Accountability, Hacking, Information Security and VPN

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN

VPN Firewall Authentication Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. The statement reveals that one of the two hacking groups was a China-linked cyber espionage group. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework. ” concludes the report.

VPN

VPN Malware Authentication Small Business

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN

VPN Accountability Firewall Data breaches

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60 patch 0).

Firewall

Firewall VPN Firmware Passwords

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. SecurityAffairs – hacking, Yanluowang ransomware).

Ransomware

Ransomware Hacking VPN Phishing

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. CISA and MS-ISAC assessed that the threat actor connected to the VM through the victim’s VPN with the intent to blend in with legitimate traffic to evade detection.”

Government

Government VPN Accountability Authentication

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

CISA also warned to continue to audit privilege-level access accounts. Mandiant researchers recently discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. Complete a factory reset per Ivanti’s instructions.

VPN

VPN Authentication Software Malware

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Attackers impersonate CircleCI platform to compromise GitHub accounts

Security Affairs

SEPTEMBER 25, 2022

For users with TOTP-based two-factor authentication (2FA) enabled, the phishing site also relays any TOTP codes to the threat actor and GitHub in real time, allowing the threat actor to break into accounts protected by TOTP-based 2FA. Accounts protected by hardware security keys are not vulnerable to this attack.”

Accountability

Accountability Phishing Authentication Passwords

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. Users have also to change passwords for any account accessed through the infected machine.

Accountability

Accountability Malware Data breaches Passwords

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN

VPN Advertising Accountability Healthcare

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. SecurityAffairs – hacking, vishing).

Accountability

Accountability VPN Social Engineering Phishing

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

. “While during routine monitoring, researchers at Cyble observed a Threat Actor (TA) distributing multiple unauthorized Fortinet VPN access over one of the Russian cybercrime forums,” reads the analysis published by Cyble. SecurityAffairs – hacking, Fortinet). Pierluigi Paganini.

VPN

VPN Firewall Authentication Internet

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN

VPN Advertising Healthcare Data breaches

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” ” concludes the report.

Hacking

Hacking VPN Marketing Authentication

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Security Affairs

OCTOBER 6, 2023

. “A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.” An attacker could exploit this vulnerability by using the account to log in to an affected system.

VPN

VPN Accountability Hacking Software

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Security Affairs

NOVEMBER 2, 2022

The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The attackers set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed graphic materials in order to trick victims into downloading the tainted VPN app. í religion that are banned in Iran.

Spyware

Spyware Malware VPN Accountability

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The state sponsored hackers also uses the VPN access to scan for vulnerabilities in targeted organizations. ” continues the report.

VPN

VPN Manufacturing Education Hacking

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. ” reads a post published by the organization on Medium.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. It does not allow a hacker to access your device or your accounts but it may cause even bigger damage. Secure Your Router. Change Your Privacy Settings.

Hacking

Hacking VPN Internet Internet

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs

JUNE 11, 2021

Shareholders are now demanding that the information security should be dealt with by the upper management and CEOs should be held accountable for the data security measures. Given all these points, this article will talk about five most important things any CEO should know regarding their organization’s data security.

Technology

Technology Hacking Cyber threats Software

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Small Business Hacking Malware

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. x and Secure Mobile Access ( SMA ). x and Secure Mobile Access ( SMA ).

VPN

VPN Firewall Mobile Hacking

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Security Affairs

SEPTEMBER 8, 2021

The threat actor leaked a list containing approximately 500,000 Fortinet VPN credentials that can allow threat actors to breach the networks of the organizations that use the compromised VPN appliances and perform malicious activities such as dropping a ransomware or stealing sensitive data. SecurityAffairs – hacking, Groove gang).

VPN

VPN Ransomware Hacking Accountability

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

Tokens usually serve as digital keys to user accounts. In theory, exposing tokens could lead to unauthorized account access. In addition to nearly 200K exposed customers, the DTC app’s open database also leaked information on 22,952 drivers. Do you want to know which are the risks for impacted individuals?

VPN

VPN Accountability Banking Marketing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. Microsoft Corp.

Malware

Malware Software Technology Accountability

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

SecurityAffairs – hacking, newsletter). Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Pierluigi Paganini.

Spyware

Spyware Manufacturing Small Business Surveillance

CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine

Security Affairs

NOVEMBER 14, 2022

The “Advanced IP Scanner” software used as bait actually contained the Vidar malware, which is a data-stealing malware that is also able to capture Telegram session data and take over the victim’s account. . SecurityAffairs – hacking, Somnia). ” concludes the report. Pierluigi Paganini.

Ransomware

Ransomware Computers and Electronics VPN Malware

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Trending Sources

APT hacked a US municipal government via an unpatched Fortinet VPN

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Okta warns of unprecedented scale in credential stuffing attacks on online services

Expert found a secret backdoor in Zyxel firewall and VPN

Bulletproof VPN services took down in a global police operation

China-linked APT groups targets orgs via Pulse Secure VPN devices

Cisco was hacked by the Yanluowang ransomware gang

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

U.S. CISA: hackers breached a state government organization

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Attackers impersonate CircleCI platform to compromise GitHub accounts

YouTube creators’ accounts hijacked with cookie-stealing malware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Vishing attacks conducted to steal corporate accounts, FBI warns

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Akira ransomware received $42M in ransom payments from over 250 victims

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

China-linked Flax Typhoon APT targets Taiwan

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

5 Ways to Protect Yourself from IP Address Hacking

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Security firm SonicWall was victim of a coordinated attack

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Dubai’s largest taxi app exposes 220K+ users

Interview With a Crypto Scam Investment Spammer

3CX Breach Was a Double Supply Chain Compromise

Security Affairs newsletter Round 377

CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine

Stay Connected