Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 1 VPN ZLD V4.30

Firewall 98

Firewall VPN Firmware Authentication 98

The Hacker News

MARCH 31, 2022

Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An

Firewall 91

Firewall VPN Authentication 91

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions.

VPN 121

VPN Firewall Firmware Authentication 121

Security Affairs

DECEMBER 3, 2023

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall 113

Firewall Authentication VPN Cyber Attacks 113

Krebs on Security

FEBRUARY 26, 2020

Today, Zyxel acknowledged the same flaw is present in many of its firewall products. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. Patch 0 through ZLD V4.35

Firewall 262

Firewall Firmware VPN IoT 262

The Hacker News

JUNE 11, 2023

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.

Firewall 99

Firewall VPN Authentication 99

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall 114

Firewall Government VPN Authentication 114

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Follow me on Twitter: @securityaffairs and Facebook.

Firewall 127

Firewall VPN Authentication Cyber Attacks 127

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. This is reachable pre-authentication, on every SSL VPN appliance.

Firewall 94

Firewall VPN Authentication Media 94

Centraleyes

APRIL 18, 2024

Cisco has sounded the alarm on a widespread increase in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since March 18, 2024. The attacks appear to originate from TOR exit nodes and other anonymizing tunnels and proxies.

VPN 52

VPN Firewall Authentication Passwords 52

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 108

Firewall Firmware IoT Authentication 108

Adam Levin

MARCH 19, 2020

Here are five ways VPNs can keep remote employees secure. Better Network and Firewall Protection: By routing an employee’s internet traffic through your company network, you can provide the same firewalls and network-level protection that they’d have working at an office with robust cybersecurity defenses.

VPN 130

VPN Firewall Authentication Passwords 130

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 94

Firewall VPN Firmware Internet 94

Cisco Security

JULY 9, 2021

With Cisco Secure Firewall, organizations are able to build a scalable RAVPN architecture on OCI, providing employees secure remote access to their organization’s resources from any location or endpoint. Cisco Duo – Multi-factor authentication from Duo protects the network by using a second source of validation and authentication.

Firewall 102

Firewall Architecture DNS VPN 102

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN 134

VPN Government Firmware Authentication 134

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device. Patch 1 VPN ZLD V4.30 The vulnerability. USG FLEX ZLD V4.50

Firewall 87

Firewall Firmware VPN Authentication 87

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall 91

Firewall VPN Authentication Hacking 91

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 95

Firewall VPN Firmware Manufacturing 95

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN 129

VPN Firewall Advertising Internet 129

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 141

Firewall Ransomware Passwords VPN 141

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. ” concludes the post. Pierluigi Paganini.

VPN 101

VPN Firewall Authentication Internet 101

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. The post Cisco fixes 5 critical flaws that could allow router firewall takeover appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall 100

Firewall Small Business Wireless Authentication 100

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10.

Firewall 100

Firewall Authentication VPN Advertising 100

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication 56

Authentication Ransomware VPN Passwords 56

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall 86

Firewall VPN Passwords Internet 86

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 120

VPN Accountability Firewall Data breaches 120

Security Affairs

APRIL 26, 2019

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. However, the speed comes at the cost of encryption.

VPN 95

VPN Encryption Firewall Internet 95

The Last Watchdog

JUNE 22, 2022

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. However, VPN pipes have become less efficient with the rising use of personally-owed mobile devices increasing reliance on cloud-centric IT resources.

VPN 213

VPN Cloud Migration Firewall Encryption 213

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29.

Authentication 71

Authentication VPN Passwords Accountability 71

The Last Watchdog

MARCH 6, 2021

Set-up 2-factor authentication. Two-factor authentication or two-step verification involves adding a step to add an extra layer of protection to accounts. Many people use a virtual private network (VPN) to bypass geographic restrictions on streaming sites or other location-specific content. Set up firewalls.

VPN 214

VPN Firewall Antivirus Passwords 214

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 108

Firewall VPN Software Risk 108

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x Below the list of affected products shared by THN: NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ).

VPN 137

VPN Firewall Mobile Hacking 137

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, “Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions.” in its firewall devices.

Firmware 97

Firmware Firewall Authentication VPN 97

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 219

Risk VPN Internet Internet 219

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN 108

VPN Authentication Passwords Software 108

Security Affairs

SEPTEMBER 7, 2022

In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. CVE-2022-0910 : An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.

Firewall 95

Firewall Firmware Authentication VPN 95