnerability might be actively exploited.” ” continues the report.

Ransomware 130

Ransomware VPN Education Hacking 130

Security Affairs

JULY 21, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed.

VPN 79

VPN Cyber Attacks DNS Software 79

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. On March 17-18th, 2023, GENERAL BYTES experienced a security incident. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. ” continues the notice. and 20230120.44.”

Cryptocurrency 80

Cryptocurrency VPN Manufacturing Firewall 80

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 With Duo, the University team stood up integrations within days instead of the predicted weeks or months , protecting their apps and VPN.

Phishing 96

Phishing Social Engineering Authentication Engineering 96

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication 60

Authentication Ransomware VPN Passwords 60

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations.

Backups 138

Backups Manufacturing Passwords Internet 138

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 107

Telecommunications Authentication Data collection Passwords 107

Krebs on Security

APRIL 18, 2023

Riley Kilmer is co-founder of Spur.us , a company that tracks thousands of VPN and proxy networks, and helps customers identify traffic coming through these anonymity services. In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices.

Malware 231

Malware Passwords Accountability Advertising 231

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. ” The malware has been active since at least July 27, 2023, with indications of earlier versions. The recent campaign spanned from October 2023 to April 2024.

Malware 103

Malware DNS Authentication Telecommunications 103

Security Affairs

AUGUST 18, 2023

Then the loaders retrieve a second-stage payload stored in password-protected ZIP archive from Alibaba buckets. The researchers observed that the loader “AdventureQuest.exe” is signed using a certificate issued to a Singapore-based VPN provider called Ivacy VPN. ” reads the analysis published by SentinelOne.

VPN 92

VPN Malware Encryption Passwords 92

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Small Business 89

Small Business Password Management VPN Healthcare 89

Security Affairs

NOVEMBER 15, 2023

The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 62 companies are victims of the operation. VPNs, RDPs) to gain initial access to the target network and maintain persistence.

Ransomware 117

Ransomware Manufacturing Healthcare Education 117

Malwarebytes

MAY 21, 2023

Ruckus vulnerability added to CISA’s list of actively exploited bugs 3 reasons to use a VPN PharMerica breach impacts almost 6 million people Leaked Babuk ransomware builder code lives on as RA Group KeePass vulnerability allows attackers to access the master password Child safety app riddled with vulnerabilities: Update now!

VPN 77

VPN Ransomware Passwords 77

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Based on indexing of another sensitive file we believe that the environment configuration file was exposed starting from February 2023. researchers said. researchers said. Why is exposing config files dangerous?

Data breaches 90

Data breaches VPN Media Passwords 90

Security Affairs

MARCH 19, 2024

The APT group also established access into victims’ private networks by creating VPN servers on compromised public-facing servers and conducting brute-force attacks to obtain email credentials. The attackers use a list of common passwords to test the email accounts on the target’s email server.

Government 83

Government Phishing Accountability VPN 83

Identity IQ

JUNE 27, 2023

The report also highlights the rise of AI voice scams as a significant trend in 2023. The report compares member-reported data from 2022 to the previous year. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. “AI

Scams 86

Scams Identity Theft Education Consumer Protection 86

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN 113

VPN Firmware Authentication Phishing 113

eSecurity Planet

MARCH 19, 2024

The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website. The fix: Fortinet advised users to disable SSL VPN until their FortiOS and FortiProxy deployments can be upgraded.

Authentication 119

Authentication VPN Software DDOS 119

Security Boulevard

MARCH 29, 2023

Edit: As of 3/24/2023, Microsoft has fixed the issue of refresh tokens remaining valid after a TAP has expired. TAP abuse helps us with that issue in two ways: We can add a temporary password to a victim user without invalidating their existing password, ensuring that the user won’t notice a password change.

VPN 65

VPN Authentication Passwords Social Engineering 65

Security Boulevard

MARCH 10, 2023

Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. This file was uploaded to VirusTotal on 2023-02-01 from Indonesia ( 5 ). Figure 2 - Content of the ISO image.

Government 122

Government Malware Encryption Passwords 122

SecureList

DECEMBER 12, 2023

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023). By November 2023, we have already found more than 3100 offers.

Data breaches 85

Data breaches Accountability Telecommunications Malware 85

Security Affairs

FEBRUARY 10, 2023

“Since October 2022 and continuing into January 2023, Proofpoint has observed a cluster of evolving financially motivated activity which we are referring to as “Screentime” The attack chain starts with an email containing a malicious attachment or URL and leads to malware that Proofpoint dubbed WasabiSeed and Screenshotter.”

Malware 84

Malware Phishing Spyware Cybercrime 84

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. The double supply chain compromise that led to malware being pushed out to some 3CX customers. Image: Mandiant.

Malware 278

Malware Software Technology Accountability 278