Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. that allows remote authenticated attackers to execute arbitrary code as the root user via maliciously crafted meeting room. SecurityAffairs – hacking, Pulse Connect Secure).

VPN 114

VPN Government Authentication Cybersecurity 114

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN 89

VPN Firewall Firmware Authentication 89

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 SecurityAffairs – hacking, SAGE).

Hacking 110

Hacking Authentication VPN Software 110

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 113

Ransomware Encryption Antivirus VPN 113

Security Affairs

JANUARY 23, 2021

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN 136

VPN Firewall Mobile Hacking 136

SC Magazine

APRIL 21, 2021

They include a damaging bug that allows an unauthorized user to create administrative accounts on a network ( CVE-2021-20021 ) and two others that allow an already-authenticated attacker to read ( CVE-2021-20023 ) and upload ( CVE-2021-20022 ) files on the victim’s remote host. million SonicWall user groups. million SonicWall user groups.

Hacking 106

Hacking VPN Media Firewall 106

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. SecurityAffairs – hacking, Cisco). The tech giant confirmed that there are no workarounds that fix these vulnerabilities. . Pierluigi Paganini.

Firewall 97

Firewall Small Business Wireless Authentication 97

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. SecurityAffairs – hacking, ransomware). ” reported ZDNet.

Ransomware 105

Ransomware VPN Encryption Authentication 105

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. that allows remote authenticated attackers to execute arbitrary code as the root user via maliciously crafted meeting room. One file is designed to intercept certificate-based multi-factor authentication.

Malware 128

Malware VPN Authentication Hacking 128

Security Affairs

AUGUST 2, 2020

“As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. “Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a U.S. Consider installing and using a VPN. Use two-factor authentication with strong passwords.

Ransomware 138

Ransomware VPN Advertising Government 138

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021 , in the operating system ( PAN?OS SecurityAffairs – hacking, PAN-OS). x base score of 10. .

Firewall 96

Firewall Authentication VPN Advertising 96

Security Affairs

OCTOBER 1, 2020

Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. Pierluigi Paganini.

Advertising 115

Advertising Authentication VPN Firewall 115

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices. Pierluigi Paganini.

Firewall 109

Firewall Authentication Advertising VPN 109

Security Affairs

JUNE 30, 2020

Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated as critical severity and received a CVSS 3.x

Firewall 103

Firewall Authentication VPN Hacking 103

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware 145

Ransomware Encryption VPN Backups 145

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. Enforce MFA on all VPN connections [ D3-MFA ].

Telecommunications 98

Telecommunications Authentication Passwords Accountability 98

Security Affairs

JUNE 4, 2021

This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. The vendor also released a tool that can scan Pulse Secure VPN servers for signs of compromise for CVE-2021-22893 or other previous vulnerabilities.

VPN 83

VPN Government Hacking Authentication 83

Security Affairs

AUGUST 28, 2020

The first issue, tracked as CVE-2020-3517, is a DoS issue that resides in the Fabric Services component. The second issue, tracked as CVE-2020-3415, is a remote code execution flaw in the Data Management Engine (DME) of NX-OS software. Another DoS issue (CVE-2020-3398) in BGP MVPN affects Nexus 7000 series switches too.

Software 127

Software Risk Advertising Authentication 127

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering 124

Social Engineering VPN Phishing Authentication 124

Security Affairs

AUGUST 17, 2021

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker. SecurityAffairs – hacking, Fortinet). Pierluigi Paganini.

Authentication 100

Authentication VPN Internet Internet 100

SecureWorld News

DECEMBER 8, 2021

The Russian-linked group, dubbed "Nobelium" by Microsoft, has continued its hacking campaigns targeting business and government entities around the globe, according to new research from Mandiant. Abuse of multi-factor authentication leveraging 'push' notifications on smartphones.". Use of a new bespoke downloader we call CEELOADER.".

VPN 80

VPN Authentication Mobile Internet 80

Security Affairs

NOVEMBER 29, 2020

SecurityAffairs – hacking, newsletter). Pierluigi Paganini. The post Security Affairs newsletter Round 291 appeared first on Security Affairs.

Data breaches 94

Data breaches Social Engineering Ransomware Malware 94

Security Affairs

DECEMBER 24, 2020

— Marius Sandbu (@msandbu) December 20, 2020. 24 45.248.9.195 206.71.159.131 46.229.195.108 117.27.239.154 13.69.68.47 (1/3) pic.twitter.com/AuAg72BsEY — Daniel Weppeler (@_DanielWep) December 21, 2020. ” Citrix plans to address the issue with the release of a security update in January 2020. 24 220.167.109.0/24

DDOS 122

DDOS System Administration VPN Authentication 122

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware 121

Ransomware Manufacturing Healthcare Education 121

Security Affairs

JUNE 21, 2021

Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020. Consider installing and using a VPN. Use multi-factor authentication with strong passwords. Pierluigi Paganini.

Ransomware 138

Ransomware Passwords VPN Authentication 138

Security Affairs

JULY 1, 2021

The attackers remained under the radar by routing brute force attacks through the TOR network and commercial VPN services, including CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and WorldVPN. SecurityAffairs – hacking, Russia). ” reads the advisory published by the NSA. ” reads the joint report. Pierluigi Paganini.

Energy and Utilities 95

Energy and Utilities VPN Government Passwords 95

Security Affairs

JUNE 19, 2020

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529 , in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Sometimes employees connect to IBM Maximo directly over the Internet with weak passwords and no VPN, making an attack easier to perform.”

VPN 99

VPN Advertising Authentication Passwords 99

Security Affairs

AUGUST 8, 2020

According to the FBI, Iranian hackers are actively attempting to exploit an unauthenticated RCE flaw, tracked as CVE-2020-5902, in F5 Big-IP ADC devices. Early June, researchers at F5 Networks addressed the CVE-2020-5902 vulnerability, it resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product.

VPN 93

VPN Advertising Malware Banking 93

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said.

Accountability 312

Accountability Passwords Authentication Password Management 312

Security Affairs

JUNE 29, 2020

.” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Between December 2019 and until February 2020, the experts observed a number of attacks between 70,000 and 40,000 on a daily basis.

Passwords 130

Passwords Internet Internet Advertising 130

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Use multi-factor authentication with strong passwords, including for remote access services. Pierluigi Paganini.

Ransomware 92

Ransomware Financial Services VPN Passwords 92

Security Affairs

JANUARY 19, 2021

The alert reports the case of an attack in which cyber criminals found an employee via the company’s chatroom, and tricked him into logging into the fake VPN page. SecurityAffairs – hacking, vishing). Then the attackers used a chatroom messaging service to conduct a phishing attack against this employee. Pierluigi Paganini.

Accountability 108

Accountability VPN Social Engineering Phishing 108

SC Magazine

MARCH 1, 2021

In response, criminal and state-backed hacking groups stepped up their own exploitation of the technology as well. A recent report from Zscaler found that VPNs are still overwhelmingly popular: 93% of companies surveyed reported that they have used them in some capacity.

VPN 128

VPN Technology Marketing Media 128

Security Affairs

JANUARY 5, 2021

The alarm was raised by the threat intelligence firm Kela that reported the availability for sale of the credentials in multiple hacking forums and criminal marketplace. “KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.”

Hacking 105

Hacking Passwords VPN Accountability 105

Security Affairs

SEPTEMBER 9, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. SecurityAffairs – hacking, Netwalker). The Netwalker ransomware operators have been very active since March and also took advantage of the ongoing COVID-19 outbreak to target organizations. Pierluigi Paganini.

Ransomware 135

Ransomware Energy and Utilities VPN Advertising 135

Security Affairs

MAY 7, 2021

In fact, attackers often don’t even need to hack them to steal all that precious data: one of the most common causes of a breach are databases that have been simply left unsecured, allowing anyone to access the data without providing a username or password. Unsecured databases exposed for years.

Passwords 136

Passwords Authentication Identity Theft Engineering 136

Security Affairs

MAY 21, 2020

Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos. Passwords associated with external authentication systems such as AD or LDAP are unaffected. Pierluigi Paganini.

Firewall 139

Firewall Ransomware Passwords VPN 139