2020, Hacking, Passwords and VPN - Cyber Security Informer

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw. SecurityAffairs – hacking, Pulse VPN).

VPN

VPN Passwords Banking Advertising

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware

Ransomware VPN Education Hacking

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. .

Firewall

Firewall VPN Firmware Passwords

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. 13, 2018 and Mar.

VPN

VPN Passwords Software Telecommunications

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

VPN Android apps: What you should know

Malwarebytes

MAY 24, 2021

In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users, revealing consumers’ email addresses, payment information, clear text passwords, device IDs, and more. All these people that work on [the VPN service], nobody is going to do it for free. There is no best free VPN for Android.

VPN

VPN Internet Internet Data breaches

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Energetic Bear successfully compromised the infrastructure and as of October 1, 2020, exfiltrated data from at least two victim servers. SecurityAffairs – hacking, Energetic Bear).

Government

Government Hacking Advertising Passwords

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

“As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. “Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a U.S. Consider installing and using a VPN. Use two-factor authentication with strong passwords.

Ransomware

Ransomware VPN Advertising Government

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. SecurityAffairs – hacking, ransomware). ” reported ZDNet. .”

Ransomware

Ransomware VPN Encryption Authentication

Wazawaka Goes Waka Waka

Krebs on Security

FEBRUARY 14, 2022

Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. Wazawaka, a.k.a. Matveev, a.k.a. “Orange,” a.k.a.

VPN

VPN Ransomware Cybercrime Accountability

Twitter suspends account of hacker obtaining access to Argentina ID Card Database

CyberSecurity Insiders

OCTOBER 20, 2021

Argentinian governments Registro Nacional De Las Personas aka ReNaPer Registry has cleared the air that no hack took place on its database last month, as claimed by a hacker with @aniballeaks on Twitter.

Accountability

Accountability VPN Government Hacking

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.” Pierluigi Paganini.

Accountability

Accountability Malware Data breaches Passwords

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Verified was hacked at least twice in the past five years, and its user database posted online.

Ransomware

Ransomware Passwords Accountability Cybercrime

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Consider installing and using a VPN. Pierluigi Paganini.

Ransomware

Ransomware Passwords VPN Authentication

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. If you log in at the end website you’ve identified yourself to them, regardless of VPN. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. Super Hackers Trying to Hack You.

VPN

VPN Risk Hacking Encryption

Security Affairs newsletter Round 293

Security Affairs

DECEMBER 13, 2020

SecurityAffairs – hacking, newsletter). A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Pierluigi Paganini. The post Security Affairs newsletter Round 293 appeared first on Security Affairs.

Computers and Electronics

Computers and Electronics VPN Hacking Ransomware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware

Ransomware Healthcare Manufacturing Education

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. experts pointed out that it results from a bypass of the patch released in October 2021 to address the CVE-2020-8260 issue. SecurityAffairs – hacking, Pulse Secure). Pierluigi Paganini.

Malware

Malware VPN Authentication Hacking

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access. Pierluigi Paganini.

IoT

IoT DDOS Malware Firmware

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. The double supply chain compromise that led to malware being pushed out to some 3CX customers. Image: Mandiant.

Malware

Malware Software Technology Accountability

New Mirai variant appears in the threat landscape

Security Affairs

MARCH 16, 2021

Experts noticed that the malware also downloads more shell scripts that retrieve brute-forcers that could be used to target devices protected with weak passwords. SecurityAffairs – hacking, Mirai). “The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing.

Wireless

Wireless IoT DNS VPN

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

In late 2020, credentials for US-based universities were found for sale on the dark web. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. SecurityAffairs – hacking, FBI). To nominate, please visit:?. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

JULY 30, 2021

Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted: one bad, one good.

VPN

VPN Firewall Encryption Accountability

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

Security Affairs

JULY 1, 2021

The attackers remained under the radar by routing brute force attacks through the TOR network and commercial VPN services, including CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and WorldVPN. SecurityAffairs – hacking, Russia). ” reads the advisory published by the NSA. ” reads the joint report. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities VPN Government Passwords

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Use multi-factor authentication with strong passwords, including for remote access services. Pierluigi Paganini.

Ransomware

Ransomware Financial Services VPN Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Threat actors attempted to exploit a zero-day (CVE-2020-12271) in the Sophos XG firewall to spread ransomware to Windows machines, the good news is that the attack was blocked by a hotfix issued by Sophos. Passwords associated with external authentication systems such as AD or LDAP are unaffected. Pierluigi Paganini.

Firewall

Firewall Ransomware Passwords VPN

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

.” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Between December 2019 and until February 2020, the experts observed a number of attacks between 70,000 and 40,000 on a daily basis.

Passwords

Passwords Internet Internet Advertising

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

1/2 — NOOK (@nookBN) October 14, 2020. (2/2) — NOOK (@nookBN) October 14, 2020. ” BleepingComputer confirmed that the company was hit by a cyber attack on October 10th, 2020, and cited as a source an email sent to customers late Wednesday night that is has seen. SecurityAffairs – hacking, malware).

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Security Affairs

JANUARY 5, 2021

The alarm was raised by the threat intelligence firm Kela that reported the availability for sale of the credentials in multiple hacking forums and criminal marketplace. “KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.”

Hacking

Hacking Passwords VPN Accountability

FBI warns of Iran-linked hackers attempting to exploit F5 BIG-IP flaw

Security Affairs

AUGUST 8, 2020

According to the FBI, Iranian hackers are actively attempting to exploit an unauthenticated RCE flaw, tracked as CVE-2020-5902, in F5 Big-IP ADC devices. Early June, researchers at F5 Networks addressed the CVE-2020-5902 vulnerability, it resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product.

VPN

VPN Advertising Malware Banking

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. SecurityAffairs – hacking, Netwalker). Recently the Netwalker ransomware operators were looking for new collaborators that can provide them with access to large enterprise networks. Pierluigi Paganini.

Ransomware

Ransomware Energy and Utilities VPN Advertising

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

MAY 7, 2021

This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place. Enable encryption or use a VPN so that no one can intercept the data traveling through your network while you interact with your database.

Passwords

Passwords Authentication Identity Theft Engineering

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords

Passwords Government Firmware Accountability

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Expert found a secret backdoor in Zyxel firewall and VPN

Hackers Were Inside Citrix for Five Months

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

VPN Android apps: What you should know

Which is the Threat landscape for the ICS sector in 2020?

NetWalker ransomware operators have made $25 million since March 2020

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

NetWalker ransomware operators have made $25 million since March 2020

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

FBI issued a flash alert about Netwalker ransomware attacks

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Wazawaka Goes Waka Waka

Twitter suspends account of hacker obtaining access to Argentina ID Card Database

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Who Is the Network Access Broker ‘Babam’?

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Everyday Threat Modeling

Security Affairs newsletter Round 293

FBI issued an alert on Ragnar Locker ransomware activity

FBI and CISA warn of attacks by Rhysida ransomware gang

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

A new Zerobot variant spreads by exploiting Apache flaws

3CX Breach Was a Double Supply Chain Compromise

New Mirai variant appears in the threat landscape

FBI: Compromised US academic credentials available on various cybercrime forums

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

UK, US agencies warn of large-scale brute-force attacks carried out by Russian APT

China-linked threat actors have breached telcos and network service providers

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

FBI warns of ransomware attacks targeting the food and agriculture sector

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Experian, You Have Some Explaining to Do

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Over 500,000 credentials for tens of gaming firm available in the Dark Web

FBI warns of Iran-linked hackers attempting to exploit F5 BIG-IP flaw

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

19 petabytes of data exposed across 29,000+ unprotected databases

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

15 billion credentials available in the cybercrime marketplaces

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Stay Connected