2019, Information Security and VPN - Cyber Security Informer

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. SecurityAffairs – Pulse Secure VPN , hacking).

VPN

VPN InfoSec Advertising Cybersecurity

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. SecurityAffairs – CVE-2019-14899 , hacking). Pierluigi Paganini.

VPN

VPN Encryption Advertising Authentication

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN

VPN Advertising Accountability Healthcare

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN

VPN Advertising Healthcare Data breaches

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Government Authentication Cybersecurity

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN

VPN Firewall Advertising Media

Dragos Report: Analysis of ICS flaws disclosed in 2019

Security Affairs

FEBRUARY 20, 2020

More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities. According to a report published by Dragos, the experts analyzed 438 ICS vulnerabilities that were reported in 212 security advisories, 26% of advisories is related to zero-day flaws. Pierluigi Paganini.

Advertising

Advertising VPN Engineering Hacking

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security Affairs

SEPTEMBER 23, 2019

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. “There is an unquoted search path vulnerability in Forcepoint VPN Client for Windows versions lower than 6.6.1.” Pierluigi Paganini.

VPN

VPN Advertising Hacking Malware

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

.” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Triggering the directors of information security companies. ” Image: @nokae8.

Ransomware

Ransomware Cybercrime VPN Media

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Edward Snowden expressed concerns about the VPN service offered by ExpressVPN and has warned users to stop using it. If you're an ExpressVPN customer, you shouldn't be. Why Snowden is worried about ExpressVPN?

Surveillance

Surveillance VPN Hacking Cybersecurity

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

Experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. BadPackets reported that SeaChange had a Pulse Secure VPN server ( [link] ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020.

Software

Software Ransomware VPN Advertising

Elexon, a middleman in the UK power grid network hit by cyber-attack

Security Affairs

MAY 17, 2020

Experts from security firm Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, if confirmed threat actors could have exploited it to access the internal network. NSA also warned of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws.

Cyber Attacks

Cyber Attacks VPN Advertising Cyber threats

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

“Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. This advisory also includes other frequently exploited vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike.

Hacking

Hacking VPN Advertising Financial Services

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

SEPTEMBER 2, 2022

The UNC2165 group has been active since at least 2019, it was mainly observed using the FAKEUPDATES infection chain (aka UNC1543 ) to access the victims’ networks. According to eSentire, the crooks gained access to the workforce management corporation’s IT network using stolen Virtual Private Network (VPN) credentials.

Hacking

Hacking VPN Ransomware Authentication

US, UK, and Australian agencies warn of top routinely exploited issues

Security Affairs

JULY 28, 2021

The cybersecurity agencies warn of attacks aimed at exploiting flaws in VPN appliances, network equipment and enterprise cloud applications from multiple vendors, including Atlassian, Citrix. “Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. ” reads the joint report.

VPN

VPN Cybersecurity Hacking Technology

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. CVE-2019-19781 enabled the actors to execute directory traversal attacks.[ CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government

Government VPN Firmware Energy and Utilities

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

Attackers also use to exploit the Kentico Content Management System (CVE-2019-10068) and used SQLmap to bypass Web Application Firewalls. . The threat actors also heavily leverage VPNs services such as Private Internet Access, Atlas VPN, TiKNet VPN, VPN Master Lite, and CyberGhost.

VPN

VPN Cybercrime Passwords Firewall

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Enforce MFA on all VPN connections [ D3-MFA ]. Chinese hackers employed open-source tools for reconnaissance and vulnerability scanning, according to the government experts, they have utilized open-source router specific software frameworks, RouterSploit and RouterScan [ T1595.002 ], to identify vulnerable devices to target.

Telecommunications

Telecommunications Authentication Passwords Accountability

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware

Firmware VPN Accountability Advertising

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

.” The company did not disclose details of the attack, at the time the experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. and Elexon electrical middleman. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware VPN Banking Data breaches

WildPressure APT expands operations targeting the macOS platform

Security Affairs

JULY 7, 2021

WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Further investigation led to the discovery of other samples of the same malware that infected systems back in May, 2019.

Malware

Malware VPN Architecture Hacking

Security Affairs - Untitled Article

Security Affairs

JULY 22, 2019

The vulnerability, tracked as CVE-2019-1579, affects the GlobalProtect portal and GlobalProtect Gateway interface products. GlobalProtect products allow organizations to set up a virtual private network (VPN) access, they also implement other security and management features. Earlier versions are impacted.

VPN

VPN Advertising Authentication Information Security

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 16, 2022

The new vulnerabilities added to the catalog include one SonicWall SonicOS issue, tracked as CVE-2020-5135 , and 14 Microsoft Windows flaws addressed between 2016 and 2019. The CVE-2020-5135 is a stack-based buffer overflow that affects the SonicWall Network Security Appliance (NSA).

VPN

VPN Network Security Hacking Cybersecurity

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing

Phishing Accountability Advertising DNS

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server. 166 and then browsed pages on a SharePoint site and downloaded a file (Data from Information Repositories: SharePoint [ T1213.002 ]).

VPN

VPN Malware Cyber threats Accountability

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The malware has been active at least since August 2019, over the months the NetWalker ransomware was made available through a ransomware-as-a-service (RaaS) model attracting criminal affiliates. “Since 2019, NetWalker ransomware has reached a vast number of different targets, mostly based in western European countries and the US.

Ransomware

Ransomware VPN Cybercrime Advertising

Fileless SockDetour backdoor targets U.S.-based defense contractors

Security Affairs

FEBRUARY 26, 2022

According to the experts, the SockDetour backdoor has been in the wild since at least July 2019. According to Microsoft DEV-0322 is an APT group based in China, which employed commercial VPN solutions and compromised consumer routers in their attacker infrastructure. based defense contractors. ” concludes the report.

Backups

Backups VPN Healthcare Malware

Hackers patch Citrix servers to deploy their own backdoor

Security Affairs

JANUARY 19, 2020

Security experts are monitoring a spike in the number of attacks against Citrix servers after that researchers announced the availability online of proof-of-concept exploits for the CVE-2019-19781 flaw in Citrix NetScaler ADC and Citrix NetScaler Gateway servers. vpns/portal/scripts/newbm.pl ” concludes FireEye.”NOTROBIN

Malware

Malware Advertising VPN Internet

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.” “The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker to execute arbitrary commands.”

Firewall

Firewall VPN Passwords Internet

China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day

Security Affairs

JUNE 4, 2021

The vendor also released a tool that can scan Pulse Secure VPN servers for signs of compromise for CVE-2021-22893 or other previous vulnerabilities. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In reads the report published by FireEye.

VPN

VPN Government Hacking Authentication

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Disable hyperlinks in received emails.

Passwords

Passwords Government Firmware Accountability

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

According to Cyberintelligence firm Bad Packets , hackers allegedly exploited the CVE-2019-19781 vulnerability in the Citrix Netscaler ADC VPN gateway exposed by Indiabulls. The CVE-2019-19781 vulnerability affects Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

Hacking

Hacking Ransomware Banking Mobile

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

NOVEMBER 26, 2021

Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT

IoT Wireless DDOS VPN

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

Continued use of this firmware or end-of-life devices is an active security risk,” states the alert. 34 or 9.0.0.10 immediately Reset passwords Enable MFA.

Firmware

Firmware Ransomware Passwords Mobile

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

Bleeping computer also added that CrowdStrike confirmed that several three actors, including HelloKitty ransomware operators, are attempting to exploit a flaw tracked as CVE-2019-7481. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Firmware Mobile InfoSec

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs

MAY 8, 2020

As a result, all RUB members, for example, have no access to the Outlook mail program and the VPN tunnel, which is necessary to access folders from the home office. e-mail, VPN tunnel, “Serviceportal”). ^sk Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Cyber Attacks

Cyber Attacks VPN Advertising Hacking

Security Affairs newsletter Round 235

Security Affairs

OCTOBER 13, 2019

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities. MS October 2019 Patch Tuesday updates address 59 flaws. Users reported problems with patches for CVE-2019-1367 IE zero-day. Multiple APT groups are exploiting VPN vulnerabilities, NSA warns. SAP October 2019 Security Patch Day fixes 2 critical flaws.

VPN

VPN Spyware Data breaches Advertising

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Webinars

Trending Sources

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Webinars

APT hacked a US municipal government via an unpatched Fortinet VPN

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Dragos Report: Analysis of ICS flaws disclosed in 2019

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

The ‘Groove’ Ransomware Gang Was a Hoax

Why Edward Snowden is urging users to stop using ExpressVPN?

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Elexon, a middleman in the UK power grid network hit by cyber-attack

CISA published 2021 Top 15 most exploited software vulnerabilities

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

US, UK, and Australian agencies warn of top routinely exploited issues

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

China-linked threat actors have breached telcos and network service providers

Hackers target zero-day flaws in enterprise Draytek network devices

SeaChange video delivery provider discloses REVIL ransomware attack

WildPressure APT expands operations targeting the macOS platform

Security Affairs - Untitled Article

CISA adds 15 new flaws to the Known Exploited Vulnerabilities Catalog

The Russian Government blocked ProtonMail and ProtonVPN

Russia-linked APT28 has been scanning vulnerable email servers in the last year

CISA says federal agency compromised by malicious cyber actor

NetWalker ransomware operators have made $25 million since March 2020

Fileless SockDetour backdoor targets U.S.-based defense contractors

Hackers patch Citrix servers to deploy their own backdoor

Sophos fixed a critical vulnerability in Cyberoam firewalls

China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

HelloKitty ransomware gang targets vulnerable SonicWall devices

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs newsletter Round 235

Stay Connected