2020, Information Security, Passwords and VPN

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware

Ransomware VPN Education Hacking

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. .

Firewall

Firewall VPN Firmware Passwords

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Authentication

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords VPN Authentication

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.”

Accountability

Accountability Malware Data breaches Passwords

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. The double supply chain compromise that led to malware being pushed out to some 3CX customers. Image: Mandiant.

Malware

Malware Software Technology Accountability

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

In another incident that occurred in March 2021, a ransomware attack blocked the operations at a US beverage company, while in a November 2020 attack on a US-based international food and agriculture business threat actors requested the payment of a gigantic $40 million ransom. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020.

Ransomware

Ransomware Encryption VPN Backups

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access.

IoT

IoT DDOS Malware Firmware

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points. The group relies on living off-the-land techniques such as native (built into the operating system) network administration tools to perform malicious operations.

Ransomware

Ransomware Manufacturing Healthcare Education

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month.

Malware

Malware VPN Authentication Hacking

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

In late 2020, credentials for US-based universities were found for sale on the dark web. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. The seller listed approximately 2,000 unique credentials.

Cybercrime

Cybercrime Education Accountability Phishing

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords

Passwords Government Firmware Accountability

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Energetic Bear successfully compromised the infrastructure and as of October 1, 2020, exfiltrated data from at least two victim servers. ” reads the advisory.

Government

Government Hacking Advertising Passwords

Security Affairs newsletter Round 293

Security Affairs

DECEMBER 13, 2020

Every week the best security articles from Security Affairs free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Computers and Electronics

Computers and Electronics VPN Hacking Ransomware

The Top Five Habits of Cyber-Aware Employees

CyberSecurity Insiders

JULY 21, 2021

But a survey conducted by Google and Harris found that many people still refuse to adopt even the most essential credential security measures: just 37 percent use two-factor authentication, around a third change their passwords regularly, and a mere 15 percent use a password manager. Know how to identify a phishing attack.

Social Engineering

Social Engineering Password Management Passwords Phishing

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

1/2 — NOOK (@nookBN) October 14, 2020. (2/2) — NOOK (@nookBN) October 14, 2020. ” BleepingComputer confirmed that the company was hit by a cyber attack on October 10th, 2020, and cited as a source an email sent to customers late Wednesday night that is has seen. Thank you for your patience.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Financial Services Passwords VPN

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Recently the Netwalker ransomware operators were looking for new collaborators that can provide them with access to large enterprise networks.

Ransomware

Ransomware VPN Advertising Marketing

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

Nikulin first breached LinkedIn between March 3 and March 4, 2012, the hacker first infected an employee’s laptop with malware then used employee’s VPN to access the LinkedIn’s internal network. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. Pierluigi Paganini.

Hacking

Hacking Cybercrime Data breaches Advertising

19 petabytes of data exposed across 29,000+ unprotected databases

Security Affairs

MAY 7, 2021

Most organizations use databases to store sensitive information. This includes passwords, usernames, document scans, health records, bank account and credit card details, as well as other essential data, all easily searchable and conveniently stored in one place. Can’t come up with a strong password? What were we looking at?

Passwords

Passwords Authentication Identity Theft Engineering

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

IBM recently addressed a high-severity issue, tracked as CVE-2020-4529 , in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Sometimes employees connect to IBM Maximo directly over the Internet with weak passwords and no VPN, making an attack easier to perform.”

VPN

VPN Advertising Authentication Passwords

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.”

Cybercrime

Cybercrime Antivirus Marketing Accountability

Most Common Causes of Data Breach and How to Prevent It

Security Affairs

MAY 3, 2021

If you look at Verizon’s 2020 Data Breach Investigations Report, you can find some of the most common causes of data breaches. However, you will also be surprised to learn that most breaches result from inadequate data security measures. A security recommendation is to use a Virtual Private Network. Pierluigi Paganini.

Data breaches

Data breaches Social Engineering Engineering Network Security

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Security Affairs

JANUARY 5, 2021

“KELA found nearly 1 million compromised accounts pertaining to gaming clients and employees, with 50% of them offered for sale during 2020.” Threat actors obtained precious information by using info-stealer like AZORult and launched spear-phishing attacks against gaming forms. ” reads the post published by Kela.

Hacking

Hacking Passwords VPN Accountability

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use two-factor authentication with strong passwords. Recently the Netwalker ransomware operators were looking for new collaborators that can provide them with access to large enterprise networks.

Ransomware

Ransomware VPN Data breaches Advertising

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

OCTOBER 7, 2020

Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing. Software updates often come with releases that patch bugs and security vulnerabilities upon discovery. Avoid Public WI-Fi.

Data privacy

Data privacy Computers and Electronics Government VPN

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Security Affairs

SEPTEMBER 7, 2021

Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April 2020. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware VPN Authentication Passwords

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

Security researchers Pierre Kim and Alexandre Torres have discovered several vulnerabilities Zyxel Cloud CNM SecuManager software that could expose users to cyber attacks. ” Experts also reported the use of predefined passwords for admin accounts. log escape sequence injection xmppCnrSender.py

Accountability

Accountability Advertising Software Authentication

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The attackers connects to a dedicated commercially-shared VPN server using OpenVPN and then uses compromised email credentials to send out credential spam via a commercial email service provider.

Phishing

Phishing Accountability Advertising DNS

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Here are five significant cybersecurity vulnerabilities with IoT in 2020. A hacker managed to identify a weak spot in a security camera model. Simple or reused passwords are still a problem. Instead, people come up with passwords that are comfortable. It can be prevented through the use of an online VPN.

IoT

IoT Cybersecurity Manufacturing Internet

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Two years later, the group moved to using Conti, in May 2020. Below is a list of recommended mitigations from the FBI, which it issued along with an alert on Conti ransomware late last week: Regularly back up data, air gap, and password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Healthcare

Healthcare Ransomware Encryption Passwords

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report. ” continues the alert. ” concludes the alert.

VPN

VPN Government Authentication Advertising

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online.

VPN

VPN Banking Passwords Malware

Cybersecurity Things to Celebrate in 2020

Duo's Security Blog

DECEMBER 21, 2020

I think we can all agree that 2020 was anything but a typical year (and a poster child for Murphy’s law "anything that can go wrong, will go wrong.") There is no shortage of articles about the very bad things that all of us in the information security industry are acutely aware of.

Cybersecurity

Cybersecurity Passwords VPN Authentication

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Duo's Security Blog

OCTOBER 6, 2023

When organizations started to embark on zero trust security back in 2020, it was in response to a dramatic and unforeseen change – the public health crisis. Securing remote user access became the first use case for adopting zero trust security principles. ZTNA) – regardless of location or protocol.

Authentication

Authentication Risk Social Engineering InfoSec

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

These emails persuade employees to reveal passwords for important applications or download malicious files to their devices. Using stolen passwords is an easy way to masquerade as a genuine user and access sensitive information or infiltrate deeper into your network. IoT Devices.

IoT

IoT Phishing Passwords Scams

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Expert found a secret backdoor in Zyxel firewall and VPN

Webinars

Trending Sources

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Webinars

Which is the Threat landscape for the ICS sector in 2020?

NetWalker ransomware operators have made $25 million since March 2020

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

3CX Breach Was a Double Supply Chain Compromise

FBI warns of ransomware attacks targeting the food and agriculture sector

FBI issued an alert on Ragnar Locker ransomware activity

A new Zerobot variant spreads by exploiting Apache flaws

Everyday Threat Modeling

FBI and CISA warn of attacks by Rhysida ransomware gang

FBI warns of ransomware threat to food and agriculture

China-linked threat actors have breached telcos and network service providers

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

FBI: Compromised US academic credentials available on various cybercrime forums

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs newsletter Round 293

The Top Five Habits of Cyber-Aware Employees

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Netwalker ransomware operators claim to have stolen data from Forsee Power

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

19 petabytes of data exposed across 29,000+ unprotected databases

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

15 billion credentials available in the cybercrime marketplaces

Most Common Causes of Data Breach and How to Prevent It

Over 500,000 credentials for tens of gaming firm available in the Dark Web

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Ragnar Locker gang threatens to leak data if victim contacts law enforcement

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Russia-linked APT28 has been scanning vulnerable email servers in the last year

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

The global impact of the Fortinet 50.000 VPN leak posted online

Cybersecurity Things to Celebrate in 2020

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Top 5 Attack Vectors to Look Out For in 2022

Stay Connected