2023, Authentication, Cybersecurity and VPN

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN

VPN Firmware Authentication Phishing

The four cybersecurity trends to watch in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. This is why cybersecurity education has never been more important. The average American household has 22 connected devices.

Cybersecurity

Cybersecurity VPN Digital transformation Education

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. Researchers from cybersecurity firm Synacktiv published a technical analysis of a Rust malware, named KrustyLoader, that was delivered by threat actors exploiting the above vulnerabilities.

VPN

VPN Malware Authentication Small Business

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN

VPN Authentication Cyber Attacks Passwords

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

Major cybersecurity events in the last week make clear that hackers just keep getting savvier — and security teams need to be vigilant to keep up. Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. out of 10 on the CVSS vulnerability scale.

VPN

VPN Authentication Ransomware Antivirus

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. The flaw CVE-2023-46805 (CVSS score 8.2) CISA also warned to continue to audit privilege-level access accounts.

VPN

VPN Authentication Software Malware

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN

VPN Authentication Mobile Firewall

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country.

Ransomware

Ransomware Backups VPN Authentication

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Malwarebytes

JULY 21, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical unauthenticated remote code execution (RCE) vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. We urge everyone else to take it seriously too.

Authentication

Authentication VPN Cybercrime Cybersecurity

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. This article details two major findings from the report: five major cybersecurity threats and prioritization problems.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. to gain access to ICS VPN appliances. Users are advised to apply this patch promptly to secure their systems.

VPN

VPN Risk Architecture Firewall

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication

Authentication Ransomware VPN Passwords

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk VPN Internet Internet

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country.

Ransomware

Ransomware Backups VPN Authentication

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Malwarebytes

JANUARY 11, 2023

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. ended January 10, 2023. The actively exploited vulnerability is listed as CVE-2023-21674. In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection. SharePoint Server.

B2B

B2B Encryption VPN Software

Act now! Ivanti vulnerabilities are being actively exploited

Malwarebytes

JANUARY 11, 2024

Successful exploitation would give an attacker the ability to run arbitrary code on Ivanti’s Virtual Private Network (VPN) system. Ivanti Connect Secure is a widely used VPN solution that allows users to connect to their organization’s network. The CVEs mentioned in these reports are: CVE-2023-46805 ( CVSS score 8.2

VPN

VPN Authentication Software Risk

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 18, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2023-6549 is a Denial of Service.

Authentication

Authentication VPN Software Engineering

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. Both vulnerabilities affected authenticated users of Apache Oozie and Apache Ambari.

VPN

VPN Authentication Software Firewall

CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities

Malwarebytes

JANUARY 19, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog , and it has set the “due date” a week after they were added. Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not impacted. out of 10.

Authentication

Authentication VPN Internet Internet

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

APRIL 15, 2024

Last week’s cybersecurity incidents revealed significant vulnerabilities across multiple platforms. Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client.

Firewall

Firewall VPN Software Risk

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Security Affairs

JUNE 12, 2023

Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. This is reachable pre-authentication, on every SSL VPN appliance.

Firewall

Firewall VPN Authentication Media

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

The vulnerability also exists on GitHub Enterprise Server, but it can only be exploited by an authenticated user with an organization owner role. The authenticated user must also be logged into an account on an instance of GHES. Affected keys included some encryption keys and the GitHub commit signing key. and later releases of 13.1

Authentication

Authentication Malware VPN Mobile

Citrix Bleed widely exploitated, warn government agencies

Malwarebytes

NOVEMBER 24, 2023

In a joint cybersecurity advisory , the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability. out of 10). NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15

Government

Government Ransomware Backups Software

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT

IoT DDOS Passwords Malware

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Security Affairs

MARCH 1, 2024

The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. Below are the descriptions of the vulnerabilities included in the advisory: The flaw CVE-2023-46805 (CVSS score 8.2) ” reads the advisory.

Authentication

Authentication Cyber threats VPN Government

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

No matter where they are, people around the world should be prepared for cybersecurity incidents. We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Verdict: very limited fulfillment of the prediction ❌ APT predictions for 2023.

Firmware

Firmware Surveillance Mobile Telecommunications

Cloudflare One SASE Review & Features 2023

eSecurity Planet

SEPTEMBER 25, 2023

Customers on this tier will receive Logpush to security incident and event management (SIEM) tools or cloud storage and certificate-based mTLS Authentication for internet of things (IoT) devices. Subscribe The post Cloudflare One SASE Review & Features 2023 appeared first on eSecurity Planet. You can unsubscribe at any time.

DNS

DNS DDOS IoT Firewall

Intro to Phishing: How Dangerous Is Phishing in 2023?

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 For one, solutions like Google Authenticator or Authy were far more confusing for the user during the enrollment process,” Stockdale said.

Phishing

Phishing Social Engineering Authentication Engineering

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Security Affairs

SEPTEMBER 18, 2023

The company states that one of its employees was compromised on August 27, 2023, via a spear phishing attack. The attackers deepfaked the actual voice of one of the IT staffers and tricked the employee into providing the multi-factor authentication (MFA) code. What we had originally implemented was multi-factor authentication.

Accountability

Accountability Social Engineering Authentication VPN

CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices

Security Affairs

JULY 21, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed.

VPN

VPN Cyber Attacks DNS Software

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

In January 2024, the Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. Threat actors are wiping NAS and backup devices.

Ransomware

Ransomware VPN Government Retail

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. “This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method.

Ransomware

Ransomware Encryption VPN Manufacturing

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

VPN

VPN Software Firewall Authentication

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

eSecurity Planet

MARCH 19, 2024

The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website. The fix: Fortinet advised users to disable SSL VPN until their FortiOS and FortiProxy deployments can be upgraded.

Authentication

Authentication VPN Software DDOS

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Hacking Engineering Manufacturing

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft

Identity Theft VPN Malware Ransomware

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

eSecurity Planet

MARCH 11, 2024

March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199 , allow unauthenticated attackers to exploit JetBrains TeamCity servers. and earlier OpenEdge 12.2.13 and earlier OpenEdge 12.8.0

Authentication

Authentication Software VPN Security Defenses

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 27, 2023

million in critical infrastructure cyber projects via new program Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability Defense contractor Belcan leaks admin password with a list of flaws Leaseweb is restoring ‘critical’ systems after security breach Microsoft is now a cybersecurity titan. Korean Kimsuky APT targets S.

Cybercrime

Cybercrime Hacking Cryptocurrency Ransomware

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

The four cybersecurity trends to watch in 2023

Webinars

Trending Sources

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Webinars

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

Multiple malware used in attacks exploiting Ivanti VPN flaws

Zyxel firewall and VPN devices affected by critical flaws

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Akira ransomware targets Finnish organizations

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

CISA Order Highlights Persistent Risk at Network Edge

Akira ransomware targets Finnish organizations

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Act now! Ivanti vulnerabilities are being actively exploited

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Akira ransomware received $42M in ransom payments from over 250 victims

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Citrix Bleed widely exploitated, warn government agencies

Overview of IoT threats in 2023

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Advanced threat predictions for 2023

Cloudflare One SASE Review & Features 2023

Intro to Phishing: How Dangerous Is Phishing in 2023?

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Researchers released a free decryption tool for the Rhysida Ransomware

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

Rhysida ransomware gang claimed China Energy hack

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

Security Affairs newsletter Round 434 by Pierluigi Paganini – International edition

Stay Connected