Advertising, Authentication and Firewall

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall

Firewall Passwords Accountability Advertising

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Ransomware Passwords VPN

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Authentication

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10.

Firewall

Firewall Authentication VPN Advertising

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/ phscripts /bin/ tunnelshell script, SSH authentication still succeeds.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Firmware Advertising Firewall

Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Security Affairs

SEPTEMBER 10, 2020

Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

Firewall

Firewall Authentication Advertising Software

Palo Alto Networks addresses another high severity issue in PAN-OS devices

Security Affairs

JULY 9, 2020

Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. x base score of 10. .

Firewall

Firewall Advertising Authentication Hacking

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

SecureWorld News

MARCH 29, 2024

The concept of the term "malvertising" (a portmanteau of "malicious advertising") suggests an overlap with ads, albeit dodgy ones, and therefore fuels the fallacy that its impact hardly goes beyond frustration. Again, a raid as harmful as that commences with what appears to be garden-variety deceptive advertising trickery.

Cybercrime

Cybercrime Advertising Engineering Antivirus

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

. “A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. “This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”

VPN

VPN Firewall Advertising Internet

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

IoT

IoT Firewall Manufacturing Computers and Electronics

FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life

Security Affairs

AUGUST 6, 2020

Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.” Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Healthcare Firewall Advertising

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Two vulnerabilities can allow authenticated attackers with local access to the target devices to execute arbitrary code. One vulnerability can be exploited by an authenticated attacker to access some parts of the user interface they normally should not be able to access. Pierluigi Paganini. SecurityAffairs – hacking, DoS).

Software

Software DNS Wireless Advertising

Juniper fixes tens of flaws affecting the Junos OS

Security Affairs

OCTOBER 16, 2020

The vendor has published 40 security advisories related to security vulnerabilities in the Junos OS operating system that runs on Juniper’s firewalls and other third-party components. “If SAML authentication is not enabled, the product is not affected. . “If SAML authentication is not enabled, the product is not affected.

Authentication

Authentication Advertising Firewall Hacking

Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code

Security Affairs

JULY 15, 2019

A critical vulnerability affecting the Ad Inserter WordPress plugin could be exploited by authenticated attackers to remotely execute PHP code. Security researchers at Wordfence discovered a critical vulnerability in the Inserter WordPress plugin that could be exploited by authenticated attackers to remotely execute PHP code.

Authentication

Authentication Firewall Advertising Information Security

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

This vulnerability is pre-authentication and requires no user interaction. “Simply disabling UDP Transport, or firewalling the UDP port (usually port 3391) is sufficient to prevent exploitation,” explained the popular researcher Marcus Hutchins. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Firewall Education Engineering

Credential-stealing malware disguises itself as Telegram, targets social media users

Malwarebytes

APRIL 11, 2022

First, the malware checks whether it is able to authenticate using the stolen cookies. If the cookies are valid and provide proper authentication, it sends a GET /settings request using the Access Token to facebook.com along with the authenticated cookies so it can fetch the User Account settings of the compromised account.

Media

Media Malware Spyware Accountability

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

The Agency confirmed that an authenticated attacker with access to the solution via a general license could exploit the flaws to trigger a DoS condition or to achieve arbitrary information disclosure and data manipulation. Locate control system networks and remote devices behind firewalls, and isolate them from the business network.

Advertising

Advertising Authentication VPN Firewall

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Security Affairs

MAY 18, 2020

“During a routine research audit for our Sucuri Firewall , we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.” Once the attacker has authenticated as an admin, it could add a new admin account to take over the site. Pierluigi Paganini.

Advertising

Advertising Authentication Firewall Hacking

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Use an additional layer of authentication ( MFA/2FA ). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Internet Internet Advertising

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and the threat can also be mitigated by blocking TCP port 3389. Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

MARCH 21, 2019

The experts demonstrated that an attacker could exploit the issue by setting up an HTTP Server with NTLM authentication, then use an XXE/SSRF vulnerability to force a NTLM authentication from the victim. When authenticating with NTLMv1, attacker can directly relay the Net-NTLM Hash to the victim’s SMB service.

Authentication

Authentication Advertising Engineering Firewall

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multi-factor authentication for these sites. Experts believe the threat actors could bypass multifactor authentication for the sites for which they are able to steal associated info.

Malware

Malware Cryptocurrency Authentication Advertising

Large-scale campaign targets configuration files from WordPress sites

Security Affairs

JUNE 4, 2020

“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the analysis.

Advertising

Advertising Firewall Accountability Authentication

API Security and Hackers: What?s the Need?

Security Affairs

MAY 30, 2020

Authentication. To increase the complexity of hacking your device, always get to know who is calling your APIs, by using a simple access authentication (user/password) or an API key (asymmetric key). The authorization and/or authentication of your APIs should be delegated. API Firewalling. Encryption. Just be cryptic.

Authentication

Authentication Firewall Encryption Passwords

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. The malware act as an attack vector used to load the tainted firmware onto a peripheral device that is not able to validate its origin and authenticity. ” reads the analysis published by the experts.

Firmware

Firmware Hacking Authentication Advertising

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, HP).

Hacking

Hacking Accountability Passwords InfoSec

Cisco addresses flaws in its products, including Small Business routers and Webex

Security Affairs

JANUARY 24, 2019

The vulnerability could be exploited by a remote, authenticated attacker to cause a DoS condition and in some conditions to execute arbitrary code with root privileges. In most cases, exploitation requires the attacker to authenticate to the targeted system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Small Business

Small Business IoT Authentication Engineering

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malicious code was initially advertised on many hacking forums for up to $300, later other threat actors started offering it for less than $80 in the cybercrime underground. If these services are required, use strong passwords or Active Directory authentication. Enforce multi-factor authentication. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

In an interview with KrebsOnSecurity, James said Unit 221B was wary of advertising its ability to crack Zeppelin ransomware keys because it didn’t want to tip its hand to Zeppelin’s creators, who were likely to modify their file encryption approach if they detected it was somehow being bypassed.

Ransomware

Ransomware Encryption Backups Healthcare

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

WP Database Reset WordPress plugin flaws allow website takeover

Security Affairs

JANUARY 20, 2020

The experts discovered that none of the database reset functions were secured potentially allowing any user to reset any database table without authentication. . and allowed any authenticated to drop all other users by resetting the wp_users table and escalate to administrative privileges. January 14th, 2020 – Patch released.

Authentication

Authentication Advertising Firewall Hacking

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

no authentication and clear-text communication Incorrect HTTP requests cause out of range access in Zope XSS on the web interface Private SSH key Backdoor APIs Backdoor management access and RCE Pre-auth RCE with chrooted access. Also, there is no firewall by default.” log escape sequence injection xmppCnrSender.py

Accountability

Accountability Advertising Software Authentication

Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild

Security Affairs

APRIL 12, 2019

According to security experts at WordFence, the vulnerability in Yuzo plugin stems from missing authentication checks in the plugin routines used to store settings in the database. “The vulnerability in Yuzo Related Posts stems from missing authentication checks in the plugin routines responsible for storing settings in the database.”

Scams

Scams Advertising Authentication Firewall

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

In order to discover potential targets and locate the information it needs to authenticate against, the script passively collects data from /.ssh/config,bash_history, Experts also recommend to access admin endpoints only through firewall or VPN gateway. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Security Affairs

JANUARY 16, 2020

Security systems like firewalls might fail to detect the attempt of exploitation for these issues because authentication bypass vulnerabilities are often logical mistakes in the code and don’t actually involve a suspicious-looking payload. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Advertising Authentication Backups

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Set up a Web Application Firewall to block suspicious and malicious requests from reaching the website. Require strong administrative passwords(use a password manager for best results) and enable two-factor authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

eCommerce

eCommerce Malware Encryption Advertising

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

The agency urges Microsoft users and administrators to install security patches, disable unnecessary services, enable Network Level Authentication (NLA) if available, and block TCP port 3389. Enable Network Level Authentication. Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2.

Authentication

Authentication Advertising Malware Firewall

The strengths and weaknesses of different VPN protocols

Security Affairs

APRIL 26, 2019

The protocol relies on encryption, authentication and peer-to-peer protocol (PPP) negotiation. Does not support Perfect Forward Secrecy One of the least secure protocols Firewalls can block PPTP. Firewalls can easily block it because it only communicates over UDP. Slower than OpenVPN due to double encapsulation.

VPN

VPN Encryption Firewall Internet

Zyxel addresses Zero-Day vulnerability in NAS devices

Security Affairs

FEBRUARY 25, 2020

. “Multiple ZyXEL network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.” “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. and earlier.

Authentication

Authentication Advertising Firmware Internet

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

Security Affairs

SEPTEMBER 6, 2018

The “critical” flaw CVE-2018-0435 affects Cisco Umbrella API, a remote authenticated attacker could leverage the vulnerability to read or modify data across multiple organizations. “The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. . Pierluigi Paganini.

Wireless

Wireless VPN Firewall Authentication

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

If these services are required, use strong passwords or Active Directory authentication. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Keep operating system patches up-to-date.

Malware

Malware Government Passwords System Administration

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Keep operating system patches up-to-date.

Malware

Malware Passwords Advertising Antivirus

Hackers exploit SQL injection zero-day issue in Sophos firewall

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Trending Sources

Cisco fixes 5 critical flaws that could allow router firewall takeover

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Sophos fixed a critical vulnerability in Cyberoam firewalls

Palo Alto Networks addresses tens of serious issues in PAN-OS

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Palo Alto Networks addresses another high severity issue in PAN-OS devices

Malvertising Is a Cybercrime Heavyweight, Not an Underdog

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

P2P Weakness Exposes Millions of IoT Devices

FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Juniper fixes tens of flaws affecting the Junos OS

Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Credential-stealing malware disguises itself as Telegram, targets social media users

Flaws in leading industrial remote access systems allow disruption of operations

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

NSA urges Windows Users and admins to Patch BlueKeep flaw

Experts found a critical vulnerability in the NSA Ghidra tool

CookieMiner Mac Malware steals browser cookies and sensitive Data

Large-scale campaign targets configuration files from WordPress sites

API Security and Hackers: What?s the Need?

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

HP Device Manager flaws expose Windows systems to hack

Cisco addresses flaws in its products, including Small Business routers and Webex

CISA’s advisory warns of notable increase in LokiBot malware

Researchers Quietly Cracked Zeppelin Ransomware Keys

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

WP Database Reset WordPress plugin flaws allow website takeover

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Visa warns of new sophisticated credit card skimmer dubbed Baka

DHS also issued an alert for the Windows BlueKeep flaw

The strengths and weaknesses of different VPN protocols

Zyxel addresses Zero-Day vulnerability in NAS devices

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

US govt agencies share details of the China-linked espionage malware Taidoor

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Stay Connected