2020, Authentication, Information Security and VPN

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances.

VPN

VPN Authentication Hacking Information Security

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Government Authentication Cybersecurity

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. The Cisco Product Security Incident Response Team (PSIRT) confirmed that it is not aware of any public announcements or malicious use of the above vulnerabilities.

Firewall

Firewall Small Business Wireless Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021 , in the operating system ( PAN?OS x base score of 10. . x base score of 10.

Firewall

Firewall Authentication VPN Advertising

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month.

Malware

Malware VPN Authentication Hacking

Multiple Sage X3 vulnerabilities expose systems to hack

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 ” reads the post published by Rapid7.

Hacking

Hacking Authentication VPN Software

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Authentication

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices.

Firewall

Firewall Authentication Advertising VPN

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

Security Affairs

JUNE 30, 2020

Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated as critical severity and received a CVSS 3.x

Firewall

Firewall Authentication VPN Hacking

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

The experts found six vulnerabilities in B&R Automation’s SiteManager and GateManager ( CVE-2020-11641 , CVE-2020-11642 , CVE-2020-11643 , CVE-2020-11644 , CVE-2020-11645 , CVE-2020-11646 ) that could potentially disrupt operations. ” reads the advisory published by the company.

Advertising

Advertising Authentication VPN Firewall

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Cisco addresses ten high-risk issues in NX-OS software

Security Affairs

AUGUST 28, 2020

Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation. The first issue, tracked as CVE-2020-3517, is a DoS issue that resides in the Fabric Services component. ” reads the advisory published by Cisco.

Software

Software Risk Advertising Authentication

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Security Affairs

AUGUST 17, 2021

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker. The vulnerability impacts Fortinet FortiWeb versions 6.3.11

Authentication

Authentication VPN Internet Internet

China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day

Security Affairs

JUNE 4, 2021

A vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. reads the report published by FireEye. reads the report published by FireEye.

VPN

VPN Government Hacking Authentication

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

Security Affairs

DECEMBER 24, 2020

The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. — Marius Sandbu (@msandbu) December 20, 2020. ” Citrix plans to address the issue with the release of a security update in January 2020. 24 220.167.109.0/24

DDOS

DDOS System Administration VPN Authentication

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529 , in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. ” reads the security advisory. . Maximo is designed to assist an organisation in managing its assets.

VPN

VPN Advertising Authentication Passwords

Security Affairs newsletter Round 291

Security Affairs

NOVEMBER 29, 2020

A cyberattack crippled the IT infrastructure of the City of Saint John Hundreds of female sports stars and celebrities have their naked photos and videos leaked online Romanians arrested for running underground malware services Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs Computer Security and Data Privacy, the perfect alliance (..)

Data breaches

Data breaches Social Engineering Ransomware Malware

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Manufacturing Healthcare Education

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware Passwords VPN Authentication

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The alert reports the case of an attack in which cyber criminals found an employee via the company’s chatroom, and tricked him into logging into the fake VPN page. Then the attackers used a chatroom messaging service to conduct a phishing attack against this employee.

Accountability

Accountability VPN Social Engineering Phishing

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Use multifactor authentication where possible.

Passwords

Passwords Government Firmware Accountability

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Financial Services Passwords VPN

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use two-factor authentication with strong passwords. The Netwalker ransomware operators have been very active since March and also took advantage of the ongoing COVID-19 outbreak to target organizations.

Ransomware

Ransomware VPN Advertising Marketing

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020. Use multi-factor authentication with strong pass phrases where possible.

Ransomware

Ransomware Manufacturing Passwords Internet

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

MAY 7, 2021

While performing the search, we made sure that the open databases we found required no authentication whatsoever and were open for anyone to access, as opposed to those that had default credentials enabled. We excluded the latter because it would require us to log in to those databases without authorization, which would be unethical.

Passwords

Passwords Authentication Identity Theft Engineering

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Security Affairs

SEPTEMBER 7, 2021

Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware VPN Authentication Passwords

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. Require multi-factor authentication for remote access to OT and IT networks. other than VPN gateways, mail ports, web ports). 3 ],[ 4 ]” reads the joint alert.

Ransomware

Ransomware Healthcare Phishing Risk

The Top Five Habits of Cyber-Aware Employees

CyberSecurity Insiders

JULY 21, 2021

But a survey conducted by Google and Harris found that many people still refuse to adopt even the most essential credential security measures: just 37 percent use two-factor authentication, around a third change their passwords regularly, and a mere 15 percent use a password manager. Use all the cybersecurity tools at your disposal.

Social Engineering

Social Engineering Password Management Passwords Phishing

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Security Affairs

JANUARY 5, 2021

“KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.” Threat actors obtained precious information by using info-stealer like AZORult and launched spear-phishing attacks against gaming forms. ” reads the post published by Kela.

Hacking

Hacking Passwords VPN Accountability

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. The experts have discovered 16 vulnerabilities, including default credentials to insecure memory storage and backdoors.

Accountability

Accountability Advertising Software Authentication

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use two-factor authentication with strong passwords. The Netwalker ransomware operators have been very active since March and also took advantage of the ongoing COVID-19 outbreak to target organizations.

Ransomware

Ransomware VPN Data breaches Advertising

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report. ” continues the alert. ” concludes the alert.

VPN

VPN Government Authentication Advertising

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

OCTOBER 7, 2020

Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing. Software updates often come with releases that patch bugs and security vulnerabilities upon discovery. Avoid Public WI-Fi.

Data privacy

Data privacy Computers and Electronics Government VPN

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Solutions Upgrade to FortiOS 5.4.13, 5.6.8,

VPN

VPN Banking Passwords Malware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Two years later, the group moved to using Conti, in May 2020. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Use multi-factor authentication where possible. Consider installing and using a VPN.

Healthcare

Healthcare Ransomware Encryption Passwords

Cybersecurity Things to Celebrate in 2020

Duo's Security Blog

DECEMBER 21, 2020

I think we can all agree that 2020 was anything but a typical year (and a poster child for Murphy’s law "anything that can go wrong, will go wrong.") There is no shortage of articles about the very bad things that all of us in the information security industry are acutely aware of.

Cybersecurity

Cybersecurity Passwords VPN Authentication

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Webinars

Trending Sources

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Webinars

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security firm SonicWall was victim of a coordinated attack

Cisco fixes 5 critical flaws that could allow router firewall takeover

Akira ransomware received $42M in ransom payments from over 250 victims

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Multiple Sage X3 vulnerabilities expose systems to hack

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Palo Alto Networks addresses tens of serious issues in PAN-OS

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

China-linked threat actors have breached telcos and network service providers

Flaws in leading industrial remote access systems allow disruption of operations

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Cisco addresses ten high-risk issues in NX-OS software

FBI issued an alert on Ragnar Locker ransomware activity

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

China-linked attackers breached Metropolitan Transportation Authority (MTA) using Pulse Secure zero-day

DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs newsletter Round 291

FBI and CISA warn of attacks by Rhysida ransomware gang

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

FBI warns of ransomware attacks targeting the food and agriculture sector

Vishing attacks conducted to steal corporate accounts, FBI warns

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Netwalker ransomware operators claim to have stolen data from Forsee Power

FBI warns of ransomware threat to food and agriculture

19 petabytes of data exposed across 29,000+ unprotected databases

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

US CISA and FBI publish joint alert on DarkSide ransomware

The Top Five Habits of Cyber-Aware Employees

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Colocation data centers giant Equinix data hit by Netwalker Ransomware

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

The global impact of the Fortinet 50.000 VPN leak posted online

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Cybersecurity Things to Celebrate in 2020

Stay Connected