Accountability, Information Security, Internet and VPN

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60 patch 0).

Firewall

Firewall VPN Firmware Passwords

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. CISA and MS-ISAC assessed that the threat actor connected to the VM through the victim’s VPN with the intent to blend in with legitimate traffic to evade detection.”

Government

Government VPN Accountability Authentication

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

50% of internet-facing GitLab installations are still affected by a RCE flaw

Security Affairs

NOVEMBER 2, 2021

The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. Threat actors created two user accounts with admin privileges on a publicly-accessible GitLab server belonging to this organization. In addition, ideally, GitLab should not be an internet facing service.

Internet

Internet Internet VPN Hacking

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

Now Cyble researchers reported more than 100,000 FortiGate firewalls accessible from the internet that may be targeted by threat actors if not patched yet. “ “While analyzing the access, it was found that the attacker was attempting to add their own public key to the admin user’s account. ” concludes the post.

VPN

VPN Firewall Authentication Internet

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Accountability

Accountability VPN Social Engineering Phishing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

In a world where our lives are increasingly navigated through digital apps and online accounts, understanding and managing our online identities has become paramount. Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts.

VPN

VPN Passwords Scams Accountability

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

It also ensures that your account credentials won’t be used for as long. This includes accounting, sales, and other teams. Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. Changing passwords regularly will make the lives of cyberbullies much harder.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Users can also remotely connect their devices by enabling the VPN server on QNAP NAS by installing the QVPN Service app or deploying QuWAN, SD-WAN solution. For example, change 8080 to 9527.

VPN

VPN Internet Internet Firewall

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Which is the Threat landscape for the ICS sector in 2020?

Security Affairs

MARCH 22, 2021

Experts reported that the majority of computers in the ICS engineering sector are represented by desktop systems, but laptops remain more exposed to attacks via the internet, removable media devices, and email. Computers that use VPN software are less exposed to online threats, but unfortunately, they represent only 15% of the total.

Engineering

Engineering VPN Accountability Software

GoAnywhere MFT zero-day flaw actively exploited

Security Affairs

FEBRUARY 4, 2023

“I had to create an account on the service to find this security advisory” According to the private advisory published by Fortra, the zero-day is a remote code injection issue that impacts GoAnywhere MFT. . “GoAnywhere MFT, a popular file transfer application, is warning about a zero-day remote code injection exploit.

Internet

Internet Internet VPN Hacking

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server. “First the threat actor logged into a user’s O365 account from Internet Protocol (IP) address 91.219.236[.]166

VPN

VPN Malware Cyber threats Accountability

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. “Note (!) .’ “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

The upcoming updates on SharePass will also allow you to send account credentials, QR codes, JSON structured data and other types of information. There are several services on the internet that allow you to send emails that are encrypted with a password. Just select the right app, create a secure channel, and you are good to go.

VPN

VPN Passwords Encryption Mobile

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware

Ransomware Encryption Passwords Internet

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 If you want to also receive for free the newsletter with the international press subscribe here.

Small Business

Small Business Password Management VPN Healthcare

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Your IP or Internet Protocol address is your digital identity on the internet. The only drawback is that many free VPNs are not secure as we think.

Hacking

Hacking VPN Internet Internet

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. The state of IoT is poor enough as it is, security wise. Consider installing and using a VPN.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN.

Ransomware

Ransomware Passwords Backups Firmware

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In order to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. Volt Typhoon targets internet-facing Fortinet FortiGuard devices to achieve initial access to targeted organizations. ” continues the report.

Accountability

Accountability VPN Manufacturing Firewall

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The vulnerability received a CVSS score of 7.8,

Firmware

Firmware Passwords Accountability VPN

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. It is unclear why APT28 is using compromised email accounts of (mostly) defense companies in the Middle East. ” continues the report.

Phishing

Phishing Accountability Advertising DNS

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

. “Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

The Last Watchdog

MARCH 6, 2020

Related: How ‘credential stuffing’ enables online fraud As a result, some CEOs admit they’ve stopped Tweeting and deleted their LinkedIn and other social media accounts – anything to help reduce their organization’s exposure to cyber criminals. Awareness is a vital step forward, no doubt. But it’s only a baby step.

CISO

CISO VPN Digital transformation Internet

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Security Affairs newsletter Round 359 by Pierluigi Paganini

Security Affairs

APRIL 3, 2022

Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group Beastmode Mirai botnet now includes exploits for Totolink routers Ukraine intelligence leaks names of 620 alleged Russian FSB agents Critical CVE-2022-1162 flaw in GitLab allowed threat (..)

Firewall

Firewall Hacking DDOS VPN

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

. “The current data leak includes snapshots of highly sensitive bank-related documents of the company such as account transaction details, vouchers, letters sent to bank managers, and much more.” Below one of the snapshots leaked by the CLOP ransomware operators as proof of the hack.

Hacking

Hacking Ransomware Banking Mobile

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

By ensuring that only people with appropriate access permissions may use the system, remote access security guards against threats and illegal access. As the internet has enabled us to access work, data, and equipment from any location, remote access security has become increasingly crucial.

Passwords

Passwords Authentication Encryption VPN

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

AUGUST 22, 2019

If you’re waiting for a flight what better way to pass the time than logging onto your favourite website, checking your bank account or even doing a bit of online shopping? The answer is a virtual private network (VPN) which creates a private tunnel between your device and the internet and encrypts your data.

VPN

VPN Encryption Passwords Small Business

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

PingPull, was first spotted by Unit 42 in June 2022, the researchers defined the RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Message Protocol (ICMP) for C2 communications. Alloy Taurus is known for leveraging the SoftEther VPN service to facilitate access and maintain persistence to their targeted network.

Malware

Malware Telecommunications Government VPN

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Hackers are constantly finding new ways to exploit vulnerabilities in software, so it’s important to make sure you have the latest security patches installed. When you access the internet through a VPN, your data is encrypted and routed through a secure tunnel. Be careful what you click. Use a password manager.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Security Affairs newsletter Round 243

Security Affairs

DECEMBER 8, 2019

Twitter account of Huawei Mobile Brazil hacked. Europol seized 30,506 Internet domain names for IP Infringement. A flaw in Microsoft OAuth authentication could lead Azure account takeover. CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems. The evolutions of APT28 attacks.

Advertising

Advertising DDOS VPN Authentication

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

So if our ‘warehouse worker’ or equivalent connects through a properly configured VPN, that person’s access within the corporate network is restricted to what they need— from that particular system and email, for example. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Advertising Authentication Passwords

Researchers found DoS flaws in popular BGP implementation

Security Affairs

MAY 3, 2023

The researchers pointed out that Border Gateway Protocol implementations are widely adopted, common uses include traffic routing in large data centers and BGP extensions, such as MP-BGP , or for MPLS L3 VPN s. Most of the Border Gateway Protocol hosts are in China (close to 100,000), the US (50,000) and the UK (16,000).

VPN

VPN Education Software Media

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Passwords

Passwords Government Firmware Accountability

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs

JUNE 5, 2022

Tags available to all @GreyNoiseIO users now – Create an account to deploy a dynamic block list to block it [link] pic.twitter.com/xXldngWdPH — Andrew Morris @ RSA (@Andrew Morris) June 4, 2022. Make sure to patch & put behind a vpn! 23 unique IPs so far.

VPN

VPN IoT Cybersecurity Engineering

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Security Affairs

APRIL 28, 2020

After reviewing the attack logs of the Denial of Service, Qurium could quickly determine that the attacker was using Fineproxy VPN service to build a botnet to flood the website. Some of this threats came from an anonymous account in Facebook and two messages were received by WhatsApp. According to Article 13.3

DDOS

DDOS Media VPN Advertising

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Expert found a secret backdoor in Zyxel firewall and VPN

Trending Sources

U.S. CISA: hackers breached a state government organization

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

50% of internet-facing GitLab installations are still affected by a RCE flaw

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Vishing attacks conducted to steal corporate accounts, FBI warns

Interview With a Crypto Scam Investment Spammer

Protecting Your Digital Identity: Celebrating Identity Management Day

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

FBI: Compromised US academic credentials available on various cybercrime forums

Daixin Team targets health organizations with ransomware, US agencies warn

Which is the Threat landscape for the ICS sector in 2020?

GoAnywhere MFT zero-day flaw actively exploited

CISA says federal agency compromised by malicious cyber actor

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

The Best Ways to Secure Communication Channels in The Enterprise Environment

New Checkmate ransomware target QNAP NAS devices

Security Affairs newsletter Round 402 by Pierluigi Paganini

5 Ways to Protect Yourself from IP Address Hacking

FBI warns of ransomware threat to food and agriculture

FBI warns of ransomware attacks targeting the food and agriculture sector

China-linked APT Volt Typhoon targets critical infrastructure organizations

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Russia-linked APT28 has been scanning vulnerable email servers in the last year

China-linked threat actors have breached telcos and network service providers

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs newsletter Round 359 by Pierluigi Paganini

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

16 Remote Access Security Best Practices to Implement

The Dangers of Using Unsecured Wi-Fi Networks

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

15 Cybersecurity Measures for the Cloud Era

Security Affairs newsletter Round 243

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Researchers found DoS flaws in popular BGP implementation

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Stay Connected