Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60 patch 0).

Firewall 139

Firewall VPN Firmware Passwords 139

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN 81

VPN Accountability Firewall Data breaches 81

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 118

VPN Firewall Firmware Authentication 118

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN 105

VPN Ransomware Antivirus Firmware 105

Security Affairs

FEBRUARY 1, 2024

CISA also warned to continue to audit privilege-level access accounts. Mandiant researchers recently discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. Complete a factory reset per Ivanti’s instructions.

VPN 110

VPN Authentication Software Malware 110

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN 130

VPN Government Malware Hacking 130

Security Affairs

SEPTEMBER 25, 2022

For users with TOTP-based two-factor authentication (2FA) enabled, the phishing site also relays any TOTP codes to the threat actor and GitHub in real time, allowing the threat actor to break into accounts protected by TOTP-based 2FA. Accounts protected by hardware security keys are not vulnerable to this attack.”

Accountability 111

Accountability Phishing Authentication Passwords 111

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. CISA and MS-ISAC assessed that the threat actor connected to the VM through the victim’s VPN with the intent to blend in with legitimate traffic to evade detection.”

Government 135

Government VPN Accountability Authentication 135

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN 116

VPN Hacking Authentication Government 116

Security Affairs

OCTOBER 20, 2021

a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Below are the job descriptions used to recruit the hackers. Pierluigi Paganini.

Accountability 133

Accountability Malware Phishing Social Engineering 133

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN 89

VPN Advertising Accountability Healthcare 89

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. Users have also to change passwords for any account accessed through the infected machine.

Accountability 141

Accountability Malware Data breaches Passwords 141

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. Deny Remote Access VPN Using the Default Group Policy ( DfltGrpPolicy ).

Ransomware 139

Ransomware VPN Authentication Hacking 139

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 109

Accountability VPN Social Engineering Phishing 109

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN 93

VPN Advertising Healthcare Data breaches 93

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS 130

DNS VPN Encryption Passwords 130

Security Affairs

NOVEMBER 29, 2022

. “While during routine monitoring, researchers at Cyble observed a Threat Actor (TA) distributing multiple unauthorized Fortinet VPN access over one of the Russian cybercrime forums,” reads the analysis published by Cyble. As per intelligence gathered from sources, the victim organizations were using outdated FortiOS. .”

VPN 101

VPN Firewall Authentication Internet 101

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN 103

VPN Advertising Hacking Government 103

Webroot

APRIL 3, 2024

In a world where our lives are increasingly navigated through digital apps and online accounts, understanding and managing our online identities has become paramount. Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts.

VPN 84

VPN Passwords Scams Accountability 84

Security Affairs

NOVEMBER 2, 2022

The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The attackers set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed graphic materials in order to trick victims into downloading the tainted VPN app. í religion that are banned in Iran.

Spyware 107

Spyware Malware VPN Accountability 107

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The state sponsored hackers also uses the VPN access to scan for vulnerabilities in targeted organizations. ” continues the report.

VPN 91

VPN Manufacturing Education Hacking 91

Security Affairs

OCTOBER 6, 2023

. “A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.” An attacker could exploit this vulnerability by using the account to log in to an affected system.

VPN 116

VPN Accountability Hacking Software 116

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” continues the analysis.

Ransomware 123

Ransomware Hacking VPN Phishing 123

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. In some attacks, threat actors created an administrative account named itadm.

Ransomware 113

Ransomware Encryption Antivirus VPN 113

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. ” reads a post published by the organization on Medium.

Cyber Attacks 120

Cyber Attacks VPN Authentication Hacking 120

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 114

VPN Cybercrime Ransomware Hacking 114

Security Affairs

SEPTEMBER 8, 2021

The threat actor leaked a list containing approximately 500,000 Fortinet VPN credentials that can allow threat actors to breach the networks of the organizations that use the compromised VPN appliances and perform malicious activities such as dropping a ransomware or stealing sensitive data.

VPN 99

VPN Ransomware Hacking Accountability 99

Security Affairs

NOVEMBER 14, 2022

The “Advanced IP Scanner” software used as bait actually contained the Vidar malware, which is a data-stealing malware that is also able to capture Telegram session data and take over the victim’s account. . “Note that the Somnia malware has also undergone changes. ” concludes the report.

Ransomware 90

Ransomware Computers and Electronics VPN Malware 90

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN 136

VPN Firewall Mobile Hacking 136

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 229

Scams DDOS Cryptocurrency Accountability 229

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware 75

Ransomware VPN Cybercrime Accountability 75

The Last Watchdog

OCTOBER 24, 2022

It also ensures that your account credentials won’t be used for as long. This includes accounting, sales, and other teams. Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. Changing passwords regularly will make the lives of cyberbullies much harder.

Passwords 191

Passwords Security Awareness Data breaches Cybersecurity 191

Security Affairs

DECEMBER 12, 2023

Tokens usually serve as digital keys to user accounts. In theory, exposing tokens could lead to unauthorized account access. In addition to nearly 200K exposed customers, the DTC app’s open database also leaked information on 22,952 drivers. Do you want to know which are the risks for impacted individuals?

VPN 126

VPN Accountability Banking Marketing 126

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 4.73, VPN series firmware versions 4.60 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30

Firewall 98

Firewall Firmware VPN Authentication 98

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. Microsoft Corp.

Malware 266

Malware Software Technology Accountability 266

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Cybercriminals could take over the official communication channels of DepositFiles, including social media accounts and abuse & support emails. researchers said.

Data breaches 96

Data breaches VPN Media Passwords 96

Security Affairs

JUNE 22, 2023

A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect Secure Mobility Client and Secure Client for Windows. The client update process is executed after a successful VPN connection is established.”

VPN 97

VPN Mobile Software Authentication 97