2024, Firmware and VPN - Cyber Security Informer

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.”

Firewall

Firewall Firmware VPN Authentication

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14

Firewall

Firewall VPN Accountability Firmware

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. ” The vendor addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series.

Firewall

Firewall Ransomware VPN Firmware

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Two SonicWall SMA100 flaws actively exploited in the wild

Security Affairs

MAY 1, 2025

SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances. CVE-2024-38475 (CVSS score: 9.8) – Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier.

Firmware

Firmware Mobile VPN Authentication

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall

Firewall Firmware Authentication VPN

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 2, 2025

CVE-2024-38475 (CVSS score: 9.8) is an improper neutralization of special elements in the SMA100 SSL-VPN management interface. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv 75sv are not vulnerable to CVE-2024-38475 or the related session hijacking technique described. and earlier.

Firmware

Firmware Authentication VPN Mobile

Ransomware and Cyber Extortion in Q4 2024

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware

Ransomware Social Engineering Phishing VPN

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). score: 9.8), impacting seven router models. impacting multiple devices. impacting multiple devices.

Authentication

Authentication Firmware VPN Manufacturing

Your Network Is Showing – Time to Go Stealth

Security Boulevard

APRIL 17, 2025

In April 2024, Palo Alto Networks PAN-OS suffered a zero-day vulnerability that allowed attackers to install a Python-based backdoor known as UPSTYLE. They were strategic, persistent, and laser-focused on exploiting firewall and VPN weak points to establish long-term control over sensitive systems. The takeaway? Download now.

Firewall

Firewall VPN Encryption Architecture

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Since it is not used by the firmware, we have no idea how the attackers learned to use it.

Banking

Banking Malware Computers and Electronics Mobile

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. 30% data breaches and +23% ransomware for the first two months of 2024. Read on for more details on these threats or jump down to see the linked vendor reports. globally, +19.8%

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. This vulnerability is tracked as CVE-2024-21591. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall

Firewall Firmware IoT Authentication

Privacy Roundup: Week 9 of Year 2025

Security Boulevard

MARCH 3, 2025

Privacy Services Brave iOS update brings Smart Proxy and Kill Switch AlternativeTo This has more to do with Brave's VPN service rather than its browser. An update (version 1.75) on iOS introduces Smart Proxy and Kill Switch for Brave's VPN service. Malware campaigns covered generally target/affect the end user.

Surveillance

Surveillance Data breaches Firmware Encryption

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). This vulnerability was patched by Apple in December 2024, but they only disclosed it recently. They also have appeared to partner with Proton.

Surveillance

Surveillance Telecommunications Malware Data breaches

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT

IoT Internet Internet Ransomware

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication

Authentication Malware VPN Mobile

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

Hello 2024! 2024 Theme Refresh As for previous 20**.1 Now, users can effortlessly copy their VPN IP address to the clipboard with just a click , simplifying the workflow and enhancing productivity for our users. With this improvement, managing your VPN connections on Kali Linux becomes even more seamless and intuitive.

Software

Software Firmware VPN Internet

Proroute H685 4G router vulnerabilities

Pen Test Partners

SEPTEMBER 18, 2024

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Product: H685t-w Vulnerable Firmware Version: 3.2.334 Links: CVE-2024-45682 icsa-24-261-02 Proroute changelogs Description Two authenticated command injection vulnerabilities have been identified in the H685t-w-P2 Compact 4G router running firmware version 3.2.334. High) CVSS: 3.1/

Firmware

Firmware VPN Mobile Passwords

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

May 10, 2024 Vulnerability in Python Package Affects AI Models Type of vulnerability: Template injection in Python package. The vulnerability is tracked as CVE-2024-34359 and has a severity rating of 4.0. Use always-active VPN connections and never reuse the same credentials for an SSID.

VPN

VPN Firmware Malware Software

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. The saga of LockBit in 2024 exemplifies the resilience and adaptability of these cybercriminal groups.

Malware

Malware Ransomware Passwords Healthcare

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware.

Scams

Scams DDOS Cryptocurrency Accountability

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. link] [link] Have a software/firmware update mechanism. Cryptographic keys on the device or pod.

IoT

IoT Firmware Mobile Manufacturing

Attackers exploit a new zero-day to hijack Fortinet firewalls

Security Affairs

FEBRUARY 11, 2025

Fortinet added this vulnerability to an advisory related to the vulnerability CVE-2024-55591 disclosed in January. The flaw CVE-2024-55591 is anAuthentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 Fortinet fixed it in FortiOS 7.0.17 or above and FortiProxy 7.0.20/7.2.13

Firewall

Firewall Firmware VPN Authentication

Cyber Security Informer

SonicWall warns of an exploitable SonicOS vulnerability

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Trending Sources

Zyxel firewalls targeted in recent ransomware attacks

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Two SonicWall SMA100 flaws actively exploited in the wild

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Ransomware and Cyber Extortion in Q4 2024

ASUS fixed critical remote authentication bypass bug in several routers

Your Network Is Showing – Time to Go Stealth

IT threat evolution Q1 2024

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

VulnRecap 1/16/24 – Major Firewall Issues Persist

Privacy Roundup: Week 9 of Year 2025

Privacy Roundup: Week 12 of Year 2025

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Kali Linux 2024.1 Release (Micro Mirror)

Proroute H685 4G router vulnerabilities

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

Nastiest Malware 2024

Interview With a Crypto Scam Investment Spammer

IoT Secure Development Guide

Attackers exploit a new zero-day to hijack Fortinet firewalls

Stay Connected