2015, Firewall and Passwords - Cyber Security Informer

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall

Firewall Passwords Accountability Advertising

Attack against Florida Water Treatment Facility

Schneier on Security

FEBRUARY 12, 2021

Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing

Manufacturing Firewall Media Passwords

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

Imperva data Breach: WAF customers’ data exposed

Security Affairs

AUGUST 27, 2019

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product. Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Data breaches

Data breaches Firewall Passwords Advertising

Threat actors target WordPress sites using vulnerable File Manager install

Security Affairs

SEPTEMBER 11, 2020

The security firm confirmed the ongoing attack, its Web Application Firewall blocked over 450,000 exploit attempts during the last several days. The Wordfence firewall has blocked over 450,000 exploit attempts targeting this vulnerability over the past several days. This threat actor is using a consistent password across infections.

Firewall

Firewall Passwords Advertising Hacking

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests. the extension matches the file header).

Malware

Malware Passwords Advertising Antivirus

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Despite billions of dollars spent on the latest, greatest antivirus suites, firewalls and intrusion detection systems, enterprises continue to suffer breaches that can be traced back to the actions of a single, unsuspecting employee. Promising metrics Since its launch in March 2015, Lucy has grown to 23 employees, with zero outside funding.

Social Engineering

Social Engineering Engineering Phishing Banking

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

I strongly advise you, firstly, to log on to all servers running HP Device Manager and set a strong password for the "dm_postgres" user of the "hpdmdb" Postgres database on TCP port 40006 1/4 — Nicky Bloor (@nickstadb) September 29, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Accountability InfoSec Passwords

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Require strong and complex passwords for all accounts that can be logged into via RDP. Use an additional layer of authentication ( MFA/2FA ).

Passwords

Passwords Internet Internet Advertising

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

The report also analyzed a PowerShell shell script that is part of the KeeThief open-source project, which allows the adversary to access encrypted password credentials stored by the Microsoft “KeePass” password management software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Passwords Advertising Hacking

Imperva explains how hackers stole AWS API Key and accessed to customer data

Security Affairs

OCTOBER 14, 2019

Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Firewall

Firewall Passwords Accountability Data breaches

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The Lokibot malware has been active since 2015, it is an infostealer that was involved in many malspam campaigns aimed at harvest credentials from web browsers, email clients, admin tools and that was also used to target cryptocoin-wallet owners. If these services are required, use strong passwords or Active Directory authentication.

Malware

Malware Passwords Advertising Antivirus

Convert Plus WordPress plugin flaw allows hackers to create Admin accounts

Security Affairs

MAY 30, 2019

” The hack allows to create a new admin account with a randomized password, but it is not a problem because the attacker can use a classic password reset procedure to change the password too. Firewall rule released for Premium users. June 27 – Planned date for firewall rule’s release to Free users.

Accountability

Accountability Firewall Passwords Advertising

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

Change the default username and passwords for all network devices, especially IoT devices. If the device’s default username or password cannot be changed, ensure the device(s) providing Internet access to that device has a strong password and a second layer of security, such as multi-factor authentication or end-to-end encryption.

DDOS

DDOS IoT Internet Internet

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Set up a Web Application Firewall to block suspicious and malicious requests from reaching the website. Require strong administrative passwords(use a password manager for best results) and enable two-factor authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

eCommerce

eCommerce Malware Encryption Advertising

Don’t Panic: Website Defacements from 2015

SiteLock

AUGUST 27, 2021

If you take basic security measures like a web application firewall and malware scanner, defacements can be avoided. Beyond backups, there are other common web maintenance tasks: performing updates to WordPress and other software, keeping good unique passwords, and making sure your computer’s own security is up to date.

Backups

Backups Firewall Hacking Malware

API Security and Hackers: What?s the Need?

Security Affairs

MAY 30, 2020

To increase the complexity of hacking your device, always get to know who is calling your APIs, by using a simple access authentication (user/password) or an API key (asymmetric key). OAuth is a magical mechanism which prevents you from having to remember 10,000 passwords. API Firewalling. Don’t communicate with strangers.

Authentication

Authentication Firewall Encryption Passwords

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

Also, there is no firewall by default.” ” Experts also reported the use of predefined passwords for admin accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. log escape sequence injection xmppCnrSender.py Furthermore, some daemons are running as root and are reachable from the WAN.

Accountability

Accountability Advertising Software Authentication

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Experts also recommend to access admin endpoints only through firewall or VPN gateway. ” concludes the experts. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Advertising Firewall

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Additionally, no firewall rules, port forwarding rules, or DDNS setup are required on the router, which makes this option convenient also for non-tech-savvy users.” The “P2P Cloud” feature bypasses firewalls and effectively allows remote connections into private networks. ” reads the report published by SEC Consult. !

Surveillance

Surveillance Hacking Firmware Manufacturing

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Below some mitigations recommended by the Microsoft Defender Advanced Threat Protection (ATP) Research Team to reduce risk from threats that exploit gateways and VPN vulnerabilities: Apply all available security updates for VPN and firewall configurations. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Ares bot also scans for both other Android systems running Telnet services and attempt to crack passwords protecting them. Companies are advised to implement firewalls or other security solutions, or segment local networks, so any infected device doesn’t have access to critical systems. ” continues the analysis.

IoT

IoT Passwords Malware Advertising

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

Exposed data include hashtype , leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak (i.e. The firewall was temporarily disabled for roughly 10 minutes during the migration, which allowed the search engine to index the database. Adobe, Last. Pierluigi Paganini.

Data breaches

Data breaches DNS Advertising Firewall

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The devices continue to leak the information even when their firewall is turned on. The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Wireless DNS Advertising

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

It is essential to install firewall and antivirus software on your routers and keep them up-to-date. Use Strong Passwords. Most people are comfortable with the default password of their internet connecting device and assume it to be secure. It is recommended to keep changing your device password every now and then.

Hacking

Hacking VPN Internet Internet

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Security Affairs

JANUARY 16, 2020

. “ we found that the InfiniteWP Client and WP Time Capsule plugins also contain logical issues in the code that allows you to login into an administrator account without a password.” The plugins are affected by logical issues that could allow attackers to log in as administrators without providing any password.

Passwords

Passwords Advertising Authentication Backups

Malware campaign uses multiple propagation methods, including EternalBlue

Security Affairs

APRIL 12, 2019

. “Instead of directly sending itself into all the systems connected, the remote command changes the firewall and port forwarding settings of the infected machines, setting up a scheduled task to download and execute an updated copy of the malware.” ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Malware

Malware Cryptocurrency Passwords Advertising

ZoneAlarm forum site hack exposed data of thousands of users

Security Affairs

NOVEMBER 11, 2019

The ZoneAlarm suite includes antivirus software and firewall solutions to and users and small organizations, it has nearly 100 million downloads. The company sent a data breach notification mail to forum users urging them to change their forum account passwords. You will be requested to reset your password once joining the forum.”

Hacking

Hacking Data breaches Passwords Advertising

DHS and FBI published a joint alert on SamSam Ransomware

Security Affairs

DECEMBER 6, 2018

In August, Sophos security firm published a report the SamSam ransomware , its experts tracked Bitcoin addresses managed by the crime gang and discovered that crooks had extorted nearly $6 million from the victims since December 2015 when it appeared in the threat landscape. Million since late 2015. Other regions known to have.

Ransomware

Ransomware Advertising Authentication Passwords

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Next-generation firewalls (NGFW).

Backups

Backups Ransomware Firewall Malware

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Use a firewall. Change the default password. Most printers have default administrator usernames and passwords. Change it to a strong, unique password in the utility settings of your printer and make sure print functions require log on credentials. Update your printer firmware to the latest version. Pierluigi Paganini.

Hacking

Hacking IoT Firmware Internet

Did you win at online casinos? Watch out, your data might have had exposed online

Security Affairs

JANUARY 22, 2019

According to ZDNet, that first reported the news, data was stored in an ElasticSearch server exposed online without a password. Unclear if the customer took it down or if OVH firewalled it off for them,” Paine told ZDNet. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Source ZDNet.

Data breaches

Data breaches Advertising Firewall Scams

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. Researchers recommend properly configuring the firewall to protect the devices exposed online, enable automatic updates, and monitor network traffic. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs

MAY 11, 2020

To maximize your network security, always protect your router with a unique password and use an encrypted network. The firewall should also be enabled on all devices in the loop. The employees must use either face recognition or fingerprint recognition, along with their passwords, to get access to their accounts.

Encryption

Encryption Data breaches Advertising Risk

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

“A DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall,” reads the advisory published by the experts. Pierluigi Paganini. SecurityAffairs – Zyxel, hacking).

DNS

DNS Hacking Firmware Wireless

A new variant of HawkEye stealer emerges in the threat landscape

Security Affairs

APRIL 17, 2019

The malware attempts to gather as much possible information from infected systems, including machine name, username, privileges, country, IP, MAC address, BIOS, operating system, hardware data, installed browsers, antivirus, and firewalls. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Antivirus

Antivirus Malware Advertising Passwords

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

Security Affairs

MARCH 29, 2019

Version 1 has no auth, version 2 requires the admin password.” While TDDP listens on all interfaces, the default firewall implemented in the routers prevents network access. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” wrote Garrett on Twitter. Pierluigi Paganini.

Firmware

Firmware Advertising Firewall Authentication

DanaBot banking Trojan evolves and now targets European countries

Security Affairs

SEPTEMBER 22, 2018

Stealer plug-in – harvests passwords from a wide variety of applications (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. TOR plug-in – installs a TOR proxy and enables access to .onion onion web sites. Pierluigi Paganini.

Banking

Banking Advertising Architecture Firewall

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

Exposed data include hashtype , leak year, password (hashed, encrypted or plaintext, depending on the leak), email, email domain, and source of the leak (i.e. The firewall was temporarily disabled for roughly 10 minutes during the migration, which allowed the search engine to index the database. Adobe, Last. Pierluigi Paganini.

Data breaches

Data breaches DNS Advertising Firewall

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

Security Affairs

FEBRUARY 3, 2020

“ Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in p roduct documentation and compiled lists available on the Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

DDOS

DDOS Hacking Internet Internet

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

. “By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.”

VPN

VPN Malware Cyber threats Accountability

The strengths and weaknesses of different VPN protocols

Security Affairs

APRIL 26, 2019

In essence, that means it only needs a username, password, and server address to create a connection. Does not support Perfect Forward Secrecy One of the least secure protocols Firewalls can block PPTP. Firewalls can easily block it because it only communicates over UDP. Slower than OpenVPN due to double encapsulation.

VPN

VPN Encryption Firewall Internet

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Security Affairs

SEPTEMBER 11, 2018

Former NSA white hat hacker Patrick Wardle reported last week that Trend Micro apps were also collecting users’ personal data including their browsing history and then uploaded that data in a password-protected archive to a server. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” wrote Wardle.

Adware

Adware Data collection Advertising Antivirus

Hackers exploit SQL injection zero-day issue in Sophos firewall

Attack against Florida Water Treatment Facility

Trending Sources

Sophos fixed a critical vulnerability in Cyberoam firewalls

Imperva data Breach: WAF customers’ data exposed

Threat actors target WordPress sites using vulnerable File Manager install

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

HP Device Manager flaws expose Windows systems to hack

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

US CISA report shares details on web shells used by Iranian hackers

Imperva explains how hackers stole AWS API Key and accessed to customer data

CISA’s advisory warns of notable increase in LokiBot malware

Convert Plus WordPress plugin flaw allows hackers to create Admin accounts

Massive increase in XorDDoS Linux malware in last six months

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Visa warns of new sophisticated credit card skimmer dubbed Baka

Don’t Panic: Website Defacements from 2015

API Security and Hackers: What?s the Need?

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Dozens of Linksys router models leak data useful for hackers

5 Ways to Protect Yourself from IP Address Hacking

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Malware campaign uses multiple propagation methods, including EternalBlue

ZoneAlarm forum site hack exposed data of thousands of users

DHS and FBI published a joint alert on SamSam Ransomware

What is a Cyberattack? Types and Defenses

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Did you win at online casinos? Watch out, your data might have had exposed online

EnemyBot malware adds new exploits to target CMS servers and Android devices

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Some Zyxel devices can be hacked via DNS requests

A new variant of HawkEye stealer emerges in the threat landscape

Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers

DanaBot banking Trojan evolves and now targets European countries

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Attackers are hacking NSC Linear eMerge E3 building access systems to launch DDoS attacks

CISA says federal agency compromised by malicious cyber actor

The strengths and weaknesses of different VPN protocols

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Stay Connected