Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. SecurityAffairs – hacking, Zyxel). Pierluigi Paganini.

Firewall 120

Firewall VPN Authentication Cyber Attacks 120

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. On March 25, Sophos announced to have fixed the authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall.

Firewall 125

Firewall DNS Authentication Malware 125

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. This is reachable pre-authentication, on every SSL VPN appliance.

Firewall 82

Firewall VPN Authentication Media 82

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 94

Firewall Firmware VPN Authentication 94

Security Affairs

AUGUST 28, 2023

Researchers published a PoC exploit code for Juniper SRX firewall flaws that can be chained to gain RCE in Juniper’s JunOS. watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. In mid-August, Juniper addressed four medium-severity (CVSS 5.3)

Firewall 87

Firewall Authentication Hacking Information Security 87

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. critical severity score of 9.8)

Firewall 94

Firewall VPN Authentication Hacking 94

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall 145

Firewall Passwords Accountability Advertising 145

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall 78

Firewall VPN Authentication Hacking 78

Security Affairs

MARCH 29, 2022

Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040 , that resides in the User Portal and Webadmin areas of Sophos Firewall. SecurityAffairs – hacking, RCE).

Firewall 66

Firewall Authentication Hacking Cybersecurity 66

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication 98

Authentication Firewall Hacking Risk 98

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22. It was designed to download payloads intended to exfiltrate XG Firewall-resident data.

Firewall 133

Firewall Ransomware Passwords VPN 133

SecureWorld News

MARCH 12, 2024

When a website gets hacked, the aftermath can be expensive and long-lasting, and the recovery process is often extremely difficult. But what happens if a hack has already occurred? Next, let's discuss the steps to take to recover from a hack. So, instead of panicking, relax and focus on fixing your hacked WordPress site.

Hacking 95

Hacking Passwords Backups Firewall 95

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall 80

Firewall Authentication Hacking Cybersecurity 80

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance.

Firewall 83

Firewall VPN Firmware Internet 83

Security Affairs

JUNE 25, 2021

Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. The vulnerability in the management interface of FortiWeb firewall was discovered by Andrey Medov, from cybersecurity firm Positive Technologies.

Hacking 111

Hacking Firewall Authentication Technology 111

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. SecurityAffairs – hacking, Cisco). The post Cisco fixes 5 critical flaws that could allow router firewall takeover appeared first on Security Affairs. Pierluigi Paganini.

Firewall 90

Firewall Small Business Wireless Authentication 90

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN 121

VPN Firewall Authentication Hacking 121

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 109

VPN Firewall Firmware Authentication 109

Security Affairs

SEPTEMBER 8, 2022

The vulnerability affects: Cisco Catalyst 8000V Edge Software Adaptive Security Virtual Appliance (ASAv) Secure Firewall Threat Defense Virtual (formerly FTDv). ” The fourth issue fixed by the vendor is an authentication bypass flaw, tracked CVE-2022-20923 (CVSS score: 4.0) SecurityAffairs – hacking, NVIDIA).

Authentication 135

Authentication Small Business Software Firewall 135

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. SecurityAffairs – hacking, PAN-OS).

Firewall 88

Firewall Authentication VPN Advertising 88

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 SecurityAffairs – hacking, CVE-2022-0030).

Firewall 145

Firewall Authentication Software Hacking 145

Security Affairs

JUNE 13, 2023

The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. The issue impacts at least: FortiOS-6K7K version 7.0.10 through 6.2.13

Firewall 83

Firewall VPN Firmware Manufacturing 83

Zigrin Security

OCTOBER 11, 2023

Cybercriminals can profit by stealing sensitive information and selling it on the dark web to other criminals. State-sponsored hacking is a growing concern, with governments using cyberattacks to gather intelligence, disrupt infrastructure, or compromise national security. The main point is money is a big motivation to steal data.

Cyber threats 52

Cyber threats Penetration Testing Passwords Backups 52

Krebs on Security

AUGUST 2, 2019

But new information indicates the methods she deployed have been well understood for years. The misconfiguration of the WAF allowed the intruder to trick the firewall into relaying requests to a key back-end resource on the AWS platform. He also acknowledged that doing so could break a lot of backwards compatibility within AWS.

Hacking 236

Hacking Firewall Data breaches Software 236

Security Affairs

JULY 13, 2023

SonicWall fixed multiple critical vulnerabilities impacting its GMS firewall management and Analytics management and reporting engine. SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine. R7 and before ● Analytics 2.5.2

Firewall 85

Firewall Authentication Engineering Passwords 85

Security Affairs

APRIL 28, 2024

” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, Brocade) Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. These switches are running Linux and are powerful.

Firewall 107

Firewall Authentication Architecture Backups 107

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall 81

Firewall VPN Passwords Internet 81

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” continues the advisory.

VPN 108

VPN Accountability Firewall Data breaches 108

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7) CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2) CVE-2021-33883 – Cleartext Transmission of Sensitive Information (CVSS 7.1)

Hacking 104

Hacking Authentication Internet Internet 104

The Last Watchdog

MARCH 6, 2021

Related: Poll confirms rise of Covid 19-related hacks. Remote workers face having both their personal and work-related information compromised. Set-up 2-factor authentication. Two-factor authentication or two-step verification involves adding a step to add an extra layer of protection to accounts. Set up firewalls.

VPN 214

VPN Firewall Antivirus Passwords 214

Security Affairs

SEPTEMBER 7, 2022

In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. CVE-2022-0910 : An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.

Firewall 82

Firewall Firmware Authentication VPN 82

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, “Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions.” in its firewall devices.

Firmware 89

Firmware Firewall Authentication VPN 89

Adam Levin

MARCH 23, 2020

Follow these five tips to keep your email and your business cybersecure: Don’t send sensitive information via email: Email is convenient and universal, but it’s not an especially secure way to send information. Avoid sending sensitive information like tax forms, credit card numbers, bank account information, or passwords via email.

Scams 147

Scams Phishing Accountability Authentication 147

eSecurity Planet

NOVEMBER 10, 2023

The DNS protocol was designed for use within a firewall on a secure network, and by default will communicate in plain text. in the DNS cache for more efficient delivery of information to users. To prevent a DNS attack , organizations need to secure their DNS processes for both local and remote users.

DNS 94

DNS DDOS Encryption Authentication 94

Security Affairs

JANUARY 23, 2021

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. and would provide additional updates as more information emerges. Pierluigi Paganini.

VPN 129

VPN Firewall Mobile Hacking 129

Security Affairs

JUNE 29, 2023

A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. “Ultimately, this makes it possible for threat actors to bypass authentication and gain access to arbitrary accounts on sites running a vulnerable version of the plugin.”

Firewall 84

Firewall Authentication Encryption Accountability 84

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. The issue received a CVSSv3.1

Firewall 101

Firewall Authentication Advertising VPN 101