2020, Accountability, Information Security and VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. 2020 AP controllers NXC2500 V6.10

Firewall

Firewall VPN Firmware Passwords

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability

Accountability Malware Data breaches Passwords

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Phishing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. Microsoft Corp.

Malware

Malware Software Technology Accountability

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

A series of messages published on Barnes & Noble’s Nook social media accounts state that it had suffered a system failure and is working to restore operations by restoring their server backups. 1/2 — NOOK (@nookBN) October 14, 2020. (2/2) — NOOK (@nookBN) October 14, 2020. Thank you for your patience.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71. “Account accesses for antivirus programs garner the second-highest prices: around $21.67. ” reads the report published by the experts.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. If you have not updated the firmware yet, disable remote access (admin) and SSL VPN. ” reads the report published by Qihoo 360.

Firmware

Firmware VPN Accountability Advertising

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords

Passwords Government Firmware Accountability

US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws

Security Affairs

NOVEMBER 18, 2021

In March 2021, Iran-linked APT groups leveraged Fortinet FortiOS vulnerabilities such as CVE-2018-13379 , CVE-2019-5591 , and CVE-2020-12812 to gain access to target networks. In May 2021, the Iran-linked threat actors breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

Healthcare

Healthcare Government VPN Accountability

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Security Affairs

APRIL 28, 2020

Timetv.live is the latest Azeri news site targeted by Denial of Service (DDoS) attacks launched by Sandman threat actor, the attack took place on March 21, 2020. After reviewing the attack logs of the Denial of Service, Qurium could quickly determine that the attacker was using Fineproxy VPN service to build a botnet to flood the website.

DDOS

DDOS Media VPN Advertising

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement.

Ransomware

Ransomware Manufacturing Healthcare Education

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

Ragnar Locker ransomware gang initially published the archive on the popular MEGA storage service, but the platform closed their account and blocked access to the archives shared by the group. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware Passwords VPN Authentication

The Top Five Habits of Cyber-Aware Employees

CyberSecurity Insiders

JULY 21, 2021

This means companies have to be proactive and instill the right habits, which often means resisting the bad habits that lead to millions of successful cyberattacks every year – from the use of generic and easy-to-crack account credentials to the willingness to click on suspicious links and attachments in emails from untrusted sources.

Social Engineering

Social Engineering Password Management Passwords Phishing

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs

SEPTEMBER 7, 2020

The attack took place over the weekend, the closure of the BancoEstado breaches was announced by the bank through its Twitter account. Información de Prensa pic.twitter.com/gupHjabSgX — BancoEstado (@BancoEstado) September 6, 2020. The bank launched an investigation into the incident and reported it to Chilean police.

Banking

Banking Ransomware Advertising VPN

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

3 (@pancak3lullz) October 15, 2020. KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. #KPOT source code up for sale! pic.twitter.com/fJ3BwlaHsR — ??????3

Ransomware

Ransomware Malware Advertising Cybercrime

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The attackers connects to a dedicated commercially-shared VPN server using OpenVPN and then uses compromised email credentials to send out credential spam via a commercial email service provider. It is unclear why APT28 is using compromised email accounts of (mostly) defense companies in the Middle East.

Phishing

Phishing Accountability Advertising DNS

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529 , in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Sometimes employees connect to IBM Maximo directly over the Internet with weak passwords and no VPN, making an attack easier to perform.”

VPN

VPN Advertising Authentication Passwords

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Netwalker ransomware operators announced the attack with a message posted on their online blog and shared a few screenshots as proof of the security breach. One of the images shared by the group shows a directory containing folders such as Accounts Receivable, Finance, collection letters, Expenses, and Employees. .

Ransomware

Ransomware VPN Advertising Marketing

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Data breaches

Data breaches Social Engineering Ransomware Malware

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Monitor cyber threat reporting regarding the publication of compromised VPN login credentials and change passwords and settings.

Ransomware

Ransomware Financial Services Passwords VPN

Security Affairs newsletter Round 295

Security Affairs

JANUARY 3, 2021

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Data breaches

Data breaches Mobile VPN Firewall

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used employee’s VPN to access the LinkedIn’s internal network. The trial was initially set for early 2020, but it was delayed twice due to the ongoing coronavirus outbreak.

Hacking

Hacking Cybercrime Data breaches Advertising

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Security Affairs

JANUARY 5, 2021

“KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.” “It’s important to note that we detected compromised accounts to internal resources of nearly every company in question. ” reads the post published by Kela.

Hacking

Hacking Passwords VPN Accountability

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. ” Experts also discovered the presence of backdoor accounts in MySQL. “MySQL is pre-configured with several static accounts.

Accountability

Accountability Advertising Software Authentication

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4%

Cyber Attacks

Cyber Attacks Firmware Malware VPN

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. other than VPN gateways, mail ports, web ports). The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption.

Ransomware

Ransomware Healthcare Phishing Risk

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

OCTOBER 7, 2020

Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing. Software updates often come with releases that patch bugs and security vulnerabilities upon discovery. Avoid Public WI-Fi.

Data privacy

Data privacy Computers and Electronics Government VPN

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. How to secure it. For information on how to secure that part of a Kubernetes cluster, click here.

Advertising

Advertising Internet Internet VPN

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Two years later, the group moved to using Conti, in May 2020. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. Only use secure networks and avoid using public Wi-Fi networks.

Healthcare

Healthcare Ransomware Encryption Passwords

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

MAY 7, 2021

Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place. Unsecured databases exposed for years.

Passwords

Passwords Authentication Identity Theft Engineering

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Impact this leak.

VPN

VPN Banking Passwords Malware

Expert found a secret backdoor in Zyxel firewall and VPN

APT hacked a US municipal government via an unpatched Fortinet VPN

Webinars

Trending Sources

Which is the Threat landscape for the ICS sector in 2020?

Webinars

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Vishing attacks conducted to steal corporate accounts, FBI warns

Interview With a Crypto Scam Investment Spammer

3CX Breach Was a Double Supply Chain Compromise

Security firm SonicWall was victim of a coordinated attack

Akira ransomware received $42M in ransom payments from over 250 victims

FBI: Compromised US academic credentials available on various cybercrime forums

U.S. Bookstore giant Barnes & Noble hit by cyberattack

China-linked threat actors have breached telcos and network service providers

FBI warns of ransomware attacks targeting the food and agriculture sector

15 billion credentials available in the cybercrime marketplaces

Hackers target zero-day flaws in enterprise Draytek network devices

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

FBI warns of ransomware threat to food and agriculture

FBI and CISA warn of attacks by Rhysida ransomware gang

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

The Top Five Habits of Cyber-Aware Employees

Chilean bank BancoEstado hit by REVil ransomware

REvil Ransomware member win the auction for KPot stealer source code

Russia-linked APT28 has been scanning vulnerable email servers in the last year

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs newsletter Round 291

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs newsletter Round 295

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs newsletter Round 309

US CISA and FBI publish joint alert on DarkSide ransomware

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

19 petabytes of data exposed across 29,000+ unprotected databases

The global impact of the Fortinet 50.000 VPN leak posted online

Stay Connected