2021, Information Security and VPN - Cyber Security Informer

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064 , in its GlobalProtect portal and gateway interfaces. 2021-11-10: This report was published.

VPN

VPN Firewall Internet Internet

Cisco fixes critical, high severity vulnerabilities in VPN routers

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. SecurityAffairs – hacking, VPN routers). ” reads the advisory.

VPN

VPN Small Business Hacking Internet

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances.

VPN

VPN Authentication Hacking Information Security

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

VPN

VPN Small Business Wireless Firmware

Expired certificate caused a Pulse Secure VPN global scale outage

Security Affairs

APRIL 12, 2021

Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired. Pierluigi Paganini.

VPN

VPN Software Hacking Information Security

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Government Authentication Cybersecurity

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Security Affairs

AUGUST 19, 2021

Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers. Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. Pierluigi Paganini.

Small Business

Small Business Wireless VPN Firewall

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Security Affairs

MAY 25, 2021

A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated attacker to execute arbitrary code with elevated privileges.

VPN

VPN Authentication Hacking Software

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021.

Firewall

Firewall VPN Firmware Passwords

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday. Pierluigi Paganini.

VPN

VPN Media Hacking Information Security

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN

VPN Internet Internet Software

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. mike [link] pic.twitter.com/fkU2USEZis — Swisscom CSIRT (@swisscom_csirt) January 26, 2021. SecurityAffairs – hacking, Fortinet VPN). ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. Pierluigi Paganini.

Hacking

Hacking VPN Passwords Ransomware

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS

DNS Firmware VPN Risk

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices

Security Affairs

JULY 6, 2021

Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. reads the security advisory published by SonicWall. .” This vulnerability only impacts on-premises NSM deployments.

Authentication

Authentication Network Security VPN Firewall

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The state sponsored hackers also uses the VPN access to scan for vulnerabilities in targeted organizations.

VPN

VPN Manufacturing Education Hacking

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware

Ransomware Passwords Scams Government

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing.

VPN

VPN Encryption Authentication Hacking

US, UK, and Australian agencies warn of top routinely exploited issues

Security Affairs

JULY 28, 2021

The cybersecurity agencies warn of attacks aimed at exploiting flaws in VPN appliances, network equipment and enterprise cloud applications from multiple vendors, including Atlassian, Citrix. “Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. .

VPN

VPN Cybersecurity Hacking Technology

Five Canadian Hospitals impacted by a ransomware attack on TransForm provider

Security Affairs

NOVEMBER 8, 2023

Bluewater Health hospital confirmed that threat actors stole a database containing information on 5.6 Chatham-Kent Health Alliance reported that threat actors had access to data belonging to 1446 employees who worked in the hospital as of February 2021. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware Healthcare VPN Insurance

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN, VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, and IPVanish VPN. ” reads the announcement published by Roskomnadzor.

VPN

VPN Internet Internet Mobile

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Security Affairs

SEPTEMBER 8, 2021

The ransomware group has been active since August 2021 and implement a double extortion model like other gangs. SongBird also created a post on the RAMP forum that includes a link to a file containing the Fortinet VPN accounts. 2,959 out of 22,500 victims are US entities.

VPN

VPN Ransomware Hacking Accountability

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 The flaw received a CVSS score of 9.1,

Malware

Malware VPN Authentication Hacking

QNAP will patche OpenSSL flaws in its NAS devices

Security Affairs

SEPTEMBER 1, 2021

We will release security updates and provide further information as soon as possible.” ” The two vulnerabilities are CVE-2021-3711 and CVE-2021-3712 , they are respectively a remote code execution (RCE) and denial-of-service (DoS). credentials) in the heap while the issue is exploited.

VPN

VPN Encryption Hacking Internet

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless

Wireless VPN Software Hacking

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Security Affairs

DECEMBER 10, 2022

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors.

Internet

Internet Internet VPN Mobile

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. It’s an extra layer of security.

VPN

VPN Passwords Internet Internet

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. It’s an extra layer of security.

VPN

VPN Passwords Internet Internet

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Security Affairs

AUGUST 3, 2023

The vulnerability was exploited by multiple threat actors [ 1 , 2 , 3 , 4 , 5 ], including Russia-linked APT groups that targeted critical infrastructure.

Authentication

Authentication VPN Internet Internet

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs

DECEMBER 14, 2023

The authorities reported that from June 2021 through at least November 2022, threat actors targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health (HPH).

Ransomware

Ransomware Cryptocurrency Cybercrime VPN

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Security Affairs

APRIL 9, 2021

According a security advisory published by the company, Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers are affected by Remote Command Execution vulnerability that resides in the Management Interface. The flaw, tracked as CVE-2021-1459, has been rated with a CVSS score of 9.8

Small Business

Small Business Wireless VPN Firewall

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN

VPN Ransomware Manufacturing IoT

New RedLine malware version distributed as fake Omicron stat counter

Security Affairs

JANUARY 12, 2022

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. 2021-11-26 04:34:54 2021-11-26 10:05:15 149.154.167.91 154.167.91

Malware

Malware Manufacturing Cryptocurrency Cybercrime

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. Internationally sourced data, exfiltrated in Sept and Aug 2021.

Accountability

Accountability Malware Data breaches Passwords

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Cisco fixes critical, high severity vulnerabilities in VPN routers

Trending Sources

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

APT hacked a US municipal government via an unpatched Fortinet VPN

Cisco fixes critical remote code execution issues in SMB VPN routers

Expired certificate caused a Pulse Secure VPN global scale outage

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

CISA published 2021 Top 15 most exploited software vulnerabilities

China-linked APT groups targets orgs via Pulse Secure VPN devices

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs most-read cyber stories of 2021

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices

China-linked Flax Typhoon APT targets Taiwan

Cyber Security Roundup for May 2021

Some Synology products impacted by recently disclosed OpenSSL flaws

US, UK, and Australian agencies warn of top routinely exploited issues

Five Canadian Hospitals impacted by a ransomware attack on TransForm provider

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Who and What is Behind the Malware Proxy Service SocksEscort?

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

QNAP will patche OpenSSL flaws in its NAS devices

Old vulnerabilities in Cisco products actively exploited in the wild

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Your Guide to Hacker Summer Camp 2021

Your Guide to Hacker Summer Camp 2021

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

French authorities arrested a Russian national for his role in the Hive ransomware operation

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Security Affairs newsletter Round 326

New RedLine malware version distributed as fake Omicron stat counter

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Stay Connected