Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. ” continues the experts.

Firmware 84

Firmware VPN Accountability Advertising 84

Security Affairs

SEPTEMBER 15, 2020

” The list of vulnerabilities targeted by the Chinese hackers are: CVE-2020-5902 : F5 Big-IP Vulnerability – CISA has conducted incident response engagements at Federal Government and commercial entities where the threat actors exploited CVE-2020-5902. “According to a recent U.S.

Government 79

Government VPN Firmware Energy and Utilities 79

Security Affairs

MAY 1, 2021

If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” Threat actors were exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020.

Ransomware 120

Ransomware Cryptocurrency Malware Internet 120

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT 116

IoT DDOS Malware Firmware 116

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams 239

Scams DDOS Cryptocurrency Accountability 239

Security Affairs

APRIL 11, 2021

SecurityAffairs – hacking, newsletter). Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4% If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cyber Attacks 53

Cyber Attacks Firmware Malware VPN 53

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. Consider installing and using a VPN. Pierluigi Paganini.

Ransomware 104

Ransomware Passwords Backups Firmware 104

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. SecurityAffairs – hacking, Fortinet FortiOS).

Passwords 69

Passwords Government Firmware Accountability 69

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. Update software , including operating systems, applications, and firmware on IT network assets, in a timely manner. other than VPN gateways, mail ports, web ports).

Ransomware 117

Ransomware Healthcare Phishing Risk 117

Security Affairs

OCTOBER 13, 2020

Here are five significant cybersecurity vulnerabilities with IoT in 2020. Nobody told them that their coffee machine could be hacked into or that their camera could be used to launch a DDoS attack. It can be prevented through the use of an online VPN. SecurityAffairs – hacking, IoT). The Threat is Definitely Real.

IoT 134

IoT Cybersecurity Manufacturing Internet 134

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Botnet based on Medusa, working since 2020. Another type of service sold on the dark web is IoT hacking. This report contains the key findings of our research.

IoT 86

IoT DDOS Passwords Malware 86

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the analysis.

Firewall 109

Firewall Firmware Cyber Attacks VPN 109

SecureList

OCTOBER 26, 2021

ReconHellcat is a little-known threat actor that was spotted publicly in 2020. During 2020 and 2021, we detected a new ShadowPad loader module, dubbed ShadowShredder, used against critical infrastructure across multiple countries, including but not limited to India, China, Canada, Afghanistan and Ukraine.

Malware 140

Malware Government Surveillance Spyware 140