Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, KrustyLoader )

VPN 92

VPN Malware Authentication Small Business 92

Security Affairs

FEBRUARY 1, 2024

The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.”

VPN 103

VPN Authentication Software Malware 103

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) CVE-2024-21887 – a command-injection vulnerability found into multiple web components with a CVSS score of 9.1″

VPN 85

VPN Authentication Small Business Telecommunications 85

SecureBlitz

FEBRUARY 22, 2024

In 2020, cyberattacks witnessed an unprecedented increase, targeting many industries, from phishing scams to system hacks exploiting vulnerable endpoints and weak network security. This surge in cyber threats has far-reaching […] The post 2024 Cybersecurity: The Rise of CyberAttacks appeared first on SecureBlitz Cybersecurity.

Cybersecurity 84

Cybersecurity Healthcare Scams Cyber threats 84

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 111

VPN Accountability Firewall Data breaches 111

Security Affairs

APRIL 6, 2024

The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw.

Small Business 134

Small Business VPN Wireless Software 134

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. ” reads the advisory.

VPN 95

VPN Authentication Hacking Information Security 95

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. CISA orders federal agencies to fix this vulnerability by May 1st, 2024.

VPN 110

VPN Software Firewall Authentication 110

NopSec

FEBRUARY 28, 2024

February 2024 is off to a ripping start for security research. Ghost CMS Persistent XSS CVE-2024-23724 Researchers at Rhino have identified a persistent cross-site scripting (XSS) vulnerability that impacts Ghost CMS. Researchers recently discovered that the software was prone to authenticated remote command execution (CVE-2024-22107).

Authentication 59

Authentication Accountability Passwords Risk 59

Security Affairs

FEBRUARY 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. The vendor recommends to disable SSL VPN as a workaround. “A Workaround : disable SSL VPN (disable webmode is NOT a valid workaround).

VPN 112

VPN Hacking Cybersecurity Risk 112

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 108

VPN Cybercrime Ransomware Hacking 108

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Cyber Attacks 113

Cyber Attacks VPN Authentication Hacking 113

Security Affairs

APRIL 24, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Firewall 106

Firewall Government VPN Authentication 106

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 102

Data breaches Small Business Hacking Malware 102

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 98

Artificial Intelligence VPN Hacking Firewall 98

Security Affairs

MAY 12, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 72

Data breaches VPN Hacking Banking 72

Security Affairs

FEBRUARY 27, 2024

CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall 114

Firewall VPN Authentication Hacking 114

Security Affairs

APRIL 21, 2024

PoC publicly available Linux variant of Cerber ransomware targets Atlassian servers Ivanti fixed two critical flaws in its Avalanche MDM Researchers released exploit code for actively exploited Palo Alto PAN-OS bug Cisco warns of large-scale brute-force attacks against VPN and SSH services PuTTY SSH Client flaw allows of private keys recovery A renewed (..)

Data breaches 99

Data breaches Phishing Ransomware Malware 99

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. To be exploited the appliance must be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The flaw was reported by Anonymous on January 11, 2024. reads the security advisory published by the IT giant.

Authentication 117

Authentication VPN Software Engineering 117

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Malware 101

Malware VPN Encryption Hacking 101

Security Affairs

JANUARY 11, 2024

Software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) The flaw CVE-2023-46805 (CVSS score 8.2)

Authentication 106

Authentication VPN Mobile Hacking 106

Security Affairs

FEBRUARY 17, 2024

The researchers analyzed eight incidents involving the Akira ransomware and confirmed that the flaw in Cisco Anyconnect SSL VPN was the entry point in at least six of the compromised devices. “When the vulnerability was made public in 2020, no known public exploits were available. ” continues the report.

Ransomware 130

Ransomware VPN Education Hacking 130

Security Affairs

MARCH 1, 2024

The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-21893. The second vulnerability, tracked as CVE-2024-21887 (CVSS score 9.1) ” reads the advisory. x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

Authentication 79

Authentication Cyber threats VPN Government 79

Security Affairs

JANUARY 24, 2024

In January 2024, the Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. ” concludes the update.

Ransomware 109

Ransomware VPN Government Retail 109

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The recent campaign spanned from October 2023 to April 2024. Cuttlefish lies in wait, passively sniffing packets, acting only when triggered by a predefined ruleset.”

Malware 103

Malware DNS Authentication Telecommunications 103

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware 281

Malware Software Technology Accountability 281

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 243

Scams DDOS Cryptocurrency Accountability 243

The Last Watchdog

MAY 14, 2021

Early SD-WAN solutions “were built only to replace an MPLS-VPN with an Internet-based VPN,” Ahuja says. The Solarwinds hack and Microsoft Exchange breach , not to mention the latest rounds of massive thefts of personal data from Facebook and LinkedIn aptly demonstrate this. Those estimates may yet turn out to be conservative.

Firewall 138

Firewall Mobile VPN Digital transformation 138

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. and CVE-2024-21887(a command-injection vulnerability found into multiple web components with a CVSS score of 9.1)

VPN 64

VPN Risk Architecture Firewall 64

eSecurity Planet

JANUARY 29, 2024

Each user also has access to a free VPN to use when connecting to public Wi-Fi, and an Identity Dashboard that scans the dark web for potential fraud. Subscribe The post Dashlane 2024 appeared first on eSecurity Planet. This software uses patented security architecture with 256-bit encryption, plus built-in two factor authentication.

Password Management 105

Password Management Passwords Authentication Accountability 105

NopSec

JANUARY 31, 2024

We open up 2024 with an interesting mix of vulnerabilities, some of which have been patched for nearly a year. We save the best for last and take a look at a serious duo of vulnerabilities that impact Invanit (Pulse Secure) SSL VPNs. Roll up your sleeves and drop into a command line as we cover the trending CVEs of January 2024.

VPN 59

VPN Government Risk Hacking 59

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Social Engineering 123

Social Engineering Cyber Insurance Cyber Attacks IoT 123

Security Affairs

FEBRUARY 4, 2024

Ransomware Revenue Down As More Victims Refuse to Pay Energy giant Schneider Electric hit by Cactus ransomware attack Hundreds Of Network Operators’ Credentials Found Circulating In Dark Web Fla.

Identity Theft 107

Identity Theft VPN Malware Ransomware 107

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 94

Spyware Surveillance Identity Theft DDOS 94

Security Affairs

APRIL 12, 2019

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC). Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. What if these VPNs are vulnerable to attackers? 8.3R6, and 9.0R2.

VPN 88

VPN Marketing Authentication Small Business 88

Security Boulevard

JANUARY 2, 2024

Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024. This hack served as a stark reminder that the supply chain remains a critical vulnerability in enterprise security. The solution?

CISO 104

CISO Social Engineering Architecture Ransomware 104

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 108

IoT Internet Internet Ransomware 108