Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 138

VPN Passwords Banking Advertising 138

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. SecurityAffairs – hacking, VPN).

VPN 106

VPN Authentication Hacking Information Security 106

CSO Magazine

APRIL 20, 2021

Over the past few months, several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure. Sign up for CSO newsletters. ].

VPN 98

VPN CSO Hacking Authentication 98

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Below is the timeline for this vulnerability: 2020-10-26: Randori began initial research on GlobalProtect. 2020-11-19: Randori discovered the buffer overflow vulnerability. Randori said. Pierluigi Paganini.

VPN 112

VPN Firewall Internet Internet 112

Schneier on Security

FEBRUARY 7, 2020

Ten years ago, I wrote an essay : "Security in 2020." Well, it's finally 2020. Employees already have their laptops configured just the way they like them, and they don't want another one just for getting through the corporate VPN. I think I did pretty well. Security can only be defined in relation to something else.

Advertising 336

Advertising Internet Internet Artificial Intelligence 336

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN 93

VPN Cybercrime Ransomware Advertising 93

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In SecurityAffairs – hacking, Pulse Connect Secure). Pierluigi Paganini.

VPN 116

VPN Government Authentication Cybersecurity 116

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN 106

VPN Ransomware Antivirus Firmware 106

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN 128

VPN Internet Internet Software 128

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. A KAERI spokesperson revealed that threat actors exploited a vulnerability in a virtual private network (VPN) server to gain access to the network of the institute. ” reported The Record. .

Hacking 140

Hacking VPN Internet Internet 140

Malwarebytes

MAY 24, 2021

In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users, revealing consumers’ email addresses, payment information, clear text passwords, device IDs, and more. All these people that work on [the VPN service], nobody is going to do it for free. There is no best free VPN for Android.

VPN 87

VPN Internet Internet Data breaches 87

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 131

Engineering VPN Accountability Software 131

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN 90

VPN Firewall Firmware Authentication 90

SecureBlitz

FEBRUARY 15, 2021

This post will show you the top 8 considerations to choose the right VPN service. With the surge in remote working in 2020, the interest in VPN services has never been higher. Most VPN service providers noted the huge spike in interest in using VPN services in 2020 and NordVPN (a reputed service provider) empirically.

VPN 59

VPN Cybersecurity Hacking 59

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware 114

Firmware Passwords Accountability VPN 114

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. 10, 2020, Citrix disclosed additional details about the incident. But in a letter sent to affected individuals dated Feb. 13, 2018 and Mar.

VPN 353

VPN Passwords Software Telecommunications 353

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 SecurityAffairs – hacking, SAGE).

Hacking 110

Hacking Authentication VPN Software 110

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The flaw can be used in combination with the CVE-2019-11539 remote command injection issue gain access to private VPN networks. SecurityAffairs – Pulse Secure VPN , hacking).

VPN 82

VPN InfoSec Advertising Cybersecurity 82

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking 99

Hacking VPN Advertising Financial Services 99

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. SecurityAffairs – hacking, cyber security). Pierluigi Paganini.

Phishing 93

Phishing Hacking Government VPN 93

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware 98

Ransomware VPN Cybercrime Advertising 98

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159 , the flaw is rated 9.8 The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 SecurityAffairs – hacking, industrial automation systems).

Hacking 129

Hacking Firmware Internet Internet 129

Security Affairs

DECEMBER 16, 2020

Bansal (@0xrb) December 16, 2020. The attackers used VPN servers in the same country as the victim to obfuscate the IP addresses and evade detection. of the SolarWinds Orion Platform software that was released between March and June 2020. SecurityAffairs – hacking, Supply chain attack). The domain avsvmcloud[.]com

Hacking 130

Hacking DNS VPN Software 130

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware 75

Ransomware VPN Cybercrime Advertising 75

Security Affairs

JANUARY 23, 2021

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN 136

VPN Firewall Mobile Hacking 136

Security Affairs

DECEMBER 14, 2020

Nation-state actors, allegedly Russia-linked hacked, have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic. through 2020.2.1

Software 129

Software Hacking Telecommunications Government 129

Security Affairs

OCTOBER 23, 2020

Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Energetic Bear successfully compromised the infrastructure and as of October 1, 2020, exfiltrated data from at least two victim servers. SecurityAffairs – hacking, Energetic Bear).

Government 123

Government Hacking Advertising Passwords 123

Security Affairs

JULY 28, 2021

A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020. Federal Bureau of Investigation (FBI) published a Joint Cybersecurity Advisory that provides details on the top 30 vulnerabilities exploited by threat actors in 2020. ” reads the joint report.

VPN 132

VPN Cybersecurity Hacking Technology 132

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 101

Ransomware Encryption Antivirus VPN 101

Security Affairs

NOVEMBER 22, 2020

A threat actor has published online a list of one-line exploits to steal VPN credentials from over 49,000 vulnerable Fortinet VPNs. A threat actor, who goes online with the moniker “pumpedkicks,” has leaked online a list of exploits that could be exploited to steal VPN credentials from almost 50,000 Fortinet VPN devices.

VPN 138

VPN Banking Government Hacking 138

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. Nikulin also hacked into an employee account of a Formspring engineer and used it to access the company network between June 13, 2012, and June 29, 2012.

Hacking 86

Hacking Cybercrime Data breaches Advertising 86

SC Magazine

APRIL 21, 2021

Short for “Uncategorized Groups,” UNCs are the label FireEye gives to observed clusters of hacking activities that may (or may not) be related. In January, the company disclosed that malicious hackers had leveraged a zero-day exploit for their Secure Mobile Access VPN client after SC Media contacted them following an anonymous tip.

Hacking 106

Hacking VPN Media Firewall 106

Krebs on Security

FEBRUARY 14, 2022

Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. Wazawaka, a.k.a. Matveev, a.k.a. “Orange,” a.k.a.

VPN 192

VPN Ransomware Cybercrime Accountability 192

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN, VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, and IPVanish VPN. SecurityAffairs – hacking, FIN8). Pierluigi Paganini.

VPN 85

VPN Internet Internet Mobile 85

SecureBlitz

FEBRUARY 22, 2024

In 2020, cyberattacks witnessed an unprecedented increase, targeting many industries, from phishing scams to system hacks exploiting vulnerable endpoints and weak network security.

Cybersecurity 92

Cybersecurity Healthcare Scams Cyber threats 92

Security Affairs

JULY 22, 2020

The Meow attack began recently and attackers did not leave any ransom note or disclaimer after the hack of the install. One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN , hackers targeted its Elasticsearch database. pic.twitter.com/YbQCSKBOK9 — Bob Diachenko (@MayhemDayOne) July 20, 2020.

VPN 92

VPN Advertising Hacking Information Security 92

Security Affairs

AUGUST 2, 2020

“As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on U.S. “Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a U.S. Consider installing and using a VPN. SecurityAffairs – hacking, D-Link).

Ransomware 140

Ransomware VPN Advertising Government 140