Firmware, Malware and VPN - Cyber Security Informer

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. The RAT is used as second-stage malware, the experts pointed out that it doesn’t exploit a new vulnerability. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware

Malware Firmware VPN Backups

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. Cisco has addressed the flaw with the release of firmware version 1.0.01.02

VPN

VPN Small Business Wireless Firmware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

Researchers show techniques for malware persistence on F5 and Citrix load balancers

CSO Magazine

NOVEMBER 9, 2022

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks.

Firmware

Firmware Malware VPN

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. Up to now, a large number of VPN users have been attacked.” are vulnerable.

VPN

VPN Government Advertising Firmware

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. “Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

Firewall

Firewall Firmware VPN DDOS

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

But last week, Barracuda took the highly unusual step of offering to replace compromised ESGs , evidently in response to malware that altered the systems in such a fundamental way that they could no longer be secured remotely with software updates. “They sold so many VPNs through the pandemic and this is the hangover,” Gray said.

Risk

Risk VPN Internet Internet

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall

Firewall Firmware VPN IoT

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. ” reads the advisory published by Zyxel.

Firmware

Firmware Firewall Authentication VPN

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Versions 9.x 20240107.1.xml

Firewall

Firewall Firmware IoT Authentication

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

This week’s vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication

Authentication Malware VPN Mobile

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” ” QNAP NAS devices continue to be under attack, earlier March, researchers at 360Netlab warned of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices.

Ransomware

Ransomware Cryptocurrency Malware Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

Microsoft Patch Tuesday takes center stage in this week’s vulnerability news, with a notable SharePoint Server vulnerability that’s been seen alongside Qakbot malware. This one has been active in the wild; SecureList found it to be in use with Qakbot and other strains of malware.

VPN

VPN Firmware Malware Software

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Keep Calm and Check Your Public Wi-Fi Connection

Approachable Cyber Threats

JANUARY 17, 2023

A publicly available network may not always have the latest firmware, patch updates on its hardware, or have proper encryption enabled; therefore, if you connect to the network you may be exposing yourself to potential risks. Most likely, it is free and faster than using the data from our phone plan. What are the potential risks?”

Encryption

Encryption Internet Internet VPN

New DNS Spoofing Threat Puts Millions of Devices at Risk

eSecurity Planet

MAY 3, 2022

The goal is to redirect the victims to rogue servers owned by the hackers to steal credentials or install malware. According to the researchers, the affected devices are “well-known IoT devices running the latest firmware.” Admins need to apply the latest updates to all vendors and watch for the next firmware releases.

DNS

DNS Risk Firmware IoT

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Install and regularly update antivirus and anti-malware software on all hosts.

Ransomware

Ransomware Antivirus Passwords Malware

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. While OS updates are now commonly practiced, router firmware updates remain an overlooked aspect. Opt for strong, hard-to-crack passwords.

Firmware

Firmware IoT Accountability Passwords

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1 CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

Lapsus$: The New Name in Ransomware Gangs

Security Boulevard

MARCH 15, 2022

The ransomware group specified that “they are not looking for data” but rather to buy remote VPN access to the corporate network. Attackers can use the compromised code signing certificates to sign malware, so it will appear to be legitimate and trustworthy and escape security solutions to be loaded and executed.

Ransomware

Ransomware Telecommunications Firmware Media

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

They then authenticated to the victim’s VPN to initiate a remote desktop protocol (RDP) connection to the domain controllers. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner. When possible, implement multi-factor authentication on all VPN connections.

VPN

VPN Accountability Authentication Passwords

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Malware detection has long been a game of signature detection. With ML and artificial intelligence (AI) using thousands of strains to train algorithms, one would surmise that the ability to detect malware is only improving. Hackers are using the same ML and AI technology to avoid using recognized malware. Current Target: VBOS.

Software

Software Firmware DNS VPN

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Install updates/patch operating systems, software, and firmware as soon as they are released. • Install and regularly update anti-virus and anti-malware software on all hosts.

Ransomware

Ransomware Encryption Passwords Malware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware DDOS Passwords Backups

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4% Every week the best security articles from Security Affairs free for you in your email box.

Cyber Attacks

Cyber Attacks Firmware Malware VPN

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking

Hacking Firmware Internet Internet

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. “Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0

Antivirus

Antivirus Firmware Advertising VPN

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

. “An open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.” This malicious website could potentially run or download arbitrary malware on the user’s machine.

Firmware

Firmware Social Engineering Advertising Malware

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use up-to-date anti-virus and anti-malware software on all hosts.

Education

Education Ransomware Phishing Passwords

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

This reveals a likely blind spot for defenders and endpoint vendors: in a number of cases, perhaps even the majority, attackers have no need for 0-days and malware deployment to gain access to the information they need. One of the major cyber-incidents of 2022 took place early this year: the Okta hack.

Firmware

Firmware Surveillance Mobile Telecommunications

OpenSSH trojan campaign targets Linux systems and IoT devices

Malwarebytes

JUNE 26, 2023

Microsoft claims to have traced this particular campaign to a member of a hacking forum who offers several tools for sale in what may be a dedicated malware as a service operation. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT

IoT Adware Firmware DDOS

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

To help avoid these online risks, it is highly recommended to use a Virtual Private Network (VPN). VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. A VPN provides a secure internet connection, ensuring your browsing data is encrypted for maximum privacy and security.

IoT

IoT Spyware VPN Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Install and regularly update anti-virus and anti-malware software on all hosts. Consider installing and using a VPN. hard drive, storage device, the cloud). Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware. “Consider salaries in Russia,” Quotpw said.

Scams

Scams DDOS Cryptocurrency Accountability

The State of Endpoint Security Management in 2022: It’s Worse Than You Suspect

CyberSecurity Insiders

NOVEMBER 1, 2022

Back then, endpoint security focused on computers, which meant the installation of antivirus, malware protection, firewall, and (sometimes) VPN in every computer. They are designed to detect and block file-based malware attacks, examine network activities for malicious operations, and facilitate incident investigation and remediation.

IoT

IoT Antivirus Threat Detection Cyber threats

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Rise in malware. As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Manufacturing Passwords Internet

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Trending Sources

Expert found a secret backdoor in Zyxel firewall and VPN

Webinars

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Cisco fixes critical remote code execution issues in SMB VPN routers

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Researchers show techniques for malware persistence on F5 and Citrix load balancers

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Zyxel published guidance for protecting devices from ongoing attacks

Widespread exploitation by botnet operators of Zyxel firewall flaw

CISA Order Highlights Persistent Risk at Network Edge

Zyxel 0day Affects its Firewall Products, Too

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Multiple DDoS botnets were observed targeting Zyxel devices

VulnRecap 1/16/24 – Major Firewall Issues Persist

HelloKitty ransomware gang targets vulnerable SonicWall devices

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

AgeLocker ransomware operation targets QNAP NAS devices

A new Zerobot variant spreads by exploiting Apache flaws

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

Daixin Team targets health organizations with ransomware, US agencies warn

Keep Calm and Check Your Public Wi-Fi Connection

New DNS Spoofing Threat Puts Millions of Devices at Risk

BlackCat Ransomware gang breached over 60 orgs worldwide

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Lapsus$: The New Name in Ransomware Gangs

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

The Biggest Lessons about Vulnerabilities at RSAC 2021

FBI published a flash alert on Mamba Ransomware attacks

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs newsletter Round 309

A critical flaw in industrial automation systems opens to remote hack

A mysterious code prevents QNAP NAS devices to be updated

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

FBI warns of increase in PYSA ransomware attacks targeting education

Advanced threat predictions for 2023

OpenSSH trojan campaign targets Linux systems and IoT devices

Spyware in the IoT – the Biggest Privacy Threat This Year

FBI warns of ransomware attacks targeting the food and agriculture sector

Interview With a Crypto Scam Investment Spammer

The State of Endpoint Security Management in 2022: It’s Worse Than You Suspect

FBI warns of ransomware threat to food and agriculture

Stay Connected