Security Affairs

FEBRUARY 1, 2024

For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. x) and Policy Secure (9.x,

VPN 100

VPN Authentication Software Malware 100

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) is a command injection vulnerability in web components of Ivanti Connect Secure (9.x,

VPN 83

VPN Authentication Small Business Telecommunications 83

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 107

VPN Accountability Firewall Data breaches 107

Security Affairs

APRIL 6, 2024

The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw.

Small Business 132

Small Business VPN Wireless Software 132

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

VPN 92

VPN Authentication Hacking Information Security 92

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. PSIRT and Talos launched an investigation to support the customer.

VPN 107

VPN Software Firewall Authentication 107

Security Affairs

FEBRUARY 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. The security firm did not provide details about the attacks exploiting this vulnerability. reads the advisory.

VPN 110

VPN Hacking Cybersecurity Risk 110

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Cyber Attacks 110

Cyber Attacks VPN Authentication Hacking 110

Security Affairs

APRIL 24, 2024

Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Firewall 103

Firewall Government VPN Authentication 103

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 105

VPN Cybercrime Ransomware Hacking 105

eSecurity Planet

MAY 20, 2024

This doubles as your weekly reminder to check your IT vendors’ security bulletins regularly and patch every vulnerability as soon as you learn about it. Always prioritize creating a patch plan if your security teams haven’t developed a methodology already. This vulnerability affects natural language processing applications.

VPN 61

VPN Firmware Malware Software 61

Security Affairs

FEBRUARY 27, 2024

CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall 110

Firewall VPN Authentication Hacking 110

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances.

Authentication 114

Authentication VPN Software Engineering 114

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned.

Malware 98

Malware VPN Encryption Hacking 98

Security Affairs

JANUARY 11, 2024

Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure. x and Ivanti Policy Secure. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) x) and Ivanti Policy Secure. ” continues the advisory.

Authentication 103

Authentication VPN Mobile Hacking 103

Security Affairs

MARCH 1, 2024

The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. x and Ivanti Policy Secure. The second vulnerability, tracked as CVE-2024-21887 (CVSS score 9.1) x) and Ivanti Policy Secure.

Authentication 77

Authentication Cyber threats VPN Government 77

Security Affairs

JANUARY 21, 2024

Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence 95

Artificial Intelligence VPN Hacking Firewall 95

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches 78

Data breaches VPN Hacking Banking 78

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 99

Data breaches Small Business Hacking Malware 99

Security Affairs

APRIL 21, 2024

PoC publicly available Linux variant of Cerber ransomware targets Atlassian servers Ivanti fixed two critical flaws in its Avalanche MDM Researchers released exploit code for actively exploited Palo Alto PAN-OS bug Cisco warns of large-scale brute-force attacks against VPN and SSH services PuTTY SSH Client flaw allows of private keys recovery A renewed (..)

Data breaches 95

Data breaches Phishing Ransomware Malware 95

Security Affairs

FEBRUARY 17, 2024

The researchers analyzed eight incidents involving the Akira ransomware and confirmed that the flaw in Cisco Anyconnect SSL VPN was the entry point in at least six of the compromised devices. “When the vulnerability was made public in 2020, no known public exploits were available. ” continues the report.

Ransomware 127

Ransomware VPN Education Hacking 127

Webroot

APRIL 3, 2024

Mark your calendars for April 9, 2024 The second Tuesday of April marks Identity Management Day — a day dedicated to raising awareness about the importance of safeguarding your digital identity. And avoid accessing sensitive information or making financial transactions while connected to public Wi-Fi.

VPN 83

VPN Passwords Scams Accountability 83

Security Affairs

JANUARY 24, 2024

In January 2024, the Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. ” concludes the update.

Ransomware 106

Ransomware VPN Government Retail 106

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The recent campaign spanned from October 2023 to April 2024. Cuttlefish lies in wait, passively sniffing packets, acting only when triggered by a predefined ruleset.”

Malware 100

Malware DNS Authentication Telecommunications 100

Kali Linux

FEBRUARY 27, 2024

Hello 2024! 2024 Theme Refresh As for previous 20**.1 Now, users can effortlessly copy their VPN IP address to the clipboard with just a click , simplifying the workflow and enhancing productivity for our users. With this improvement, managing your VPN connections on Kali Linux becomes even more seamless and intuitive.

Software 145

Software Firmware VPN Internet 145

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware 282

Malware Software Technology Accountability 282

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Proshutinskiy’s LinkedIn profile says he is a Class of 2024 student at TGM , which is a Christian mission school in Austria. I waited until it expired and forgot to buy it.

Scams 244

Scams DDOS Cryptocurrency Accountability 244

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security. million per incident.

Social Engineering 120

Social Engineering Cyber Attacks Cyber Insurance IoT 120

Security Affairs

FEBRUARY 4, 2024

Ransomware Revenue Down As More Victims Refuse to Pay Energy giant Schneider Electric hit by Cactus ransomware attack Hundreds Of Network Operators’ Credentials Found Circulating In Dark Web Fla.

Identity Theft 104

Identity Theft VPN Malware Ransomware 104

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 91

Spyware Surveillance Identity Theft DDOS 91

The Last Watchdog

MAY 2, 2024

Tel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors.

Marketing 130

Marketing Technology Phishing Risk 130

Security Affairs

MARCH 31, 2024

Expert found a backdoor in XZ tools used many Linux distributions German BSI warns of 17,000 unpatched Microsoft Exchange servers Cisco warns of password-spraying attacks targeting Secure Firewall devices American fast-fashion firm Hot Topic hit by credential stuffing attacks Cisco addressed high-severity flaws in IOS and IOS XE software Google: China (..)

Artificial Intelligence 93

Artificial Intelligence Scams Hacking Cybercrime 93

Cisco Security

AUGUST 28, 2023

An example of this was noticed with an Urban VPN (Virtual Private Network) provider which appears to grab configuration files in clear text with basic authentication. Base64 credentials used by Urban VPN to get configuration files. Check back in 2024 to see how this new information tracks.

Wireless 68

Wireless DNS Mobile Technology 68

Pen Test Partners

OCTOBER 9, 2023

Legal Frameworks EU Cyber Resilience Act The EU is introducing new regulations on products with “digital elements” [link] with the expectation that this will become law in 2024. Whilst still in a state of flux the security requirements listed in Annex I [link] are broadly similar to UK CoP and ETSI EN 303 645. As discussed in 6.5

IoT 52

IoT Firmware Mobile Manufacturing 52