Advertising, Information Security and VPN

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Security Affairs

OCTOBER 3, 2023

Zscaler ThreatLabz researchers discovered a new malware-as-a-service (MaaS) that is called BunnyLoader, which has been advertised for sale in multiple cybercrime forums since September 4, 2023. The malware is also able to steal data from messaging apps and VPN clients. ” continues the report.

Advertising

Advertising Cybercrime Malware Cryptocurrency

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. ” continues the researchers.

VPN

VPN Government Advertising Firmware

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. ” continues the EUROPOL. Europol said.

VPN

VPN Cybercrime Ransomware Advertising

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN

VPN Advertising Accountability Healthcare

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN

VPN Advertising Healthcare Data breaches

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN InfoSec Advertising Cybersecurity

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN

VPN Firewall Advertising Media

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Encryption Advertising Authentication

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security Affairs

SEPTEMBER 23, 2019

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. “There is an unquoted search path vulnerability in Forcepoint VPN Client for Windows versions lower than 6.6.1.” Pierluigi Paganini.

VPN

VPN Advertising Hacking Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. co and a VPN provider called HideIPVPN[.]com. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

VPNpro research: this Chinese-linked company secretly owns 10 VPNs with 86 million installs

Security Affairs

MAY 30, 2019

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. The study also revealed that two of those VPN products are under its other developer name, Lemon Clove, and another two by Autumn Breeze 2018. Innovative Connecting VPNs products.

VPN

VPN Small Business Mobile Advertising

Dozens of unsecured databases wiped by mysterious Meow attack

Security Affairs

JULY 22, 2020

Immediately after the first attacks, security experts started searching for vulnerable databases exposed online. One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN , hackers targeted its Elasticsearch database. Recently vpnMentor experts reported that seven Virtual Private Network (VPN) left 1.2

VPN

VPN Advertising Hacking Information Security

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

And avoid accessing sensitive information or making financial transactions while connected to public Wi-Fi. Use a VPN to browse privately A virtual private network (VPN) enhances your online privacy and helps keep your identity safe.

VPN

VPN Passwords Scams Accountability

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Since then, the same spammers have used this method to advertise more than 100 different crypto investment-themed domains. That user advertised a service called “ Quot Project ” which said they could be hired to write programming scripts in Python and C++. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft. Pierluigi Paganini.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

JULY 20, 2020

Immediately after the attack was detected by the internal IT staff, the company warned its employees of not connecting its internal VPN network and avoiding opening emails with suspicious archive attachments. In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Ransomware

Ransomware VPN Advertising Internet

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. “Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers.

Passwords

Passwords Spyware VPN Malware

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government VPN Telecommunications Advertising

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking VPN Advertising Financial Services

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

Experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. BadPackets reported that SeaChange had a Pulse Secure VPN server ( [link] ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020. Pierluigi Paganini.

Software

Software Ransomware VPN Advertising

Elexon, a middleman in the UK power grid network hit by cyber-attack

Security Affairs

MAY 17, 2020

Experts from security firm Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, if confirmed threat actors could have exploited it to access the internal network. NSA also warned of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws.

Cyber Attacks

Cyber Attacks VPN Advertising Cyber threats

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server. 166 and then browsed pages on a SharePoint site and downloaded a file (Data from Information Repositories: SharePoint [ T1213.002 ]).

VPN

VPN Malware Cyber threats Accountability

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ~ Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Security Affairs newsletter Round 286 appeared first on Security Affairs.

VPN

VPN Surveillance Advertising Ransomware

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

PoC publicly available Linux variant of Cerber ransomware targets Atlassian servers Ivanti fixed two critical flaws in its Avalanche MDM Researchers released exploit code for actively exploited Palo Alto PAN-OS bug Cisco warns of large-scale brute-force attacks against VPN and SSH services PuTTY SSH Client flaw allows of private keys recovery A renewed (..)

Data breaches

Data breaches Phishing Ransomware Malware

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. In May 2021, cybercriminals offered more than 36,000 login credentials for.edu email accounts and advertised the data on an instant messaging platform.

Cybercrime

Cybercrime Education Accountability Phishing

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

Security Affairs

APRIL 8, 2020

The memo invited NASA personnel to use VPN and regularly visit a dedicated website that provides information related to working during the COVID-19 outbreak. Below the list of suggestions included in the agency’s memo: Use the NASA VPN, prior to beginning to work. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Computers and Electronics VPN Phishing

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 3 (@pancak3lullz) October 15, 2020.

Ransomware

Ransomware Malware Advertising Cybercrime

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco released security updates to address other 22 high and medium severity security vulnerabilities impacting several routers, WebEx, Cisco SD-WAN Solution Software versions and other software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall

Firewall Small Business Wireless Authentication

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

.” The company did not disclose details of the attack, at the time the experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. and Elexon electrical middleman.

Ransomware

Ransomware VPN Banking Data breaches

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Use two-factor authentication with strong passwords.

Ransomware

Ransomware VPN Advertising Marketing

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs

MAY 8, 2020

As a result, all RUB members, for example, have no access to the Outlook mail program and the VPN tunnel, which is necessary to access folders from the home office. e-mail, VPN tunnel, “Serviceportal”). ^sk Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks VPN Advertising Hacking

Security Affairs - Untitled Article

Security Affairs

JULY 22, 2019

GlobalProtect products allow organizations to set up a virtual private network (VPN) access, they also implement other security and management features. “ n this article, we would like to talk about the vulnerability on Palo Alto SSL VPN. Palo Alto calls their SSL VPN product line as GlobalProtect.

VPN

VPN Advertising Authentication Information Security

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Since early February, the Russian government has blocked other encrypted email and VPN services in Russia, including ProtonMail and ProtonVPN VPN service. The Russian government asks all Internet service providers and VPN providers operating in the country to provide information about their users. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The cost for antivirus accounts is just over $20, while other types of accounts (cable, social media, VPN, streaming, adult, music, file sharing, and video game accounts) typically go for less than $10. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

through 4.73, VPN series firmware versions 4.60 Since the vulnerability is in the VPN service, which is enabled by default on the WAN, we expect the actual number of exposed and vulnerable devices to be much higher.” The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

DDOS

DDOS Firmware VPN Firewall

Security Affairs newsletter Round 283

Security Affairs

SEPTEMBER 27, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Banking Advertising Ransomware

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

. “In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies,” Palo Alto Networks explains.

Firewall

Firewall Authentication VPN Advertising

+60,000 Android apps spotted hiding adware for past six months

Security Affairs

JUNE 7, 2023

The adware was distributed through rogue apps mimicking game cracks, games with unlocked features, free VPN, fake videos, Netflix fake tutorials, YouTube/TikTok without ads, cracked utility programs such as weather and pdf viewers, and fake security programs. The advertisement URL can be also loaded as a full-screen WebView ad.

Adware

Adware Mobile Malware Advertising

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

The Iranian hackers belong to an Iran-based threat actor that was behind attacks exploiting vulnerabilities in Pulse Secure VPN, Citrix Application Delivery Controller (ADC) and Gateway , and F5’s BIG-IP ADC products. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

VPN

VPN Passwords Advertising Password Management

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Bulletproof VPN services took down in a global police operation

Webinars

Trending Sources

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Webinars

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Who and What is Behind the Malware Proxy Service SocksEscort?

VPNpro research: this Chinese-linked company secretly owns 10 VPNs with 86 million installs

Dozens of unsecured databases wiped by mysterious Meow attack

Protecting Your Digital Identity: Celebrating Identity Management Day

Interview With a Crypto Scam Investment Spammer

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

REVil ransomware infected 18,000 computers at Telecom Argentina

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

The Russian Government blocked ProtonMail and ProtonVPN

Iran-linked APT group Pioneer Kitten sells access to hacked networks

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Elexon, a middleman in the UK power grid network hit by cyber-attack

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

CISA says federal agency compromised by malicious cyber actor

Security Affairs newsletter Round 286

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

FBI: Compromised US academic credentials available on various cybercrime forums

NASA warns of a significant increase in cyber attacks during Coronavirus outbreak

REvil Ransomware member win the auction for KPot stealer source code

Cisco fixes 5 critical flaws that could allow router firewall takeover

SeaChange video delivery provider discloses REVIL ransomware attack

Netwalker ransomware operators claim to have stolen data from Forsee Power

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs - Untitled Article

Russian govn blocked Tutanota service in Russia to stop encrypted communication

15 billion credentials available in the cybercrime marketplaces

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs newsletter Round 283

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

+60,000 Android apps spotted hiding adware for past six months

US CISA report shares details on web shells used by Iranian hackers

Stay Connected