Accountability, Authentication, Information Security and VPN

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. CISA also warned to continue to audit privilege-level access accounts. x and Ivanti Policy Secure. 20240126.5.xml”

VPN

VPN Authentication Software Malware

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN

VPN Accountability Firewall Data breaches

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. CISA and MS-ISAC assessed that the threat actor connected to the VM through the victim’s VPN with the intent to blend in with legitimate traffic to evade detection.”

Government

Government VPN Accountability Authentication

Attackers impersonate CircleCI platform to compromise GitHub accounts

Security Affairs

SEPTEMBER 25, 2022

Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform.

Accountability

Accountability Phishing Authentication Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. ” concludes the post. Pierluigi Paganini.

VPN

VPN Firewall Authentication Internet

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

They might even lock you out of your own accounts by resetting your passwords. Avoid entering any data if you see a warning message about a site’s authenticity. Most browsers will alert you if a site isn’t secure. Check your social media accounts for active sessions and log out of any you don’t recognize.

DNS

DNS VPN Encryption Passwords

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Below are the job descriptions used to recruit the hackers. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Phishing

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” continues the analysis.

Ransomware

Ransomware Hacking VPN Phishing

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. ” reads a post published by the organization on Medium.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 4.73, VPN series firmware versions 4.60 The company also fixed a high-severity post-authentication command injection issue ( CVE-2023-27991 , CVSS score: 8.8)

Firewall

Firewall Firmware VPN Authentication

CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine

Security Affairs

NOVEMBER 14, 2022

The “Advanced IP Scanner” software used as bait actually contained the Vidar malware, which is a data-stealing malware that is also able to capture Telegram session data and take over the victim’s account. . “Note that the Somnia malware has also undergone changes. ” concludes the report.

Ransomware

Ransomware Computers and Electronics VPN Malware

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Cybercriminals could take over the official communication channels of DepositFiles, including social media accounts and abuse & support emails. researchers said.

Data breaches

Data breaches VPN Media Passwords

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Security Affairs

MARCH 1, 2024

The advisory provides details about the exploitation in the wild of Connect Secure and Policy Secure vulnerabilities CVE-2023-46805 , CVE-2024-21887 , and CVE-2024-21893. Multiple threat actors are chaining these issues to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges.

Authentication

Authentication Cyber threats VPN Government

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Security Affairs

SEPTEMBER 12, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account w here credentials saved in the victim’s browser were being synchronized.

Ransomware

Ransomware VPN Authentication Phishing

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

Cisco fixes privilege escalation bug in Cisco Secure Client

Security Affairs

JUNE 8, 2023

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco Secure Client is a software platform designed to provide secure remote access to corporate networks for employees or authorized users.

Mobile

Mobile Authentication Software VPN

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Security Affairs

JUNE 22, 2023

A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect Secure Mobility Client and Secure Client for Windows. The client update process is executed after a successful VPN connection is established.”

VPN

VPN Mobile Software Authentication

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

The post Security Affairs newsletter Round 377 appeared first on Security Affairs. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Security Affairs

MAY 4, 2023

The threat actors allegedly obtained access to Ukraine’s public networks by using compromised VPN credentials. CERT-UA started investigating the attack after it received information about an attack against an ICS system of one of the state organizations of Ukraine.

VPN

VPN Education Accountability Cyber Attacks

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

The VPN credentials for initial access are said to have been obtained from illicit websites like Russian Market with the goal of gaining control of T-Mobile employee accounts, ultimately allowing the threat actor to carry out SIM swapping attacks at will. ” wrote Krebs. – Source KrebsOnSecurity. ” wrote Krebs.

Mobile

Mobile VPN Social Engineering Telecommunications

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Set up a new administrator account, and disable the default admin account.

VPN

VPN Internet Internet Firewall

Google will provide dark web monitoring to all US Gmail users and more

Security Affairs

MAY 11, 2023

Once an email address is discovered on the dark web, Google will urge users to enable two-step authentication (2FA) to protect their Google accounts. we’re expanding access to our dark web report in the next few weeks, so anyone with a Gmail account in the U.S. We are in the final!

Marketing

Marketing Accountability VPN Data breaches

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” ” concludes the report.

Hacking

Hacking VPN Marketing Authentication

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Use multifactor authentication where possible. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users

Security Affairs

AUGUST 19, 2022

Russia-linked APT group Cozy Bear continues to target Microsoft 365 accounts in NATO countries for cyberespionage purposes. Mandiant researchers reported that the Russia-linked Cozy Bear cyberespionage group (aka AP T29, CozyDuke, and Nobelium ), has targeted Microsoft 365 accounts in espionage campaigns. ” continues the report.

Accountability

Accountability Passwords VPN Authentication

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

The technologies for secure remote access can range from VPNs and multi-factor authentication to more advanced access and zero trust controls. We’ll cover a range of best practices for remote access security, from the simple and the practical to the more advanced. Avoid using default or simple-to-guess passwords.

Passwords

Passwords Authentication Encryption VPN

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In order to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. “Microsoft has observed Volt Typhoon attempting to dump credentials through the Local Security Authority Subsystem Service (LSASS). .

Accountability

Accountability VPN Manufacturing Firewall

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Use multifactor authentication with strong pass phrases where possible. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Backups Firmware

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Trending Sources

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Okta warns of unprecedented scale in credential stuffing attacks on online services

U.S. CISA: hackers breached a state government organization

Attackers impersonate CircleCI platform to compromise GitHub accounts

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

YouTube creators’ accounts hijacked with cookie-stealing malware

Vishing attacks conducted to steal corporate accounts, FBI warns

Cisco was hacked by the Yanluowang ransomware gang

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

DepositFiles exposed config file, jeopardizing user security

Security firm SonicWall was victim of a coordinated attack

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Cisco fixes privilege escalation bug in Cisco Secure Client

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Daixin Team targets health organizations with ransomware, US agencies warn

China-linked threat actors have breached telcos and network service providers

Security Affairs newsletter Round 377

DNA testing company fined after customer data theft

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

T-Mobile confirms Lapsus$ had access its systems

QNAP users are recommended to disable UPnP port forwarding on routers

Google will provide dark web monitoring to all US Gmail users and more

Hackers can hack organizations using data found on their discarded enterprise network equipment

Avoslocker ransomware gang targets US critical infrastructure

Russia-linked Cozy Bear uses evasive techniques to target Microsoft 365 users

16 Remote Access Security Best Practices to Implement

China-linked APT Volt Typhoon targets critical infrastructure organizations

FBI warns of ransomware attacks targeting the food and agriculture sector

Stay Connected