Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 93

Firewall Firmware VPN Authentication 93

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 21, 2022. and impacts Sophos Firewall versions 18.5 MR3 (18.5.3)

Firewall 79

Firewall Authentication Hacking Cybersecurity 79

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall 77

Firewall VPN Authentication Hacking 77

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. critical severity score of 9.8)

Firewall 94

Firewall VPN Authentication Hacking 94

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device. Patch 5 in May 2022. The vulnerability. USG FLEX ZLD V4.50

Firewall 76

Firewall Firmware VPN Authentication 76

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 5 in May 2022.

Firewall 85

Firewall VPN Firmware Authentication 85

Security Affairs

MARCH 29, 2022

Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040 , that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3)

Firewall 65

Firewall Authentication Hacking Cybersecurity 65

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

OCTOBER 14, 2022

Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) SecurityAffairs – hacking, CVE-2022-40684).

Authentication 115

Authentication Firewall Hacking Risk 115

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online.

Authentication 132

Authentication Firewall Hacking Risk 132

Security Affairs

SEPTEMBER 8, 2022

The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) The CVE-2022-28199 flaw stems from a lack of proper error handling in DPDK’s network stack. Cisco also addressed a medium severity issue, tracked as CVE-2022-20863 (CVSS score: 4.3), in Cisco Webex Meetings App.

Authentication 135

Authentication Small Business Software Firewall 135

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication 102

Authentication Firewall Hacking Risk 102

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 SecurityAffairs – hacking, CVE-2022-0030).

Firewall 145

Firewall Authentication Software Hacking 145

Hacker Combat

APRIL 22, 2022

Below are Seven ransomware protection tips to help you secure data in 2022; #1 Do not open suspicious attachments. 3 Enable multi-factor authentication. If you have ever had to sign in to your email and then insert a code sent to your phone to verify your identity, you are already familiar with multi-factor authentication.

Ransomware 105

Ransomware Firewall Passwords Authentication 105

Security Boulevard

NOVEMBER 7, 2022

Fortinet recently discovered an authentication bypass flaw in its FortiOS, FortiProxy, and FortiSwitchManager appliances. Customers of Fortinet who use vulnerable product instances are at great risk because the security flaw, designated as CVE-2022-40684, is currently being actively used in the wild.

Authentication 52

Authentication Risk Firewall Cyber threats 52

Security Affairs

JUNE 13, 2023

The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. The issue impacts at least: FortiOS-6K7K version 7.0.10 through 6.2.13

Firewall 82

Firewall VPN Firmware Manufacturing 82

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers,” the company said.

Firewall 92

Firewall VPN Cybercrime Software 92

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products.

Firewall 81

Firewall Firmware Authentication VPN 81

Security Affairs

APRIL 28, 2024

“The security assessment was provided in September 2022 to the Brocade support through Dell but it was rejected by Brocade because it didn’t address the latest version of SANnav.” The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 ” wrote Barre.

Firewall 106

Firewall Authentication Architecture Backups 106

The Hacker News

OCTOBER 7, 2022

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices.

Firewall 94

Firewall Authentication 94

The Hacker News

OCTOBER 10, 2022

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and proxy products is being actively exploited in the wild.

Firewall 93

Firewall Authentication 93

Security Affairs

OCTOBER 12, 2022

Below are the vulnerabilities addressed by Aruba: CVE-2022-37913 and CVE-2022-37914 (CVSS v3.1 – 9.8) Authentication bypass vulnerabilities that resides in the web-based management interface of EdgeConnect Orchestrator. Threat actors can trigger the issue to bypass authentication.

Authentication 119

Authentication Firewall Hacking Information Security 119

Herjavec Group

MARCH 24, 2022

Being PCI compliant is essential to properly handle sensitive data including payment card data, cardholder data, and even sensitive authentication data. The fourth version of the PCI DDS launch date has not yet been specifically announced, however, the PCI SSC has declared it will be released before the end of March 2022. The Solution.

Architecture 98

Architecture Penetration Testing Firewall eCommerce 98

Security Affairs

NOVEMBER 29, 2022

Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684 , in Fortinet products. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild.

VPN 99

VPN Firewall Authentication Internet 99

McAfee

NOVEMBER 14, 2021

McAfee Enterprise and FireEye recently teamed to release their 2022 Threat Predictions. In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022. insufficient authentication and authorization restrictions.

IoT 102

IoT Risk Marketing Software 102

Security Affairs

NOVEMBER 3, 2022

One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374 , in Log pages of FortiADC. Another issue addressed by the company is a command injection in CLI command, tracked as CVE-2022-33870 , of FortiTester. The full list of vulnerabilities addressed in November 2022 is available here. Pierluigi Paganini.

Firewall 100

Firewall Authentication Passwords Hacking 100

The Last Watchdog

NOVEMBER 12, 2023

Following a successful debut in November 2022, Matter is picking up steam, Nelson told me. Matter works much the way website authentication and website traffic encryption gets executed. Support for DMARC To implement BIMI, companies must embrace DMARC , which stands for “domain-based message authentication, reporting and conformance.”

Manufacturing 276

Manufacturing Authentication Marketing Encryption 276

eSecurity Planet

MARCH 4, 2022

Also read: Top Vulnerability Management Tools for 2022. The new guidance is significantly more comprehensive and in-depth, addressing network architecture, maintenance, authentication, routing, ports, remote logging, monitoring and administration. Also read: Top Microsegmentation Tools for 2022. Limit authentication attempts.

Network Security 132

Network Security Architecture Authentication Firewall 132

eSecurity Planet

APRIL 29, 2024

April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege. Although fixed in the October 2022 updates, Microsoft notes that the zero-day vulnerability may have been exploited as early as April 2019. Attackers can easily exploit 10.0

Firewall 93

Firewall Software Ransomware Penetration Testing 93

Security Boulevard

OCTOBER 7, 2022

Fortinet has identified a critical vulnerability within its FortiGate firewalls and FortiProxy web proxies. Fortinet has released patches for a critical authentication bypass vulnerability tracked as CVE-2022-40684. Read on to learn if you’re affected and what you need to do to mitigate the threat. What’s going on?

Firewall 52

Firewall Authentication 52

Malwarebytes

APRIL 25, 2023

GA-01-22320 and prior (Windows 10, 11 Windows Server 2016, 2019, 2022)) Schneider Electric Easy UPS Online Monitoring Software (V2.5-GS-01-22320 GS-01-22320 and prior (Windows 10, 11 Windows Server 2016, 2019, 2022)) The Easy UPS Online Monitoring Software is used to configure and manage APC and Schneider Electric branded Easy UPS products.

Software 75

Software Authentication Firewall Risk 75

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. ” reads the joint report. ” continues the report.

Energy and Utilities 95

Energy and Utilities Government Firewall Malware 95

Security Affairs

JUNE 14, 2023

“VMware Tools contains an Authentication Bypass vulnerability in the vgauth module.” “A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.” ” reads the advisory published by VMware.

Authentication 85

Authentication Malware Firewall Hacking 85

Security Affairs

JANUARY 19, 2024

Researchers from Mandiant first detailed the activity of the group in September 2022 when they discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant observed crashes across multiple UNC3886 cases between late 2021 and early 2022. ” reads the report published by Mandiant.

Firewall 110

Firewall Accountability Malware Authentication 110

Security Affairs

APRIL 21, 2022

Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) , tracked as CVE-2022-20773, that could be exploited by an unauthenticated attacker to steal admin credentials remotely. “This vulnerability is due to the presence of a static SSH host key.

DNS 111

DNS Firewall Internet Internet 111

Cisco Security

NOVEMBER 1, 2022

Helping increase resistance to phishing attacks and improve user experience through frictionless access using Duo Passwordless , which is now generally available with support for Duo Mobile as a passwordless authenticator. Secure Firewall 3100 Series.

Firewall 52

Firewall Marketing Healthcare Mobile 52

CyberSecurity Insiders

MAY 6, 2021

Its website security plans offer SSL Certification that arrives with Web Application Firewall(WAF) protection. Also, the firewall offered by the company blocks all kinds of DDoS and Malware attacks that could damage the website- thus the reputation of the company.

Passwords 128

Passwords Firewall DDOS Backups 128