2021, Information Security, Internet and VPN

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064 , in its GlobalProtect portal and gateway interfaces. 2021-11-10: This report was published.

VPN

VPN Firewall Internet Internet

Cisco fixes critical, high severity vulnerabilities in VPN routers

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. SecurityAffairs – hacking, VPN routers). ” reads the advisory.

VPN

VPN Small Business Hacking Internet

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Security Affairs

DECEMBER 10, 2022

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors. ” reads the post published by Censys.

Internet

Internet Internet VPN Mobile

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

50% of internet-facing GitLab installations are still affected by a RCE flaw

Security Affairs

NOVEMBER 2, 2021

Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205 , in GitLab’s web interface that has been actively exploited in the wild. It is now mitigated in the latest release and is assigned CVE-2021-22205.” ” reads the advisory published by GitLab.

Internet

Internet Internet VPN Hacking

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN

VPN Internet Internet Software

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021.

Firewall

Firewall VPN Firmware Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS

DNS Firmware VPN Risk

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens control of its citizens and blocked access to six virtual private networks (VPNs), including NordVPN and ExpressVPN. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN,

VPN

VPN Internet Internet Mobile

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing.

VPN

VPN Encryption Authentication Hacking

Social media partially disrupted in Cuba amid anti-government protests

Security Affairs

JULY 13, 2021

NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. VPN services have yet to be blocked in the country, allowing citizens to bypass internet censorship. Source Fox News. .”

Media

Media Government Internet Internet

PrinterLogic fixes high severity flaws in Printer Management Suite

Security Affairs

JANUARY 25, 2022

PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1). The flaws impact all PrinterLogic Web Stack version 19.1.1.13

VPN

VPN Internet Internet Software

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Security Affairs

AUGUST 3, 2023

” Government experts warn that in 2022, most of the exploited flaws were older software vulnerabilities and that threat actors targeted unpatched, internet-facing systems. The vulnerability was exploited by multiple threat actors [ 1 , 2 , 3 , 4 , 5 ], including Russia-linked APT groups that targeted critical infrastructure.

Authentication

Authentication VPN Internet Internet

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. It’s an extra layer of security.

VPN

VPN Passwords Internet Internet

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. It’s an extra layer of security.

VPN

VPN Passwords Internet Internet

QNAP will patche OpenSSL flaws in its NAS devices

Security Affairs

SEPTEMBER 1, 2021

We will release security updates and provide further information as soon as possible.” ” The two vulnerabilities are CVE-2021-3711 and CVE-2021-3712 , they are respectively a remote code execution (RCE) and denial-of-service (DoS). credentials) in the heap while the issue is exploited.

VPN

VPN Encryption Hacking Internet

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

In May 2021, cybercriminals offered more than 36,000 login credentials for.edu email accounts and advertised the data on an instant messaging platform. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform.

Cybercrime

Cybercrime Education Accountability Phishing

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria. billion last year.

Scams

Scams DDOS Cryptocurrency Accountability

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Sophos X-Ops is currently tracking a campaign by threat actors targeting unpatched Citrix NetScaler systems exposed to the internet. php) on victim machines.

VPN

VPN Ransomware DNS Malware

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Security Affairs

AUGUST 17, 2021

If the management interface is exposed to the internet, an attacker could trigger the issue to reach into the affected network beyond the DMZ. Such kinds of devices should only be reachable only via trusted, internal networks or a secure VPN connection. is expected to include a fix, and will be released at the end of August.

Authentication

Authentication VPN Internet Internet

Fileless SockDetour backdoor targets U.S.-based defense contractors

Security Affairs

FEBRUARY 26, 2022

Unit 42 attributes the malware to an APT campaign codenamed TiltedTemple (aka DEV-0322 ), threat actors also exploited the Zoho ManageEngine ADSelfService Plus vulnerability ( CVE-2021-40539 ) and ServiceDesk Plus vulnerability ( CVE-2021-44077 ). based defense contractor’s internet-facing Windows server on July 27, 2021.

Backups

Backups VPN Healthcare Malware

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

NOVEMBER 26, 2021

Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT

IoT Wireless DDOS VPN

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

The malware was spotted the first time in May 2021, but has been operating under the radar for more than two years. “Based on information associated with their x.509 509 certificates, we assess that some of these second stage C2s have been active since at least October 2021. ” continues the report.

Malware

Malware Advertising Cybercrime Passwords

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. “The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool.This recovery tool can recover Hive ransomware version 1 to version 4.”

Ransomware

Ransomware Cybersecurity Encryption VPN

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Small Business

Small Business Technology VPN Manufacturing

What do cybersecurity experts predict in 2022?

CyberSecurity Insiders

DECEMBER 24, 2021

As long-time information security professionals and (ISC)² Community Champions, we have experienced the way cybersecurity employees engage and work with one another continue to adapt in response to changes in the workplace and world at large. In 2021, we experienced a rapid evolution to these interactions. Privacy laws.

Cybersecurity

Cybersecurity Ransomware VPN Architecture

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Accountability

Accountability VPN Manufacturing Firewall

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. Based on information associated with their x.509 509 certificates, we assess that some of these second stage C2s have been active since at least October 2021. continues the report. “We “ SocksEscort[.]com

Malware

Malware Small Business Advertising Passwords

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

prize pool Zerodium will pay $300K for WordPress RCE exploits Crooks abuse website contact forms to deliver IcedID malware Hackers compromised APKPure client to distribute infected Apps This man was planning to kill 70% of Internet in a bomb attack against AWS.

Cyber Attacks

Cyber Attacks Firmware Malware VPN

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. ” continues the analysis. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner.

Accountability

Accountability Passwords Authentication Firmware

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

GE provides additional mitigations and information about these vulnerabilities in GE Publication Number: GES-2021-004 (login required).” The most severe issue addressed by the vendor is a critical “ INSECURE DEFAULT VARIABLE INITIALIZATION ” issue tracked as CVE-2021-27426 and rated with a CVSS score of 9.8

Firmware

Firmware VPN Firewall Risk

Multiple Sage X3 vulnerabilities expose systems to hack

Security Affairs

JULY 8, 2021

The experts reported the flaw to the software vendor in February 2021 and the company addressed them with the release of Sage X3 Version 9 (Syracuse 9.22.7.2), Sage X3 HR & Payroll Version 9 (Syracuse 9.24.1.3), Sage X3 Version 11 (Syracuse 11.25.2.6), and Sage X3 Version 12 (Syracuse 12.10.2.8). ” continues the report.

Hacking

Hacking Authentication VPN Software

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. hat tip @nathanqthai & @ackmage [link] pic.twitter.com/p8zIubXdzL — GreyNoise (@GreyNoiseIO) January 4, 2021. The vulnerability was discovered by the security researcher Niels Teusink from EYE.

Firmware

Firmware Passwords Accountability VPN

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Security Affairs

MARCH 10, 2022

The variant employed in the attack against the IT Army is able to steal a broad range of data, including web browser data, VPN tools, Discord, Steam, and cryptocurrency wallets. Talos experts believe this is an opportunistic campaign, the same IP address is has been distributing Phoenix since November 2021. 35) on port 6666.

DDOS

DDOS Digital transformation Malware Advertising

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Enforce MFA on all VPN connections [ D3-MFA ]. Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal network [ D3-NI ]. Enable robust logging of Internet-facing services and monitor the logs for signs of compromise [ D3-NTA ] [ D3-PM ].

Telecommunications

Telecommunications Authentication Passwords Accountability

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Provide users with training on information security principles and techniques, particularly on recognizing and avoiding phishing emails.

Passwords

Passwords Government Firmware Accountability

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The post APT groups chain VPN and Windows Zerologon bugs to attack US government networks appeared first on Security Affairs. ” concludes the alert. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Cisco fixes critical, high severity vulnerabilities in VPN routers

Webinars

Trending Sources

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Webinars

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

CISA published 2021 Top 15 most exploited software vulnerabilities

50% of internet-facing GitLab installations are still affected by a RCE flaw

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Expert found a secret backdoor in Zyxel firewall and VPN

Who and What is Behind the Malware Proxy Service SocksEscort?

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Some Synology products impacted by recently disclosed OpenSSL flaws

Social media partially disrupted in Cuba amid anti-government protests

PrinterLogic fixes high severity flaws in Printer Management Suite

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Your Guide to Hacker Summer Camp 2021

Your Guide to Hacker Summer Camp 2021

QNAP will patche OpenSSL flaws in its NAS devices

FBI: Compromised US academic credentials available on various cybercrime forums

A new Zerobot variant spreads by exploiting Apache flaws

Interview With a Crypto Scam Investment Spammer

FIN8-linked actor targets Citrix NetScaler systems

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Fileless SockDetour backdoor targets U.S.-based defense contractors

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Korean cybersecurity agency released a free decryptor for Hive ransomware

China-linked APT Volt Typhoon linked to KV-Botnet

What do cybersecurity experts predict in 2022?

FBI warns of ransomware attacks targeting the food and agriculture sector

China-linked APT Volt Typhoon targets critical infrastructure organizations

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs newsletter Round 309

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

CISA is warning of vulnerabilities in GE Power Management Devices

Multiple Sage X3 vulnerabilities expose systems to hack

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Crooks target Ukraine’s IT Army with a tainted DDoS tool

China-linked threat actors have breached telcos and network service providers

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Stay Connected