Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication 56

Authentication Ransomware VPN Passwords 56

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware 107

Ransomware Backups VPN Authentication 107

NopSec

JUNE 30, 2023

Leading this month’s advisories we have a duo of pre-auth RCE vulnerabilities that impact Fortinet’s Fortigate SSL VPN and VMWare’s VRealize Network Insight. It’s not a pre-auth vuln, but it does enable admin authentication bypass, so it’s apples-to-apples from the attackers perspective. This vulnerability was assigned CVE-2023-20887.

VPN 52

VPN Backups Authentication Encryption 52

CyberSecurity Insiders

DECEMBER 6, 2022

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware 83

Ransomware Backups VPN Authentication 83

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. to gain access to ICS VPN appliances. to gain access to ICS VPN appliances.

VPN 64

VPN Risk Architecture Firewall 64

SecureList

MAY 28, 2024

In 2023, trusted relationship cyberattacks ranked among the top three most frequently used attack vectors. According to 2023 statistics , only one in four affected organizations identified an incident as a result of detecting suspicious activity (launch of hacker tools, malware, network scanners, etc.)

VPN 75

VPN Accountability Passwords Antivirus 75

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services.

IoT 92

IoT DDOS Passwords Malware 92

SecureList

OCTOBER 17, 2023

This is our latest installment, focusing on activities that we observed during Q3 2023. The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption.

Government 109

Government Malware VPN Manufacturing 109

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware 98

Malware DNS Authentication Telecommunications 98

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 102

Telecommunications Authentication Data collection Passwords 102

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft 103

Identity Theft VPN Malware Ransomware 103

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 107

Firewall VPN Software Risk 107

Security Affairs

SEPTEMBER 18, 2023

The company states that one of its employees was compromised on August 27, 2023, via a spear phishing attack. The attackers deepfaked the actual voice of one of the IT staffers and tricked the employee into providing the multi-factor authentication (MFA) code. The attackers changed emails for users and reset passwords.

Accountability 108

Accountability Social Engineering Authentication VPN 108

SecureList

APRIL 22, 2024

Diagram of SSH tunnel creation SoftEther VPN The next tool that the attackers used for tunneling was the server utility (VPN Server) from the SoftEther VPN package. To launch the VPN server, the attackers used the following files: vpnserver_x64.exe IP Country + ASN Net name Net Description Address Email 103.27.202[.]85

VPN 113

VPN Passwords Encryption Malware 113

Thales Cloud Protection & Licensing

MAY 13, 2024

Multi-Factor Authentication: the mandatory first step for organizations moving to the cloud. But there is one simple solution to drastically reduce the risk of account take-over: enable Multi-Factor Authentication. markets.

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

Security Affairs

JANUARY 24, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware 104

Ransomware VPN Government Retail 104

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company. What we predicted in 2022.

Firmware 111

Firmware Surveillance Mobile Telecommunications 111

Duo's Security Blog

MARCH 6, 2024

In this attack method, a small number of commonly used passwords are tried over many user accounts in succession. Research by Sophos estimates that 95% of all attacks in the first half of 2023 involved RDP access and emphasizes taking steps to further secure RDP applications.

Authentication 137

Authentication Accountability VPN Passwords 137

Duo's Security Blog

DECEMBER 12, 2023

In fact, IBM's 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in the cloud. IBM’s 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in the cloud. Additionally, it imposes a substantial workload on IT administrators responsible for user account management.

Data breaches 85

Data breaches Authentication Passwords Risk 85

Security Affairs

AUGUST 27, 2023

million in critical infrastructure cyber projects via new program Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability Defense contractor Belcan leaks admin password with a list of flaws Leaseweb is restoring ‘critical’ systems after security breach Microsoft is now a cybersecurity titan.

Cybercrime 77

Cybercrime Hacking Cryptocurrency Ransomware 77

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices.

Cybersecurity 119

Cybersecurity DDOS Penetration Testing Passwords 119

Security Affairs

JULY 21, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. “Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Reimage compromised hosts.

VPN 77

VPN Cyber Attacks DNS Software 77

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. The hackers were also able to turn off the two-factor authentication (2FA). On March 17-18th, 2023, GENERAL BYTES experienced a security incident. “Please keep your CAS behind a firewall and VPN. and 20230120.44.”

Cryptocurrency 78

Cryptocurrency VPN Manufacturing Firewall 78

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 With Duo, the University team stood up integrations within days instead of the predicted weeks or months , protecting their apps and VPN.

Phishing 67

Phishing Social Engineering Authentication Engineering 67

eSecurity Planet

MARCH 11, 2024

March 4, 2024 JetBrains Server Issues Continue with New Vulnerabilities Type of vulnerability: Authentication bypass. The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199 , allow unauthenticated attackers to exploit JetBrains TeamCity servers. and earlier OpenEdge 12.2.13 and earlier OpenEdge 12.8.0

Authentication 107

Authentication Software VPN Security Defenses 107

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. We appreciate alphaMountain.ai , Pulsedive and Recorded Future donating full licenses to the Black Hat USA 2023 NOC. Hunter summer camp is back.

Wireless 61

Wireless DNS Mobile Technology 61

eSecurity Planet

MARCH 19, 2024

The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website. The fix: Fortinet advised users to disable SSL VPN until their FortiOS and FortiProxy deployments can be upgraded.

Authentication 117

Authentication VPN Software DDOS 117

Security Affairs

NOVEMBER 15, 2023

The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 62 companies are victims of the operation. VPNs, RDPs) to gain initial access to the target network and maintain persistence.

Ransomware 112

Ransomware Manufacturing Healthcare Education 112

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Based on indexing of another sensitive file we believe that the environment configuration file was exposed starting from February 2023. researchers said. researchers said. Why is exposing config files dangerous?

Data breaches 87

Data breaches VPN Media Passwords 87

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Ransomware 111

Ransomware Cyber Attacks Manufacturing Healthcare 111

Security Boulevard

MARCH 29, 2023

Edit: As of 3/24/2023, Microsoft has fixed the issue of refresh tokens remaining valid after a TAP has expired. Read First: Configure a Temporary Access Pass in Azure AD to register Passwordless authentication methods - Microsoft Entra Microsoft identity platform and OAuth2.0 I’ll elaborate further in the appropriate sections.

VPN 64

VPN Authentication Passwords Social Engineering 64

Hackology

DECEMBER 26, 2023

After allowing password sharing for years, Netflix has recently changed its policy. The password sharing is now only allowed for a single physical household. Since its initial years, Netflix encouraged password sharing with your friends and family, which allowed them to generate a strong user base. What is Tailscale VPN?

VPN 64

VPN Accountability Internet Internet 64

Identity IQ

JUNE 27, 2023

The report also highlights the rise of AI voice scams as a significant trend in 2023. The report compares member-reported data from 2022 to the previous year. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. “AI

Scams 74

Scams Identity Theft Education Consumer Protection 74

eSecurity Planet

MARCH 4, 2024

February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. February 29, 2024 Factory Resets of Ivanti VPN Appliances Don’t Remove Hacker Presence Type of vulnerability: Persistent unauthenticated user resource access.

IoT 114

IoT Internet Internet Ransomware 114

Security Boulevard

JUNE 28, 2023

If you create a system and it accepts files or text, people will put their passwords or sensitive customer information posthaste. They’d have to be on the VPN to access it”). This can be both time-consuming and tedious. Why do we do boring stuff, then? Because it’s usually fruitful! This is something adversaries use to their advantage.

Authentication 52

Authentication Passwords Penetration Testing Social Engineering 52

Malwarebytes

OCTOBER 1, 2023

But ransomware attacks have been ramping up in 2023 and reinfections are occurring all over the globe, forcing lean IT teams to prepare. The business followed most of the recommendations for password resets but failed to implement 2FA. Why are businesses getting hit with ransomware more than once? the majority of security incidents.

Ransomware 96

Ransomware Small Business Passwords Malware 96