Accountability, Firmware, Information Security and VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. Patch1 in Dec. patch 0).

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware

Firmware Passwords Accountability VPN

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later.

Firmware

Firmware VPN Accountability Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. ransomware and phishing scams).

Ransomware

Ransomware Passwords Backups Firmware

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The FBI is seeking any information that can be shared related to the operations of the BlackCat ransomware operation. Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. hard drive, storage device, the cloud).

Ransomware

Ransomware Antivirus Passwords Malware

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware

Ransomware Encryption Passwords Internet

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes. Only use secure networks and avoid using public Wi-Fi networks.

Education

Education Ransomware Phishing Passwords

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

. • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. • Only use secure networks and avoid using public Wi-Fi networks. .

Ransomware

Ransomware Encryption Passwords Malware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. • Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • hard drive, storage device, the cloud). Use multifactor authentication where possible.

Passwords

Passwords Government Firmware Accountability

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4%

Cyber Attacks

Cyber Attacks Firmware Malware VPN

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

“According to open-source reporting, DarkSide actors have previously been observed gaining initial access through phishing and exploiting remotely accessible accounts and systems and Virtual Desktop Infrastructure (VDI) (Phishing [ T1566] , Exploit Public-Facing Application [ T1190 ], External Remote Services [ T1133 ]).[

Ransomware

Ransomware Healthcare Phishing Risk

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. ransomware and phishing scams).

Healthcare

Healthcare Ransomware Encryption Passwords

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the analysis.

Firewall

Firewall Firmware Cyber Attacks VPN

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

From BIOS and firmware to UEFI code, VBOS is an attack vector that requires more attention. While the design of a unified extensible firmware interface (UEFI) overcame BIOS limitations, both components critical to computer operation are an increasing target. Current Target: VBOS.

Software

Software Firmware DNS VPN

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. link] [link] Have a software/firmware update mechanism. Cryptographic keys on the device or pod.

IoT

IoT Firmware Mobile Manufacturing

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

FC Barcelona and the International Olympic Committee Twitter accounts hacked. Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks. Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack. 5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure.

Artificial Intelligence

Artificial Intelligence eCommerce Firmware Hacking

Cyber Security Informer

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Trending Sources

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Hackers target zero-day flaws in enterprise Draytek network devices

Interview With a Crypto Scam Investment Spammer

Daixin Team targets health organizations with ransomware, US agencies warn

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of ransomware attacks targeting the food and agriculture sector

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

BlackCat Ransomware gang breached over 60 orgs worldwide

New Checkmate ransomware target QNAP NAS devices

FBI warns of increase in PYSA ransomware attacks targeting education

FBI published a flash alert on Mamba Ransomware attacks

FBI warns of ransomware threat to food and agriculture

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs newsletter Round 309

US CISA and FBI publish joint alert on DarkSide ransomware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

The Biggest Lessons about Vulnerabilities at RSAC 2021

IoT Secure Development Guide

Security Affairs newsletter Round 252

Stay Connected