2014, Firmware, Internet and VPN - Cyber Security Informer

2014

Firmware

Internet

VPN

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

Internet

Internet Internet Backups Small Business

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. Up to now, a large number of VPN users have been attacked.”

VPN

VPN Government Advertising Firmware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords. Devices at risk. Mitigation. 34 or 9.0.0.10

Ransomware

Ransomware Firmware VPN Firewall

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them. There are no workarounds that address this vulnerability.”.

Small Business

Small Business Firmware Advertising VPN

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. This FTP server can be accessed with hardcoded credentials that are embedded in the firmware of the AP. ” reads the advisory. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 “Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!”

Antivirus

Antivirus Firmware Advertising VPN

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Rockwell has released firmware updates that address the vulnerability for the affected controllers. Below the recommendations published by Rockwell Automation to minimize the risk of exploitation of this vulnerability: Update to the latest available firmware revision that addresses the associated risk. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet. Nowadays, malware is an indispensable part of the internet (even if we do not like it).

IoT

IoT Cybersecurity Manufacturing Internet

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

“To update to the latest firmware, each user should select the “Check for Upgrade” option in the “Centrals” menu in the GUI. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. ” concludes the CISA advisory.

Backups

Backups Authentication Advertising Firmware

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . It’s used in different devices from different vendors, the affected devices sharing the firmware are: Netgear Stora. The company provides a firmware with a web interface that mainly uses PHP as a serverside language.

Firmware

Firmware IoT VPN Authentication

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

million unfilled cybersecurity positions globally by 2021 – up from 1 million in 2014. BlueRidge AI integrates the Internet of Things, machine learning and predictive analytics to enable manufacturers to transform their operations into globally competitive operations. According to Cybersecurity Ventures, there will be 3.5

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Reassessing cyberwarfare. Lessons learned in 2022

SecureList

DECEMBER 14, 2022

For instance, in late 2013 and January 2014, we observed higher-than-normal activity in Ukraine by the Turla APT group, as well as a spike in the number of BlackEnergy APT sightings. It directly affected satellite modems firmwares , but was still to be understood as of mid-March.

DDOS

DDOS Ransomware Government Energy and Utilities

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

The samples we analyzed mimicked various applications such as private messaging, VPN, and media services. Scanning the internet with available clues from our previous research, we are able to discover newly deployed hosts, in some cases even before they become active.

Malware

Malware Government Surveillance Spyware

MyBook Users Urged to Unplug Devices from Internet

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Webinars

Trending Sources

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Webinars

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

SonicWall warns users of “imminent ransomware campaign”

Interview With a Crypto Scam Investment Spammer

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Some Zyxel devices can be hacked via DNS requests

A mysterious code prevents QNAP NAS devices to be updated

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

CISA warns of critical flaws in Prima FlexAir access control system

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Reassessing cyberwarfare. Lessons learned in 2022

APT trends report Q3 2021

Stay Connected