Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. ” continues the company.

Accountability 105

Accountability Social Engineering Authentication VPN 105

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware 129

Ransomware VPN Authentication Hacking 129

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. CISA also warned to continue to audit privilege-level access accounts. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN 95

VPN Authentication Software Malware 95

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN 95

VPN Authentication Mobile Firewall 95

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication 56

Authentication Ransomware VPN Passwords 56

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. The client update process is executed after a successful VPN connection is established.” This behaviour can be abused to perform arbitrary file delete as NT AuthoritySYSTEM account.”

VPN 89

VPN Mobile Software Authentication 89

Malwarebytes

JULY 21, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats. The actively exploited CVE patched in this update is CVE-2023-3519 a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability with a CVSS score of 9.8

Authentication 98

Authentication VPN Cybercrime Cybersecurity 98

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. Active audit of privileged accounts that were recently created or updated. to gain access to ICS VPN appliances.

VPN 64

VPN Risk Architecture Firewall 64

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 91

Firewall Firmware VPN Authentication 91

SecureList

MAY 28, 2024

In 2023, trusted relationship cyberattacks ranked among the top three most frequently used attack vectors. According to 2023 statistics , only one in four affected organizations identified an incident as a result of detecting suspicious activity (launch of hacker tools, malware, network scanners, etc.)

VPN 74

VPN Accountability Passwords Antivirus 74

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. It’s not a pre-auth vuln, but it does enable admin authentication bypass, so it’s apples-to-apples from the attackers perspective. This vulnerability was assigned CVE-2023-20887.

VPN 52

VPN Backups Authentication Encryption 52

Duo's Security Blog

MARCH 6, 2024

In this attack method, a small number of commonly used passwords are tried over many user accounts in succession. Many free and open-source tools, including NLBrute, Crowbar and Hydra, currently exist to allow attackers to automate these efforts over many user accounts at once.

Authentication 137

Authentication Accountability VPN Passwords 137

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 100

VPN Cybercrime Ransomware Hacking 100

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 221

Risk VPN Internet Internet 221

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

SecureList

OCTOBER 17, 2023

This is our latest installment, focusing on activities that we observed during Q3 2023. The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption.

Government 108

Government Malware VPN Manufacturing 108

NopSec

DECEMBER 1, 2023

Wipe the gravy off your face, roll up your sleeves, and drop to a command line as we cover the trending CVEs for November 2023. Citrix Bleed CVE-2023-4966 Citrix Bleed is an information disclosure vulnerability that impacts Citrix NetScaler ADC and NetScaler Gateway. This basically results in authentication bypass. before 5.18.3

Authentication 59

Authentication VPN Internet Internet 59

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 107

Firewall VPN Software Risk 107

Security Affairs

MARCH 1, 2024

The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-21893. Multiple threat actors are chaining these issues to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges.

Authentication 75

Authentication Cyber threats VPN Government 75

eSecurity Planet

JANUARY 22, 2024

The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. The authenticated user must also be logged into an account on an instance of GHES. Affected keys included some encryption keys and the GitHub commit signing key. NetScaler ADC 13.1-FIPS

Authentication 111

Authentication Malware VPN Mobile 111

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations.

Phishing 64

Phishing Social Engineering Authentication Engineering 64

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 98

Telecommunications Authentication Data collection Passwords 98

SecureList

NOVEMBER 23, 2023

In our previous summary of consumer predictions , we delved into tactics that we expected scammers and cybercriminals to use in 2023. Despite the fact that our predictions regarding Metaverse did not fully materialize in 2023, we reiterate what we said earlier, as we consider this a long-term trend.

VPN 95

VPN Scams Education Internet 95

Thales Cloud Protection & Licensing

MAY 13, 2024

Multi-Factor Authentication: the mandatory first step for organizations moving to the cloud. million ATO attacks against their customers -The SolarWinds attack that compromised victim’s Microsoft365 accounts hit 100 companies and 9 US Federal Agencies.

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

Security Affairs

JULY 21, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Provision new account credentials.

VPN 73

VPN Cyber Attacks DNS Software 73

eSecurity Planet

MARCH 19, 2024

The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website. The fix: Fortinet advised users to disable SSL VPN until their FortiOS and FortiProxy deployments can be upgraded.

Authentication 117

Authentication VPN Software DDOS 117

eSecurity Planet

MARCH 16, 2023

Microsoft’s Patch Tuesday for March 2023 includes patches for more than 70 vulnerabilities, including zero-day flaws in Outlook and in Windows SmartScreen. Critical Outlook Zero-Day The Outlook zero-day, CVE-2023-23397 , with a critical CVSS score of 9.8, is being actively exploited.

Energy and Utilities 98

Energy and Utilities Authentication Firewall Engineering 98

Security Affairs

JUNE 8, 2023

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. It supports robust authentication mechanisms, encryption protocols, and network access controls to protect sensitive information and prevent unauthorized access.

Mobile 69

Mobile Authentication Software VPN 69

Malwarebytes

AUGUST 16, 2023

The CVE that the cybercriminals used to plant the backdoor is listed as: CVE-2023-3519 ( CVSS score 9.8 It affects appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an authentication, authorization and accounting (AAA) virtual server.

VPN 90

VPN Backups Accountability Authentication 90

Security Affairs

JULY 27, 2023

Based on indexing of another sensitive file we believe that the environment configuration file was exposed starting from February 2023. Cybercriminals could take over the official communication channels of DepositFiles, including social media accounts and abuse & support emails. researchers said. researchers said.

Data breaches 84

Data breaches VPN Media Passwords 84

Security Affairs

AUGUST 27, 2023

million in critical infrastructure cyber projects via new program Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability Defense contractor Belcan leaks admin password with a list of flaws Leaseweb is restoring ‘critical’ systems after security breach Microsoft is now a cybersecurity titan.

Cybercrime 74

Cybercrime Hacking Cryptocurrency Ransomware 74

Security Affairs

FEBRUARY 4, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Identity Theft 100

Identity Theft VPN Malware Ransomware 100

Hackology

DECEMBER 26, 2023

This helped them surpass the expected revenue in Q4 of 2023 , due to an overflow of new subscriptions. Current Netflix Password-sharing Policy Netflix only allows account sharing under a single, physical household. To make it clear, imagine you and your 4 friends plan to share the same Netflix account.

VPN 64

VPN Accountability Internet Internet 64

Security Boulevard

JANUARY 2, 2024

While the “prediction season” gains momentum, it's pivotal to reflect on the high impact of the 2023 cybersecurity landscape. Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Security Affairs

MAY 4, 2023

The threat actors allegedly obtained access to Ukraine’s public networks by using compromised VPN credentials. ” CERT-UA urges Ukrainian critical organizations using multi-factor authentication for VPN accounts, network segmentation and filtering of incoming, outgoing and inter-segment information flows. .

VPN 81

VPN Education Accountability Cyber Attacks 81

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. However, the same report shows that the human element accounted for 74% of data breaches. What’s the attack?

Phishing 65

Phishing Mobile Social Engineering Data breaches 65