Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. The Cring ransomware appeared in the threat landscape in January, it was first reported by Amigo_A and the CSIRT team of Swisscom. SecurityAffairs – hacking, Fortinet VPN).

VPN 90

VPN Ransomware Antivirus Firmware 90

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware 129

Ransomware VPN Authentication Hacking 129

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 264

Ransomware Cybercrime VPN Healthcare 264

Security Affairs

JUNE 15, 2020

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS.

VPN 94

VPN Ransomware Advertising Encryption 94

Bleeping Computer

SEPTEMBER 8, 2023

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [.]

VPN 128

VPN Ransomware 128

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware 103

Ransomware Backups VPN Authentication 103

The Hacker News

JULY 15, 2021

Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x x firmware.

VPN 102

VPN Ransomware Firmware Mobile 102

The Hacker News

JANUARY 18, 2022

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation.

VPN 112

VPN Cybercrime Ransomware 112

Threatpost

JUNE 9, 2021

Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating.

VPN 128

VPN Passwords Accountability Ransomware 128

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. ” Image: Sophos.

Ransomware 360

Ransomware Social Engineering Cybercrime Scams 360

Malwarebytes

SEPTEMBER 9, 2021

A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The vulnerable SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP requests.

VPN 108

VPN Passwords Ransomware Internet 108

Security Boulevard

JANUARY 12, 2024

The post Ivanti VPN Zero-Day Combo Chained ‘by China’ appeared first on Security Boulevard. Under active exploitation since last year—but still no patch available.

VPN 83

VPN Data privacy Security Awareness Risk 83

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 130

VPN Passwords Banking Advertising 130

CyberSecurity Insiders

JANUARY 5, 2023

A Canadian college and a global investment firm’s computer network were compromised with ransomware after hackers broke into the virtual private network of Fortinet devices. eSentire TRU named the newly found ransomware as Kalaja-Tomorr or Kalajatomorr that emerged in March 2022 and is targeting only English-speaking companies.

VPN 52

VPN Ransomware Antivirus Firewall 52

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. ” reads a post published by Cisco PSIRT.

Authentication 104

Authentication Ransomware VPN Hacking 104

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN 119

VPN Government Firmware Authentication 119

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware 80

Ransomware Backups VPN Authentication 80

Bleeping Computer

MAY 7, 2023

A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities." [.]

Antivirus 125

Antivirus Ransomware Encryption VPN 125

Heimadal Security

APRIL 8, 2021

Cybercriminals are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a brand new type of ransomware, tracked as Cring ransomware to companies in the industrial sector. The post Unpatched Fortinet VPN Devices Are Attacked by New Cring Ransomware appeared first on Heimdal Security Blog.

VPN 70

VPN Ransomware Telecommunications Cybersecurity 70

Krebs on Security

NOVEMBER 2, 2021

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. Some security experts said the post of the Fortinet VPN usernames and passwords was aimed at drawing new affiliates to Groove. ” reads the Oct.

Ransomware 264

Ransomware Cybercrime VPN Media 264

Security Affairs

NOVEMBER 8, 2023

Five Canadian hospitals were victims of a ransomware attack, threat actors claim to have stolen data from them and leaked them. Five Canadian hospitals revealed they were victims of ransomware attacks after threat actors leaked alleged stolen data. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 106

Ransomware Healthcare VPN Insurance 106

Graham Cluley

MAY 17, 2024

Nissan North America has revealed that extortionists who demanded a ransom after breaking into its external VPN and disrupted systems last year also stole the social security numbers of over 53,000 staff. Read more in my article on the Hot for Security blog.

VPN 104

VPN Ransomware Data breaches Malware 104

eSecurity Planet

JANUARY 11, 2024

These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics. How does remote encryption work?

Ransomware 120

Ransomware Encryption IoT VPN 120

Bleeping Computer

APRIL 7, 2021

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [.].

VPN 140

VPN Ransomware Encryption 140

CyberSecurity Insiders

FEBRUARY 16, 2021

2021 Research Highlights Growing Security Vulnerabilities Around Targeted Social Engineering, Ransomware and Malware Attacks. To download the full study, see the Zscaler 2021 VPN Risk Report. For the last three decades, VPNs have been deployed to provide remote users with access to resources on corporate networks. Zscaler, Inc.

VPN 125

VPN Risk Digital transformation Social Engineering 125

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN 110

VPN Cybercrime Advertising Accountability 110

Malwarebytes

AUGUST 28, 2023

The Cisco Product Security Incident Response Team (PSIRT) has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication (MFA). The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for MFA.

Ransomware 86

Ransomware VPN Passwords Backups 86

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue. in attacks in the wild. This week the U.S.

Ransomware 123

Ransomware VPN Education Hacking 123

The Hacker News

JUNE 7, 2021

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed.

VPN 105

VPN Passwords Accountability Ransomware 105

Heimadal Security

SEPTEMBER 9, 2021

The threat actor says that the exploited Fortinet vulnerability has been patched but, many VPN credentials remain valid. This could be considered a serious incident as the leaked VPN credentials could allow malicious actors to access a network and perform data exfiltration, install malware, and launch ransomware attacks.

VPN 86

VPN Passwords Ransomware Malware 86

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

Security Affairs

AUGUST 10, 2022

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. yanluowang ransomware has posted #Cisco to its leaksite.

Ransomware 122

Ransomware Hacking VPN Phishing 122

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. ” continues the EUROPOL. Europol said.

VPN 77

VPN Cybercrime Ransomware Advertising 77

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. The Rhysida ransomware operators plan to sell the stolen data to a single buyer.

Ransomware 112

Ransomware Hacking Engineering Manufacturing 112

Javvad Malik

NOVEMBER 1, 2021

Drop them into a large enterprise that’s been crippled by ransomware, and they’ll get it up and running in an hour using some open source software, a few lines of code and one Raspberry Pi. I heard you should use a VPN when online, can you recommend one?”. “I I heard you should use a VPN when online, can you recommend one?”. “Ha!

VPN 133

VPN Wireless Marketing Accountability 133

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Hacking 115

Hacking Ransomware Manufacturing Healthcare 115

Security Affairs

JANUARY 24, 2024

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. The company said that the ransomware attack took place on Friday night and impacted only one data center in Sweden. The company later confirmed the news of an Akira ransomware attack.

Ransomware 100

Ransomware VPN Government Retail 100