2020, Information Security, Internet and VPN

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, ” The CVE-2020-29583 flaw affects the firmware version 4.60 that is used by multiple Zyxel devices.

Firewall

Firewall VPN Firmware Passwords

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN

VPN Internet Internet Software

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Experts pointed out that this port is often accessible over the Internet. Below is the timeline for this vulnerability: 2020-10-26: Randori began initial research on GlobalProtect. Randori said.

VPN

VPN Firewall Internet Internet

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. The security breach took place on on May 14, and the institute discovered it only on May 31, then the research institute reported the incident to the government and launched an investigation.

Hacking

Hacking VPN Internet Internet

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens control of its citizens and blocked access to six virtual private networks (VPNs), including NordVPN and ExpressVPN. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN,

VPN

VPN Internet Internet Mobile

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. In May 2020, Zipper told another Lolzteam member that quot[.]pw A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

“To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” You can check the product support status to see the latest updates available to your NAS model.”

Ransomware

Ransomware Cryptocurrency Malware Internet

Multiple Sage X3 vulnerabilities expose systems to hack

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 ” reads the post published by Rapid7.

Hacking

Hacking Authentication VPN Software

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. ” continues the report.

Hacking

Hacking VPN Advertising Financial Services

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

“Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. This advisory also includes other frequently exploited vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. ” continues the Russian Watchdog.

Government

Government VPN Telecommunications Advertising

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Tracked as CVE-2020-25159 , the flaw is rated 9.8 ” reads the security advisory published by Claroty. The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 Brizinov reported the stack overflow issue to the US agency CISA that published a security advisory. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

JULY 20, 2020

Telecom Argentina , one of the largest internet service providers in Argentina, was hit by a ransomware attack. REvil #Sodinokibi #Ransomware pic.twitter.com/BZtLhw8V1D — Germán Fernández (@1ZRR4H) July 19, 2020. Ransomware operators infected roughly 18,000 computers during the weekend and now are asking for a $7.5

Ransomware

Ransomware VPN Advertising Internet

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

The experts found six vulnerabilities in B&R Automation’s SiteManager and GateManager ( CVE-2020-11641 , CVE-2020-11642 , CVE-2020-11643 , CVE-2020-11644 , CVE-2020-11645 , CVE-2020-11646 ) that could potentially disrupt operations. ” reads the advisory published by the company.

Advertising

Advertising Authentication VPN Firewall

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

In late 2020, credentials for US-based universities were found for sale on the dark web. Recently, in January 2022, threat actors have been observed offering for sale network and VPN access credentials belonging to US-based universities and colleges on Russian cybercrime forums. The seller listed approximately 2,000 unique credentials.

Cybercrime

Cybercrime Education Accountability Phishing

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. The state of IoT is poor enough as it is, security wise. Consider installing and using a VPN.

Ransomware

Ransomware Manufacturing Passwords Internet

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN

VPN Software Internet Internet

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Security Affairs

APRIL 28, 2020

Timetv.live is the latest Azeri news site targeted by Denial of Service (DDoS) attacks launched by Sandman threat actor, the attack took place on March 21, 2020. After reviewing the attack logs of the Denial of Service, Qurium could quickly determine that the attacker was using Fineproxy VPN service to build a botnet to flood the website.

DDOS

DDOS Media VPN Advertising

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

NOVEMBER 26, 2021

Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT

IoT Wireless DDOS VPN

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Enforce MFA on all VPN connections [ D3-MFA ]. Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [ D3-NI ]. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ].

Telecommunications

Telecommunications Authentication Passwords Accountability

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . The attack chain begins with attacks to internet-facing systems via Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) using legitimate credentials.

Ransomware

Ransomware Encryption Malware VPN

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529 , in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Sometimes employees connect to IBM Maximo directly over the Internet with weak passwords and no VPN, making an attack easier to perform.”

VPN

VPN Advertising Authentication Passwords

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials. The alert reports the case of an attack in which cyber criminals found an employee via the company’s chatroom, and tricked him into logging into the fake VPN page. ” reads the FBI alert.

Accountability

Accountability VPN Social Engineering Phishing

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443.

Passwords

Passwords Government Firmware Accountability

Security Affairs newsletter Round 283

Security Affairs

SEPTEMBER 27, 2020

fitness chains Town Sports leaked online Group-IB detects a series of ransomware attacks by OldGremlin HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Banking Advertising Ransomware

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Security Affairs

AUGUST 17, 2021

CVE-2020-29015 ) to allow an unauthenticated attacker to trigger the vulnerability. If the management interface is exposed to the internet, an attacker could trigger the issue to reach into the affected network beyond the DMZ. Such kinds of devices should only be reachable only via trusted, internal networks or a secure VPN connection.

Authentication

Authentication VPN Internet Internet

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used employee’s VPN to access the LinkedIn’s internal network. The trial was initially set for early 2020, but it was delayed twice due to the ongoing coronavirus outbreak.

Hacking

Hacking Cybercrime Data breaches Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages. ” continues the report.

Phishing

Phishing Accountability Advertising DNS

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. How to secure it. How to secure it. cloud-controller-manager.

Advertising

Advertising Internet Internet VPN

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

Equinix, one of the world’s largest providers of colocation data centers and Internet connection announced it was hit by Netwalker Ransomware. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. The popular cybercrime gang is demanding a $4.5

Ransomware

Ransomware VPN Data breaches Advertising

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

prize pool Zerodium will pay $300K for WordPress RCE exploits Crooks abuse website contact forms to deliver IcedID malware Hackers compromised APKPure client to distribute infected Apps This man was planning to kill 70% of Internet in a bomb attack against AWS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Firmware Malware VPN

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

FEBRUARY 2, 2020

This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. The Russian government asks all Internet service providers and VPN providers operating in the country to provide information about their users. “On

Telecommunications

Telecommunications VPN Advertising Government

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Here are five significant cybersecurity vulnerabilities with IoT in 2020. A hacker managed to identify a weak spot in a security camera model. The Threat is Definitely Real.

IoT

IoT Cybersecurity Manufacturing Internet

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

The Darkside ransomware gang first emerged in the threat landscape in August 2020, in recent months the group was very active and targeted organizations worldwide. other than VPN gateways, mail ports, web ports). The alert comes after the disruptive attack that hit Colonial Pipeline that caused chaos and disruption.

Ransomware

Ransomware Healthcare Phishing Risk

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Expert found a secret backdoor in Zyxel firewall and VPN

Webinars

Trending Sources

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Webinars

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Which is the Threat landscape for the ICS sector in 2020?

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Interview With a Crypto Scam Investment Spammer

AgeLocker ransomware operation targets QNAP NAS devices

Multiple Sage X3 vulnerabilities expose systems to hack

Iran-linked APT group Pioneer Kitten sells access to hacked networks

CISA published 2021 Top 15 most exploited software vulnerabilities

A new Zerobot variant spreads by exploiting Apache flaws

Everyday Threat Modeling

The Russian Government blocked ProtonMail and ProtonVPN

A critical flaw in industrial automation systems opens to remote hack

REVil ransomware infected 18,000 computers at Telecom Argentina

Flaws in leading industrial remote access systems allow disruption of operations

FBI: Compromised US academic credentials available on various cybercrime forums

FBI warns of ransomware threat to food and agriculture

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

China-linked threat actors have breached telcos and network service providers

Hades ransomware gang targets big organizations in the US

FBI warns of ransomware attacks targeting the food and agriculture sector

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Vishing attacks conducted to steal corporate accounts, FBI warns

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs newsletter Round 283

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Russia-linked APT28 has been scanning vulnerable email servers in the last year

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs newsletter Round 309

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

US CISA and FBI publish joint alert on DarkSide ransomware

Stay Connected