Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier. MR3 (18.5.3)

Firewall 84

Firewall Authentication VPN Hacking 84

Security Boulevard

NOVEMBER 9, 2022

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw. Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. CVE-2022-27516 – The vulnerability is a user login brute force protection functionality bypass.

Authentication 52

Authentication VPN Phishing Hacking 52

Malwarebytes

DECEMBER 14, 2022

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. The vulnerability that is exploited in the wild is listed under CVE-2022-44698 and described as a Windows SmartScreen Security Feature bypass vulnerability. CVE-2022-44670 and CVE-2022-44676 are remote code execution (RCE) vulnerabilities.

Internet 92

Internet Internet VPN Authentication 92

Security Affairs

MAY 26, 2022

Below is the list of the four vulnerabilities, the most severe one is a command injection flaw in some CLI commands tracked as CVE-2022-26532 (CVSS v3.1 CVE-2022-0910 : An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.

Firewall 119

Firewall VPN Authentication Cyber Attacks 119

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 108

Ransomware Backups VPN Authentication 108

CSO Magazine

JANUARY 13, 2023

Remote code execution in FortiOS SSL-VPN. The vulnerability, tracked as CVE-2022-42475 , is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.

Network Security 113

Network Security VPN Authentication Government 113

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. “TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it.

Firewall 92

Firewall VPN Cybercrime Software 92

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 268

Hacking Social Engineering Phishing Scams 268

Malwarebytes

OCTOBER 24, 2022

Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an authenticated, remote attacker to read and delete files on an affected device. The most urgent patch in this update is aimed at CVE-2022-20822. The bug, with a CVSS score of 7.1

VPN 74

VPN Authentication Engineering Internet 74

Security Boulevard

APRIL 27, 2022

Risky Behavior: VPN Providers Installing Root Certificates Without User Consent. Wed, 04/27/2022 - 16:21. Some VPN apps automatically install self-signed trusted root certificates without informed user consent, says cybersecurity research firm AppEsteem. “We brooke.crothers. And this can lead to security holes. Encryption.

VPN 52

VPN Encryption Risk Authentication 52

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal). LockBit 2.0.

Ransomware 69

Ransomware Phishing Accountability Technology 69

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 84

Ransomware Backups VPN Authentication 84

Heimadal Security

SEPTEMBER 13, 2022

The American technology giant, Cisco, confirmed that the data leaked by Yanluowang ransomware gang on September 11, 2022, is authentic. The company’s network has been breached through the VPN account of an employee. The data now released on the dark web was stolen in a cyberattack in May, this year.

Ransomware 93

Ransomware VPN Authentication Accountability 93

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 213

Risk VPN Internet Internet 213

Fox IT

FEBRUARY 22, 2023

The adversary exploited the R1Soft server software via CVE-2022-36537 [1] [2] , which is a vulnerability in the ZK Java Framework that R1Soft Server Backup Manager utilises. Further research by us indicates that world-wide exploitation of R1Soft server software started around the end of November 2022.

Backups 69

Backups Software Authentication Internet 69

Security Affairs

APRIL 28, 2023

through 4.73, VPN series firmware versions 4.60 The company also fixed a high-severity post-authentication command injection issue ( CVE-2023-27991 , CVSS score: 8.8) through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.16

Firewall 93

Firewall Firmware VPN Authentication 93

Security Affairs

SEPTEMBER 12, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user. . ” reads an update published by Cisco on September September 11, 2022.

Ransomware 98

Ransomware VPN Authentication Phishing 98

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products.

Firewall 81

Firewall Firmware Authentication VPN 81

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Top game titles by number of related threats.

Mobile 96

Mobile Passwords Software Accountability 96

NopSec

SEPTEMBER 27, 2022

In this month’s edition of trending CVEs, we feature a blast from the past that provides an excellent example of how a forgotten unpatched flaw can lead to supply chain poisoning with our September 2022 Patch Now * recipient. Lets dig into some trending CVEs for September, 2022: 1. Severity: Medium Complexity: Low CVSS Score: 6.8

Risk 52

Risk VPN Authentication Accountability 52

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware 124

Ransomware Hacking VPN Phishing 124

Security Affairs

SEPTEMBER 2, 2022

Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022. The experts also discovered posts on a Dark Web access broker auction site where a threat actor was purchasing VPN credentials for large U.S.

Hacking 96

Hacking VPN Ransomware Authentication 96

SecureWorld News

DECEMBER 15, 2022

This vulnerability is a critical remote code execution (RCE) bug, tracked as CVE-2022-27518, which would allow the threat actor to "facilitate illegitimate access to targeted organizations by bypassing normal authentication controls.".

VPN 83

VPN Ransomware Authentication Cybersecurity 83

Security Affairs

OCTOBER 17, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. “Note (!)

Telecommunications 103

Telecommunications Authentication Data collection Passwords 103

SecureWorld News

OCTOBER 24, 2022

As of October 2022, per FBI Internet Crime Complaint Center (IC3) data, specifically victim reports across all 16 critical infrastructure sectors, the HPH Sector accounts for 25 percent of ransomware complaints.". businesses with ransomware and data extortion operations.

Ransomware 75

Ransomware VPN Healthcare Cybercrime 75

Malwarebytes

OCTOBER 20, 2022

Since at least August 2022, Venus has been causing chaos and has become rather visible lately. — MalwareHunterTeam (@malwrhunterteam) October 6, 2022. — MalwareHunterTeam (@malwrhunterteam) October 6, 2022. If you're able to use rate limiting alongside your VPN login too, then so much the better.

Ransomware 87

Ransomware Encryption VPN Passwords 87

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 82

Firewall VPN Firmware Manufacturing 82

Security Affairs

SEPTEMBER 24, 2022

Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, its exploitation can lead to code execution (RCE). and impacts Firewall versions 18.5

Firewall 77

Firewall VPN Authentication Hacking 77

Malwarebytes

MARCH 4, 2022

The flaws could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. These are the CVEs you need to know: CVE-2022-20754. CVE-2022-20755. and CVE-2022-20756 (CVSS score of 8.6).

Small Business 73

Small Business Authentication Software VPN 73

Security Affairs

MAY 4, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The threat actors allegedly obtained access to Ukraine’s public networks by using compromised VPN credentials.

VPN 84

VPN Education Accountability Cyber Attacks 84

eSecurity Planet

APRIL 19, 2023

Portnox is a private company that specializes in network access security with nearly 1,000 customers and closed a Series A fundraising with Elsewhere Partners for $22 million in 2022. authentication to gather endpoint information for reporting and enforcement. Agents Portnox does not require an agent.

IoT 93

IoT Authentication VPN Backups 93

Malwarebytes

APRIL 4, 2022

Zyxel says the vulnerability, listed as CVE-2022-0342 , is an authentication bypass vulnerability caused by the lack of a proper access control mechanism, which has been found in the CGI program of some firewall versions. The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device.

Firewall 76

Firewall Firmware VPN Authentication 76

CyberSecurity Insiders

DECEMBER 6, 2022

Companies have struggled to cope with surging costs, an extremely tight labor market, a looming recession, and many other issues that have made 2022 a uniquely turbulent and unpredictable year. According to the 2022 Verizon Data Breach Investigations Report , 82 percent of breaches over the preceding year involved a human element.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Digital transformation 214

Digital transformation Computers and Electronics Cybersecurity Encryption 214

Krebs on Security

JULY 10, 2022

Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. “I get so angry when I think about all this,” he said.

Accountability 315

Accountability Passwords Authentication Password Management 315

eSecurity Planet

AUGUST 28, 2023

OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May. August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools.

VPN 87

VPN Authentication Mobile Firewall 87

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” ” concludes the report.

Hacking 90

Hacking VPN Marketing Authentication 90