Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. This vulnerability is due to resource exhaustion.

VPN 114

VPN Firewall Technology Passwords 114

Security Affairs

JANUARY 8, 2025

.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.”

Firewall 116

Firewall Firmware VPN Authentication 116

SecureBlitz

MAY 13, 2025

Here, I will show you the top dangerous VPN providers and the top red flags to identify and avoid dangerous VPN providers in 2024. In today’s digital landscape, a Virtual Private Network (VPN) has become an essential tool for many internet users.

VPN 72

VPN Internet Internet Encryption 72

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication.

VPN 112

VPN Authentication Hacking Risk 112

Security Affairs

APRIL 12, 2025

The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. ” Fortinet pointed out that only devices with SSL-VPN enabled are impacted. . FortiOS 7.4,

VPN 107

VPN Engineering Hacking Cybersecurity 107

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). and 7.0.16, which were released on February 2024 and October 2024 respectively. .”

Firewall 84

Firewall VPN Accountability Firmware 84

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

MARCH 10, 2025

In May 2024, Microsoft observed the North Korea-linked group “Moonstone Sleet” (Previously tracked as Storm-1789) using known and novel techniques like fake companies, trojanized tools, a malicious game, and custom ransomware for financial gain and espionage. ” Microsoft wrote on X.

Ransomware 120

Ransomware Healthcare VPN Malware 120

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. ” reads the advisory Check Point Security Gateways.

Healthcare 87

Healthcare Ransomware VPN Malware 87

Security Affairs

NOVEMBER 3, 2024

In September 2024, the Sekoia TDR team reported it had identified additional implants associated with the Quad7 botnet operation. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

Passwords 135

Passwords Wireless VPN Accountability 135

Security Affairs

NOVEMBER 16, 2024

The advisory pointed out that these IP addresses may be associated with VPN services, for this reason, they are also associated with legitimate user activity. .” The cybersecurity firm observed malicious activities originating from the following IP addresses 136.144.17[.]* 173.239.218[.]251 251 216.73.162[.]*

Firewall 128

Firewall Internet Internet VPN 128

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN 127

VPN Authentication Passwords Accountability 127

Security Affairs

APRIL 30, 2025

In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and Europe. In 2024, attacks primarily focused on governmental, diplomatic, and research sectors, with some campaigns specifically hitting French government organizations. ” continues the report.

Government 116

Government Phishing DNS VPN 116

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN 141

VPN Firewall Authentication Hacking 141

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN 137

VPN Malware Authentication Hacking 137

Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, RCE)

VPN 133

VPN Internet Internet Hacking 133

Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.

Internet 145

Internet Internet VPN Engineering 145

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China)

VPN 124

VPN Government Malware Manufacturing 124

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. 5035 and older versions.

VPN 98

VPN Ransomware Firewall Internet 98

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN 135

VPN Firewall Marketing Encryption 135

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems.

Cybercrime 111

Cybercrime Identity Theft Cryptocurrency Phishing 111

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device. Nevertheless, Soundcloud removed the audio file.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, KrustyLoader )

VPN 129

VPN Malware Authentication Small Business 129

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) CVE-2024-21887 – a command-injection vulnerability found into multiple web components with a CVSS score of 9.1″

VPN 130

VPN Authentication Small Business Telecommunications 130

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 134

VPN Firmware Malware Government 134

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. ” concludes Sophos.

Backups 132

Backups Ransomware VPN Authentication 132

Security Affairs

JUNE 6, 2025

Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591. in FortiOS SSL VPN was actively exploited in attacks in the wild. through 7.0.16

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise. for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series. .

Firewall 76

Firewall Ransomware VPN Firmware 76

Security Affairs

MAY 1, 2025

SonicWall revealed that attackers actively exploited two security vulnerabilities, tracked as CVE-2023-44221 and CVE-2024-38475 , in its SMA100 Secure Mobile Access appliances. CVE-2024-38475 (CVSS score: 9.8) – Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier.

Firmware 69

Firmware Mobile Authentication VPN 69

Security Affairs

FEBRUARY 1, 2024

The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.”

VPN 132

VPN Authentication Software Malware 132

Security Affairs

MARCH 14, 2025

The threat actor exploited CVE-2024-55591 and CVE-2025-24472 in FortiOS and FortiProxy to gain super-admin access on vulnerable Fortinet appliances. “CVE-2024-55591 and CVE-2025-24472 allow unauthenticated attackers to gain super_admin privileges on vulnerable FortiOS devices (<7.0.16) with exposed management interfaces.”

Firewall 67

Firewall Ransomware VPN Encryption 67

Krebs on Security

MAY 28, 2024

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later. 911 built its proxy network mainly by offering “free” virtual private networking (VPN) services. based startup that tracks proxy and VPN services.

VPN 297

VPN Banking Cybercrime Internet 297

Security Affairs

MAY 2, 2025

CVE-2024-38475 (CVSS score: 9.8) is an improper neutralization of special elements in the SMA100 SSL-VPN management interface. 75sv are not vulnerable to CVE-2024-38475 or the related session hijacking technique described. 62sv and higher versions (Fixed on December 4, 2023) CVE-2024-38475 10.2.1.14-75sv and earlier.

Firmware 71

Firmware Authentication VPN Mobile 71

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 71

Spyware Data breaches DNS Artificial Intelligence 71

Security Affairs

APRIL 12, 2019

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC). Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. What if these VPNs are vulnerable to attackers? 8.3R6, and 9.0R2.

VPN 111

VPN Marketing Authentication Small Business 111

Troy Hunt

FEBRUARY 25, 2025

By doing dumb stuff like this: “Around October I downloaded a pirated version of Adobe AE and after that a trojan got into my pc” pic.twitter.com/igEzOayCu6 — Troy Hunt (@troyhunt) August 5, 2024 So now this guy has malware running on his PC which is siphoning up all his credentials as they're entered into websites.

Passwords 362

Passwords Accountability VPN Malware 362

Bleeping Computer

APRIL 19, 2024

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [.]

VPN 135

VPN Hacking 135