2020 and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

DECEMBER 2, 2021

They allege that in late December 2020, Sharp applied for a job at another technology company, and then abused his privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service and the company’s GitHub accounts to download large amounts of proprietary data. When FBI agents raided Sharp’s residence on Mar.

VPN

VPN Internet Internet Accountability

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Backdoor in Zyxel Firewalls and Gateways

Schneier on Security

JANUARY 6, 2021

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […]. aN_fXp” password.

Firewall

Firewall VPN Passwords Accountability

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. 10, 2020, Citrix disclosed additional details about the incident. But in a letter sent to affected individuals dated Feb. 13, 2018 and Mar.

VPN

VPN Passwords Software Telecommunications

I'm Partnering with NordVPN as a Strategic Advisor

Troy Hunt

AUGUST 6, 2020

Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! Are You Using These VPN Apps? The promise of "no logs" in particular is a favourite of VPN providers yet evidently, the reality doesn't always meet the promise.

VPN

VPN Marketing Encryption

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

MARCH 20, 2020

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. A joint advisory on CVE-2020-9054 from the U.S. which boasts some 100 million devices deployed worldwide.

IoT

IoT DDOS VPN Firewall

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, ” The CVE-2020-29583 flaw affects the firmware version 4.60 that is used by multiple Zyxel devices.

Firewall

Firewall VPN Firmware Passwords

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. authenticate the phone call before sensitive information can be discussed.

VPN

VPN Social Engineering Authentication Engineering

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ” reads the report. ” continues the alert. ” concludes the alert.

VPN

VPN Government Authentication Advertising

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

If 2020 taught us anything, it’s to expect the unexpected–and do the best we can in a rapidly changing world. Use a VPN: If you need to transmit sensitive information online, look into a VPN provider, or see if your workplace can provide one. That’s always the case when it comes to cybersecurity.

VPN

VPN Antivirus Passwords Backups

No, I Won't Link to Your Spammy Article

Troy Hunt

APRIL 6, 2020

The Ultimate Tor Browser Guide for 2020 The Best VPN for China 2020 How to know if someone is watching you on your camera 5 Ways to Stay Protected from Advanced Phishing Threats How to Access Windows Remote Desktop Over the Internet What We Need To Know About Bluetooth Security The Best Internet Browser for 2020 Two-Factor Authentication: ?What

Advertising

Advertising Internet Internet VPN

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Affected Products FortiOS 6.0 – 6.0.0

VPN

VPN Banking Passwords Malware

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. ” reads the report published by FireEye. ” continues the report.

VPN

VPN Hacking Authentication Government

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. ” reads the report published by ClearSky.

VPN

VPN Advertising Telecommunications Hacking

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering

Engineering VPN Accountability Software

Cisco fixes AnyConnect Client VPN zero-day disclosed in November

Security Affairs

MAY 13, 2021

Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client , tracked as CVE-2020-3556 , that was disclosed in November. Pierluigi Paganini.

VPN

VPN Mobile Authentication Software

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In reads the report published by FireEye. reads the report published by FireEye.

VPN

VPN Government Authentication Cybersecurity

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

2019 that wasn’t discovered until April 2020. In August 2020, KrebsOnSecurity warned about a marked increase in large corporations being targeted in sophisticated voice phishing or “vishing” scams. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware

Ransomware VPN Education Hacking

Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135

The State of Security

JUNE 22, 2021

Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. The post Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135 appeared first on The State of Security.

VPN

VPN Network Security Accountability

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN

VPN Internet Internet Software

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Below is the timeline for this vulnerability: 2020-10-26: Randori began initial research on GlobalProtect. 2020-11-19: Randori discovered the buffer overflow vulnerability. Randori said. Pierluigi Paganini.

VPN

VPN Firewall Internet Internet

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. SecurityAffairs – hacking, VPN).

VPN

VPN Authentication Hacking Information Security

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption VPN Malware

VPN Android apps: What you should know

Malwarebytes

MAY 24, 2021

In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users, revealing consumers’ email addresses, payment information, clear text passwords, device IDs, and more. All these people that work on [the VPN service], nobody is going to do it for free. There is no best free VPN for Android.

VPN

VPN Internet Internet Data breaches

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking

Hacking Social Engineering Phishing Scams

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

Security Affairs

DECEMBER 8, 2020

An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. and earlier. and earlier.

VPN

VPN Hacking Firmware Authentication

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. ” concludes the report.

Healthcare

Healthcare Ransomware VPN Malware

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

SEPTEMBER 26, 2023

26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. For more detailed information on each of these principles and how to get the VPN Trust Seal, please visit the VTI website.

VPN

VPN Internet Internet Technology

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

Tech CEO Sentenced to 5 Years in IP Address Scheme

Krebs on Security

OCTOBER 17, 2023

Shortly after Spamhaus started blocking Micfo’s IP address ranges, Micfo shifted gears and began reselling IP addresses mainly to companies marketing “virtual private networking” or VPN services that help customers hide their real IP addresses online. Golestan did not respond to a request for comment.

Internet

Internet Internet VPN Marketing

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Wazawaka Goes Waka Waka

Krebs on Security

FEBRUARY 14, 2022

Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. Wazawaka, a.k.a. Matveev, a.k.a. “Orange,” a.k.a.

Ransomware

Ransomware VPN Cybercrime Accountability

How SMBs met the 2020 challenge and predictions for 2021

Security Boulevard

FEBRUARY 10, 2021

In our recent “Voice of the Channel” survey, they gave us some interesting insights on how businesses met the challenges in 2020, and what’s in store for 2021. The post How SMBs met the 2020 challenge and predictions for 2021 first appeared on Untangle. It’s safe to say […].

Network Security

Network Security VPN Phishing Cybersecurity

7 VPN alternatives for securing remote network access

CSO Magazine

OCTOBER 11, 2021

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically.

VPN

VPN CSO

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. If you log in at the end website you’ve identified yourself to them, regardless of VPN. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. This is true. So, probably not a win.

VPN

VPN Risk Hacking Encryption

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Krebs on Security

NOVEMBER 17, 2021

But shortly after Spamhaus began blocking Micfo’s IP address ranges, Micfo shifted gears and began reselling IP addresses mainly to companies marketing “virtual private networking” or VPN services that help customers hide their real IP addresses online.

Internet

Internet Internet VPN Marketing

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Trending Sources

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Backdoor in Zyxel Firewalls and Gateways

Hackers Were Inside Citrix for Five Months

I'm Partnering with NordVPN as a Strategic Advisor

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Expert found a secret backdoor in Zyxel firewall and VPN

FBI, CISA Echo Warnings on ‘Vishing’ Threat

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

12 Online Resolutions for 2021

No, I Won't Link to Your Spammy Article

The global impact of the Fortinet 50.000 VPN leak posted online

APT hacked a US municipal government via an unpatched Fortinet VPN

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Which is the Threat landscape for the ICS sector in 2020?

Cisco fixes AnyConnect Client VPN zero-day disclosed in November

NetWalker ransomware operators have made $25 million since March 2020

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Analyzing SonicWall’s Unsuccessful Fix for CVE-2020-5135

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

US authorities have indicted Black Kingdom ransomware admin

VPN Android apps: What you should know

When Low-Tech Hacks Cause High-Impact Breaches

Top stories of 2020

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

NailaoLocker ransomware targets EU healthcare-related entities

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Tech CEO Sentenced to 5 Years in IP Address Scheme

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Wazawaka Goes Waka Waka

How SMBs met the 2020 challenge and predictions for 2021

7 VPN alternatives for securing remote network access

Everyday Threat Modeling

Tech CEO Pleads to Wire Fraud in IP Address Scheme

Stay Connected