Accountability, Firmware and VPN - Cyber Security Informer

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. Patch1 in Dec. patch 0).

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Zyxel patches two critical vulnerabilities

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware

Firmware VPN Firewall Accountability

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware

Firmware Passwords Accountability VPN

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

” Meanwhile, this week we learned more details about the ongoing exploitation of a zero-day flaw in a broad range of virtual private networking (VPN) products made by Fortinet — devices many organizations rely on to facilitate remote network access for employees. “Patch your #Fortigate.” “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. . firmware or later.

Firmware

Firmware VPN Accountability Advertising

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN

VPN Accountability Authentication Passwords

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Periodically, at least once a quarter, review the security settings of your social media accounts and the apps linked to them. Be vigilant about duplicate accounts of people you know. Some people register several accounts, for example, to avoid losing contact with the network in case of temporary blocking.

Firmware

Firmware IoT Accountability Passwords

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

The problem: WordPress plugin Popup Builder is vulnerable to exploitation through a flaw that allows attackers to perform administrator-level actions like installing new rogue plugins or creating new admin accounts. The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products.

Firewall

Firewall Firmware IoT Authentication

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware DDOS Passwords Backups

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a virtual private network (VPN).

Ransomware

Ransomware Antivirus Passwords Malware

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware

Ransomware Encryption Passwords Internet

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

Keep Calm and Check Your Public Wi-Fi Connection

Approachable Cyber Threats

JANUARY 17, 2023

A publicly available network may not always have the latest firmware, patch updates on its hardware, or have proper encryption enabled; therefore, if you connect to the network you may be exposing yourself to potential risks. This means don’t log into your bank account on your favorite coffee shop’s Wi-Fi. What are the potential risks?”

Encryption

Encryption Internet Internet VPN

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. through 1.4.2.20.

Small Business

Small Business Firmware Advertising VPN

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The authenticated user must also be logged into an account on an instance of GHES. GitHub has already rotated the credentials for these issues. and later releases of 13.1

Authentication

Authentication Malware VPN Mobile

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

To help avoid these online risks, it is highly recommended to use a Virtual Private Network (VPN). VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. A VPN provides a secure internet connection, ensuring your browsing data is encrypted for maximum privacy and security.

IoT

IoT Spyware VPN Passwords

ITHC (IT Health Check) and PSN compliance: an overview and considerations

IT Security Guru

JUNE 22, 2021

Check that your OS, applications and firmware are updated with appropriate patches. Any systems you have in place to allow staff to connect into your organisation remotely, including VPN. Stopping password/account sharing. Ensuring that high-privilege users such as administrators use different passwords across accounts.

Passwords

Passwords Authentication Wireless Government

How To Set Up a Firewall in 8 Easy Steps + Best Practices

eSecurity Planet

APRIL 30, 2024

Set Secure Firewall Rules & ACLs To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Create administrative accounts with read-only access to logs for auditing.

Firewall

Firewall Architecture Firmware Risk

Lapsus$: The New Name in Ransomware Gangs

Security Boulevard

MARCH 15, 2022

It was the Expresso Twitter account that the hackers used to bait the organization to demonstrate their control over the company's IT infrastructure. The ransomware group specified that “they are not looking for data” but rather to buy remote VPN access to the corporate network. But first things first.

Ransomware

Ransomware Telecommunications Firmware Media

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes. Consider installing and using a VPN. Use multi-factor authentication wherever possible.

Education

Education Ransomware Phishing Passwords

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. • Regularly, change passwords to network systems and accounts, and avoid reusing passwords for different accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware

Ransomware Encryption Passwords Malware

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

Observed since: September 2019 Ransomware note: Restore-My-Files.txt Ransomware extension: lockbit Kill Chain: Brute force attack on a web server containing an outdated VPN service > LockBit Sample hash: 9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Phishing Accountability Technology

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities. “U.S.,

Cybersecurity

Cybersecurity Software Firmware Internet

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

FEBRUARY 11, 2019

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 “Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!”

Antivirus

Antivirus Firmware Advertising VPN

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Whether you’re looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. Keep your online accounts secure. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable.

Internet

Internet Internet Passwords Password Management

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4%

Cyber Attacks

Cyber Attacks Firmware Malware VPN

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Manufacturing Passwords Internet

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

If you have doubts, check it out–go directly to your account or to the source, which you should always independently verify, if the communication refers to anything service or finance related. You go online and you can’t access your cloud account, or you can’t find data stored on a device or in a specific service.

Passwords

Passwords Phishing Password Management Accountability

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Passwords

Passwords Government Firmware Accountability

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076.

VPN

VPN Firmware Authentication Phishing

Hurrah – It’s (patch) Tuesday!

IT Security Guru

MAY 10, 2021

This past years’ bout of VPN related breaches is a great example, especially as patches were available over a year ago. Yet, if you conduct an audit and find several unpatched systems – the common cause is often lack of accountability. Growing threat.

VPN

VPN Software InfoSec Firmware

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

“According to open-source reporting, DarkSide actors have previously been observed gaining initial access through phishing and exploiting remotely accessible accounts and systems and Virtual Desktop Infrastructure (VDI) (Phishing [ T1566] , Exploit Public-Facing Application [ T1190 ], External Remote Services [ T1133 ]).[

Ransomware

Ransomware Healthcare Phishing Risk

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

You need to have a reasonable level of trust in the devices connecting to any network, so any policies you can set to require things like antivirus , updated operating systems and VPNs will protect both the network and its users. Limiting use of a device’s administrator account where possible for greater personal device security.

Wireless

Wireless Encryption Authentication IoT

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Healthcare

Healthcare Ransomware Encryption Passwords

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

Secure remote connection services can be provided by MSSPs through implementation and management of older technology such as a virtual private network (VPN) or through solutions such as virtual desktop interfaces (VDIs), desktop-as-a-service (DaaS), and browser isolation. assets (endpoints, servers, IoT, routers, etc.),

Telecommunications

Telecommunications Firewall Penetration Testing Cybersecurity

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the analysis.

Firewall

Firewall Firmware Cyber Attacks VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Webinars

Trending Sources

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Webinars

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Zyxel patches two critical vulnerabilities

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

CISA Order Highlights Persistent Risk at Network Edge

Hackers target zero-day flaws in enterprise Draytek network devices

Interview With a Crypto Scam Investment Spammer

Daixin Team targets health organizations with ransomware, US agencies warn

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

VulnRecap 1/16/24 – Major Firewall Issues Persist

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Avoslocker ransomware gang targets US critical infrastructure

BlackCat Ransomware gang breached over 60 orgs worldwide

New Checkmate ransomware target QNAP NAS devices

FBI warns of ransomware attacks targeting the food and agriculture sector

Keep Calm and Check Your Public Wi-Fi Connection

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

VulnRecap 1/22/24 – Watch Chrome, Ivanti, Citrix Issues

Spyware in the IoT – the Biggest Privacy Threat This Year

ITHC (IT Health Check) and PSN compliance: an overview and considerations

How To Set Up a Firewall in 8 Easy Steps + Best Practices

Lapsus$: The New Name in Ransomware Gangs

FBI warns of increase in PYSA ransomware attacks targeting education

FBI published a flash alert on Mamba Ransomware attacks

Ransomware: February 2022 review

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

A mysterious code prevents QNAP NAS devices to be updated

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Security Affairs newsletter Round 309

FBI warns of ransomware threat to food and agriculture

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Hurrah – It’s (patch) Tuesday!

US CISA and FBI publish joint alert on DarkSide ransomware

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

What is a Managed Security Service Provider? MSSPs Explained

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Stay Connected