Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS 77

DNS Hacking Firmware Wireless 77

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Pierluigi Paganini.

Firewall 95

Firewall Authentication Advertising VPN 95

Adam Levin

NOVEMBER 15, 2019

News that Virtual Private Network ( VPN ) provider NordVPN was breached spread quickly. While the breach of a major VPN service is newsworthy, this one wasn’t particularly. But one of the watchwords of good cyber hygiene, a VPN, was breached. Who Is Using VPNs? The incident put NordVPN in the hot seat.

VPN 114

VPN Cybersecurity Firewall Data breaches 114

Security Affairs

AUGUST 23, 2019

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure.

VPN 104

VPN Advertising Firewall Hacking 104

Security Affairs

MARCH 1, 2019

“A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.” Pierluigi Paganini.

Wireless 80

Wireless VPN Firewall Advertising 80

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. through 4.73, VPN series firmware versions 4.60 Zyxel firewalls CVE-2023-28771 (pre-auth remote command OS injection) is being actively exploited to build a Mirai-like botnet. through 5.35.

DDOS 93

DDOS Firmware VPN Firewall 93

Security Affairs

SEPTEMBER 25, 2020

CISA published a detailed incident report related to the incident but didn’t disclose the name of the hacked agency. The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server.

VPN 90

VPN Malware Cyber threats Accountability 90

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft. Pierluigi Paganini.

Ransomware 103

Ransomware VPN Healthcare Cyber Attacks 103

Security Affairs

SEPTEMBER 16, 2020

The Iranian hackers belong to an Iran-based threat actor that was behind attacks exploiting vulnerabilities in Pulse Secure VPN, Citrix Application Delivery Controller (ADC) and Gateway , and F5’s BIG-IP ADC products. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

VPN 85

VPN Passwords Advertising Password Management 85

Security Affairs

MAY 29, 2019

Let’s see how your data can be hacked easily. Logging in through a public network also provides cybercriminals easier access to our account details and password and make your accounts vulnerable to hacking. Opt for VPN. VPN is the safest mode of surfing the internet and provides the best cybersecurity.

Hacking 102

Hacking VPN Passwords Internet 102

Security Affairs

OCTOBER 1, 2020

Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper with data, and even steal sensitive business secrets. Pierluigi Paganini.

Advertising 101

Advertising Authentication VPN Firewall 101

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency 97

Cryptocurrency Malware Advertising VPN 97

Security Affairs

OCTOBER 14, 2019

Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Firewall 75

Firewall Passwords Accountability Data breaches 75

Security Affairs

JUNE 29, 2020

Install a virtual private network ( VPN ) gateway to broker all RDP connections from outside your local network. At the perimeter firewall, disallow external connections to local machines on port 3389 (TCP/UDP) or any other RDP port. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords 118

Passwords Internet Internet Advertising 118

Security Affairs

FEBRUARY 9, 2019

” This technique makes the threat hard to be detected by firewall and other defence systems. Experts were able to download the samples from the address in the de-obfuscated Powershell, including from an Italy-based VPN, and discovered several samples of the Gandcrab ransomware. SecurityAffairs – steganography, hacking).

Ransomware 79

Ransomware Advertising Malware VPN 79

Security Affairs

OCTOBER 13, 2019

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities. Developer hacked back Muhstik ransomware crew and released keys. Multiple APT groups are exploiting VPN vulnerabilities, NSA warns. Sophos fixed a critical vulnerability in Cyberoam firewalls. US will help Baltic states to secure baltic energy grid.

VPN 52

VPN Spyware Data breaches Advertising 52

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” continues the alert.

Ransomware 92

Ransomware VPN Cybercrime Advertising 92

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. Also, there is no firewall by default.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Accountability 78

Accountability Advertising Software Authentication 78

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” continues the alert.

Ransomware 74

Ransomware VPN Cybercrime Advertising 74

Security Affairs

SEPTEMBER 22, 2018

Stealer plug-in – harvests passwords from a wide variety of applications (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. onion web sites.

Banking 84

Banking Advertising VPN Architecture 84

Security Affairs

APRIL 25, 2019

Locate control system networks and devices behind firewalls and isolate them from the business network. When remote access is required, use secure methods such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Pierluigi Paganini.

Firmware 72

Firmware Social Engineering Advertising Malware 72

Security Affairs

SEPTEMBER 6, 2018

The second flaw addressed by Cisco is the CVE-2018-0423 , a buffer overflow vulnerability that resides in the web-based management interface of several firewalls and routers belonging to the RV series. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the security advisory. Pierluigi Paganini.

Wireless 49

Wireless VPN Firewall Authentication 49

Security Affairs

OCTOBER 8, 2018

Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.

Software 67

Software Manufacturing Advertising VPN 67

Security Affairs

JULY 31, 2019

Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.

Backups 55

Backups Authentication Advertising Firmware 55

Security Affairs

OCTOBER 30, 2020

Administrators can follow the Container Journal’s advice by configuring their API servers to allow cluster API access only via the internal network or a corporate VPN. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 90

Advertising Internet Internet VPN 90

Security Affairs

AUGUST 30, 2018

An attacker that is able to compromise a vulnerable device like a home router could use it as an entry point in a target network and hack other devices. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. Also recognize that VPN is only as secure as the connected devices.

Technology 43

Technology Advertising VPN Manufacturing 43

Security Affairs

DECEMBER 6, 2018

Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware 89

Ransomware Advertising Authentication Passwords 89

SecureList

NOVEMBER 14, 2022

Looking back at past leaks of private companies providing such services, such as in the case of Hacking Team, we learned that many states all over the world were buying these capabilities, whether to complement their in-house technologies or as a stand-alone solution they couldn’t develop. Hack-and-leak is the new black (and bleak).

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

Malwarebytes

NOVEMBER 22, 2021

Why you aren’t too small to get hacked. If your company uses a Virtual Private Network (VPN) to provide secure, remote access to company systems, you could limit access to your website login screen to company VPN users too. Use a Web Application Firewall (WAF). They don’t care how small your site is.

Passwords 113

Passwords Software Internet Internet 113

Spinone

NOVEMBER 1, 2019

Firewall – a network security system that filters unsanctioned incoming and outgoing traffic. Virtual Private Network (VPN) – technology that extends a private network and all its encryption, security, and functionality across a public network. It is used by websites to prevent bots from spamming.

Passwords 40

Passwords Social Engineering Malware Encryption 40