Advertising, Authentication, Hacking and VPN

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. SCHOOL OF HACKS. The employee phishing page bofaticket[.]com. Image: urlscan.io.

Phishing

Phishing VPN Social Engineering Media

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Encryption Advertising Authentication

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Authentication

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

“Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” “Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).”

Ransomware

Ransomware VPN Advertising Government

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Security Boulevard

MARCH 30, 2022

Introduction: Hacking forums often double up as underground marketplaces where cybercriminals buy, rent, and sell all kinds of malicious illegal products, including software, trojans, stealers, exploits, and leaked credentials. Use multi-factor authentication where applicable. Avoid visiting unknown sites. PWS.Blackguard.

Malware

Malware Hacking Antivirus Passwords

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. SecurityAffairs – hacking, PAN-OS).

Firewall

Firewall Authentication VPN Advertising

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

Make RDP available only through a corporate VPN. Use Network Level Authentication (NLA). If possible, enable two-factor authentication. Experts also warn of vulnerabilities in other remote working tools, such as VNC, that could expose organizations to hack. SecurityAffairs – RDP, hacking). Pierluigi Paganini.

Passwords

Passwords Advertising VPN Authentication

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Safeguard your privacy with a trustworthy VPN In the digital-verse, protecting your online privacy is paramount, like guarding the secret recipe to your grandma’s famous carrot cake. That’s where a virtual private network (VPN) swoops in like a digital superhero to save the day. But fear not!

Scams

Scams VPN Passwords Phishing

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. Pierluigi Paganini.

Advertising

Advertising Authentication VPN Firewall

Security Affairs newsletter Round 243

Security Affairs

DECEMBER 8, 2019

Twitter account of Huawei Mobile Brazil hacked. A flaw in Microsoft OAuth authentication could lead Azure account takeover. CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems. OpenBSD addresses authentication bypass, privilege escalation issues. The best news of the week with Security Affairs.

Advertising

Advertising DDOS VPN Authentication

Op Wocao – China-linked APT20 was able to bypass 2FA

Security Affairs

DECEMBER 23, 2019

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. W? ”, used as “s**t” or “damn”) is the name that Fox-IT uses to describe the hacking activities of a Chinese based hacking group.” SecurityAffairs – APT20, hacking).

VPN

VPN Hacking Software Advertising

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

The CVE-2020-4529 could allow an authenticated attacker to send unauthorized requests from a system, potentially leading to other attacks, such as network enumeration, “IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF). ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Advertising Authentication Passwords

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Security Affairs

SEPTEMBER 9, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Netwalker). Pierluigi Paganini.

Ransomware

Ransomware Energy and Utilities VPN Advertising

Cisco addresses ten high-risk issues in NX-OS software

Security Affairs

AUGUST 28, 2020

The same devices are affected by a DoS flaw (CVE-2020-3397) in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, NX-OS).

Software

Software Risk Advertising Authentication

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Passwords associated with external authentication systems such as AD or LDAP are unaffected. Login credentials associated with external authentication systems (i.e. A list of the user IDs permitted to use the firewall for SSL VPN and accounts that were permitted to use a “clientless” VPN connection. Pierluigi Paganini.

Firewall

Firewall Ransomware Passwords VPN

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Use an additional layer of authentication ( MFA/2FA ). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Internet Internet Advertising

VPNs begin to lose their relevance, even as they remain difficult to shed

SC Magazine

MARCH 1, 2021

In response, criminal and state-backed hacking groups stepped up their own exploitation of the technology as well. A recent report from Zscaler found that VPNs are still overwhelmingly popular: 93% of companies surveyed reported that they have used them in some capacity.

VPN

VPN Technology Marketing Media

Netwalker ransomware operators leaked files stolen from K-Electric

Security Affairs

OCTOBER 1, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, K-Electric). Pierluigi Paganini.

Ransomware

Ransomware Advertising Engineering VPN

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. The flaw is similar to the recently disclosed vulnerabilities in Palo Alto Networks, Pulse Secure and Fortinet VPN solutions. SecurityAffairs – Cyberoam firewalls, hacking).

Firewall

Firewall VPN Passwords Internet

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Netwalker Ransomware hit Argentina’s official immigration agency

Security Affairs

SEPTEMBER 6, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Netwalker ransomware). Pierluigi Paganini.

Ransomware

Ransomware VPN Advertising Passwords

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Security Affairs

SEPTEMBER 10, 2020

” Netwalker ransomware gang is very active in this period, in a few days it announced the hack of K-Electric , the major Pakistani electricity provider, and Argentina’s official immigration agency, Dirección Nacional de Migraciones. Consider installing and using a VPN. Use two-factor authentication with strong passwords.

Ransomware

Ransomware VPN Data breaches Advertising

BusKill, a $20 USB Dead Man’s Switch for Linux Laptop

Security Affairs

JANUARY 4, 2020

. “We do what we can to increase our OpSec when using our laptop in public-such as using a good VPN provider, 2FA, and password database auto-fill to prevent network or shoulder-based eavesdropping,” says Altfield. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising VPN Engineering Authentication

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Consider installing and using a VPN. Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware VPN Advertising Marketing

How Can You Keep Your Personal Information Safe?

CyberSecurity Insiders

OCTOBER 29, 2021

Ideally, your online accounts should be equipped with two-step factor authentication. It may even be possible to transfer funds from a hacked bank account. Be Wary of Targeted Advertising. Data advertisers and marketers on social media use all the information you share to learn more about you. Driver’s licenses.

Passwords

Passwords Advertising Data breaches Accountability

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Security Affairs

SEPTEMBER 5, 2022

Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide.

Phishing

Phishing Accountability Hacking Advertising

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Advertising Software Authentication

Security Affairs - Untitled Article

Security Affairs

JULY 22, 2019

GlobalProtect products allow organizations to set up a virtual private network (VPN) access, they also implement other security and management features. “ n this article, we would like to talk about the vulnerability on Palo Alto SSL VPN. Palo Alto calls their SSL VPN product line as GlobalProtect. ” Uber replied.

VPN

VPN Advertising Authentication Information Security

How to Protect Against COVID-19 Email Scams

Security Affairs

APRIL 21, 2020

Authentic emails from verified sources would not require this. Persuasion for Instant Action: Males from authentic sources would not create a necessary sense of urgency and would usually not probe one to take drastic actions. Use a VPN: You should use a cheap VPN to deceive hackers as they will not be able to trace your email address.

Scams

Scams Phishing Artificial Intelligence VPN

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Use multifactor authentication where possible. Consider installing and using a VPN. SecurityAffairs – hacking, AvosLocker ransomware). Disable unused ports.

Ransomware

Ransomware DDOS Passwords Backups

Hacker deleted all data from VFEmail Servers, including backups

Security Affairs

FEBRUARY 13, 2019

The hacker destroyed all virtual machines even if the company pointed out that they did not share the same authentication. Of course the attacker could have been using a VPN to hide its real origin., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – cybersecurity, hacking).

Backups

Backups Advertising VPN Cyber Attacks

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Use multifactor authentication where possible. Consider installing and using a virtual private network (VPN). SecurityAffairs – hacking, BlackCat ransomware). To nominate, please visit:?

Ransomware

Ransomware Antivirus Passwords Malware

Rockwell Automation fixes multiple DoS flaws in Stratix Switch introduced by Cisco Software

Security Affairs

APRIL 7, 2019

Remote and local authentication attackers could exploit the flaws to trigger a DoS condition by sending specially crafted packets to vulnerable devices. The company recommends avoiding using any IPsec VPN connections as a temporary mitigation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Software

Software Advertising VPN Authentication

FBI warns of Iran-linked hackers attempting to exploit F5 BIG-IP flaw

Security Affairs

AUGUST 8, 2020

The same threat actors were behind multiple attacks targeting unpatched VPN devices since August 2019, such as Pulse Secure VPN servers and Citrix ADC/Gateway. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Advertising Malware Banking

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

Security Affairs

SEPTEMBER 6, 2018

The “critical” flaw CVE-2018-0435 affects Cisco Umbrella API, a remote authenticated attacker could leverage the vulnerability to read or modify data across multiple organizations. “The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. . Pierluigi Paganini.

Wireless

Wireless VPN Firewall Authentication

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. SecurityAffairs – Prima FlexAir, hacking).

Backups

Backups Authentication Advertising Firmware

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

OCTOBER 7, 2020

Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing. It sounds simple but this simple hack goes a long way in protecting your personal data. SecurityAffairs – hacking, Indonesia).

Data privacy

Data privacy Computers and Electronics Government VPN

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Security Affairs

JANUARY 3, 2020

The other vulnerability is an information disclosure issue that could be exploited by an attacker to obtain a device’s VPN configuration file, potentially exposing sensitive information. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – D-Link, hacking). Pierluigi Paganini.

Advertising

Advertising Firmware VPN Authentication

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Webinars

Trending Sources

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Webinars

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Voice Phishers Targeting Corporate VPNs

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Cisco fixes 5 critical flaws that could allow router firewall takeover

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

FBI issued a flash alert about Netwalker ransomware attacks

Analysis of BlackGuard – a new info stealer malware being sold in a Russian hacking forum

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Palo Alto Networks addresses tens of serious issues in PAN-OS

RDP brute-force attacks rocketed since beginning of COVID-19

7 Cyber Safety Tips to Outsmart Scammers

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs newsletter Round 243

Op Wocao – China-linked APT20 was able to bypass 2FA

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Netwalker ransomware hit K-Electric, the major Pakistani electricity provider

Cisco addresses ten high-risk issues in NX-OS software

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

VPNs begin to lose their relevance, even as they remain difficult to shed

Netwalker ransomware operators leaked files stolen from K-Electric

Sophos fixed a critical vulnerability in Cyberoam firewalls

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Netwalker Ransomware hit Argentina’s official immigration agency

Colocation data centers giant Equinix data hit by Netwalker Ransomware

BusKill, a $20 USB Dead Man’s Switch for Linux Laptop

Netwalker ransomware operators claim to have stolen data from Forsee Power

How Can You Keep Your Personal Information Safe?

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs - Untitled Article

How to Protect Against COVID-19 Email Scams

Avoslocker ransomware gang targets US critical infrastructure

Hacker deleted all data from VFEmail Servers, including backups

BlackCat Ransomware gang breached over 60 orgs worldwide

Rockwell Automation fixes multiple DoS flaws in Stratix Switch introduced by Cisco Software

FBI warns of Iran-linked hackers attempting to exploit F5 BIG-IP flaw

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

CISA warns of critical flaws in Prima FlexAir access control system

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Stay Connected