Authentication, Firewall and Information

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Repeated attacks can eventually trigger a DoS condition by forcing the firewall into maintenance mode, requiring manual intervention to restore online functionality.

Firewall

Firewall Software Engineering Authentication

Sophos Firewall affected by a critical authentication bypass flaw

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier. MR3 (18.5.3)

Firewall

Firewall Authentication VPN Hacking

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Security Affairs

DECEMBER 3, 2023

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall

Firewall Authentication VPN Cyber Attacks

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points.

Firewall

Firewall VPN Authentication Hacking

How is information stored in cloud secure from hacks

CyberSecurity Insiders

MAY 14, 2023

Cloud storage services have become a target for hackers, and the theft of personal and sensitive information can have serious consequences. So, how is information stored in the cloud secured from hacks? One way to secure information in the cloud is through encryption.

Hacking

Hacking Antivirus Firewall Encryption

Multiple flaws in pfSense firewall can lead to arbitrary code execution

Security Affairs

DECEMBER 15, 2023

Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. ” reads the analysis published by SonarSource. and pfSense Plus 23.09.

Firewall

Firewall Phishing Authentication Hacking

How to Perform a Firewall Audit in 11 Steps (+Free Checklist)

eSecurity Planet

FEBRUARY 21, 2024

A firewall audit is a procedure for reviewing and reconfiguring firewalls as needed so they still suit your organization’s security goals. Auditing your firewall is one of the most important steps to ensuring it’s still equipped to protect the perimeter of your business’ network.

Firewall

Firewall Firmware Software Risk

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall

Firewall Firmware IoT Authentication

What Is a Firewall Policy? Steps, Examples & Free Template

eSecurity Planet

JANUARY 5, 2024

A firewall policy is a set of rules and standards designed to control network traffic between an organization’s internal network and the internet. Featured Partners: Next-Gen Firewall (NGFW) Software Learn more Table of Contents Toggle Free Firewall Policy Template What Are the Components of Firewall Policies?

Firewall

Firewall Penetration Testing DNS Network Security

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall

Firewall Government VPN Authentication

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Follow me on Twitter: @securityaffairs and Facebook.

Firewall

Firewall VPN Authentication Cyber Attacks

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. On March 25, Sophos announced to have fixed the authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall.

Firewall

Firewall DNS Authentication Malware

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. This is reachable pre-authentication, on every SSL VPN appliance.

Firewall

Firewall VPN Authentication Media

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall

Firewall Passwords Accountability Advertising

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Researchers published PoC exploit code for Juniper SRX firewall flaws

Security Affairs

AUGUST 28, 2023

Researchers published a PoC exploit code for Juniper SRX firewall flaws that can be chained to gain RCE in Juniper’s JunOS. watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. In mid-August, Juniper addressed four medium-severity (CVSS 5.3)

Firewall

Firewall Authentication Hacking Information Security

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. critical severity score of 9.8)

Firewall

Firewall VPN Authentication Hacking

Sophos warns of a new actively exploited flaw in Firewall product

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall

Firewall VPN Authentication Hacking

Threat actors actively exploit recently fixed Sophos firewall bug

Security Affairs

MARCH 29, 2022

Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040 , that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall

Firewall Authentication Hacking Cybersecurity

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22. It was designed to download payloads intended to exfiltrate XG Firewall-resident data.

Firewall

Firewall Ransomware Passwords VPN

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall

Firewall Authentication Hacking Cybersecurity

Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy

Security Affairs

OCTOBER 7, 2022

Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication

Authentication Firewall Hacking Risk

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance.

Firewall

Firewall VPN Firmware Internet

Endangered data in online transactions and how to safeguard company information

CyberSecurity Insiders

JANUARY 6, 2022

This is especially beneficial for financial transactions as all the data, including credit card information, remains private. Ethernet and MAC), the session (WEB sockets), transport (SSL, TCP, and UDP), perimeter (firewalls), and physical layers (securing endpoint devices). It ensures integrity, authentication, and non-repudiation.

Encryption

Encryption Identity Theft Authentication Data breaches

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. The post Cisco fixes 5 critical flaws that could allow router firewall takeover appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall

Firewall Small Business Wireless Authentication

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

The Last Watchdog

MARCH 4, 2024

Related: Hackers target UK charities Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization. Investing in top-notch firewalls is also essential, as they serve as the first line of defense against external threats. Strengthen authentication.

Social Engineering

Social Engineering Risk Cybersecurity Authentication

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10.

Firewall

Firewall Authentication VPN Advertising

Cisco will not fix the authentication bypass flaw in EoL routers

Security Affairs

SEPTEMBER 8, 2022

The vulnerability affects: Cisco Catalyst 8000V Edge Software Adaptive Security Virtual Appliance (ASAv) Secure Firewall Threat Defense Virtual (formerly FTDv). ” The fourth issue fixed by the vendor is an authentication bypass flaw, tracked CVE-2022-20923 (CVSS score: 4.0) ” reads the advisory published by Cisco.

Authentication

Authentication Small Business Software Firewall

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. The issue impacts at least: FortiOS-6K7K version 7.0.10 through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication

Authentication Ransomware VPN Passwords

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 ” reads the advisory published by Palo Alto Networks. .

Firewall

Firewall Authentication Software Hacking

What do Cyber Threat Actors do with your information?

Zigrin Security

OCTOBER 11, 2023

Cybercriminals can profit by stealing sensitive information and selling it on the dark web to other criminals. They could leak classified information to damage the reputation of target organizations or just prove their point to the public. Financial Gain One of the primary motivations for hackers is financial gain.

Cyber threats

Cyber threats Penetration Testing Passwords Backups

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

What Is a Circuit-Level Gateway? Definitive Guide

eSecurity Planet

FEBRUARY 21, 2024

A circuit-level gateway (CLG) is a firewall feature that acts as a proxy and filters packets based on session information. CLGs can be combined with threat feeds to inform security policies that block known-malicious URLs and IP addresses. Next, the CLG acts as a proxy to contact the host on behalf of the client.

Firewall

Firewall DDOS Architecture Cybersecurity

Top Web Application Firewall (WAF) Vendors

eSecurity Planet

MAY 6, 2021

Web application firewalls (WAFs) are a critical component for robust application security. At the same time, WAF technology is increasingly a part of more comprehensive security solutions like next-generation firewalls (NGFW), unified threat management (UTM), and more. Best Web Application Firewalls (WAFs). Amazon Web Services.

Firewall

Firewall DDOS Marketing Technology

New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

The Hacker News

JULY 12, 2023

SonicWall on Wednesday urged customers of Global Management System (GMS) firewall management and Analytics network reporting engine software to apply the latest fixes to secure against a set of 15 security flaws that could be exploited by a threat actor to circumvent authentication and access sensitive information.

Network Security

Network Security Firewall Engineering Authentication

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29. Colonial Pipeline.

Authentication

Authentication VPN Passwords Accountability

SonicWall urges organizations to fix critical flaws in GMS/Analytics products

Security Affairs

JULY 13, 2023

SonicWall fixed multiple critical vulnerabilities impacting its GMS firewall management and Analytics management and reporting engine. SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine. R7 and before ● Analytics 2.5.2

Firewall

Firewall Authentication Engineering Passwords

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

APRIL 28, 2024

Multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application could potentially compromise affected appliances. The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0

Firewall

Firewall Authentication Architecture Backups

What Is DNS Security? Everything You Need to Know

eSecurity Planet

NOVEMBER 10, 2023

The DNS protocol was designed for use within a firewall on a secure network, and by default will communicate in plain text. in the DNS cache for more efficient delivery of information to users.

DNS

DNS DDOS Encryption Authentication

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Remote workers face having both their personal and work-related information compromised. Set-up 2-factor authentication. Two-factor authentication or two-step verification involves adding a step to add an extra layer of protection to accounts. Set up firewalls. Firewalls help, but threats will inevitably get through.

VPN

VPN Firewall Antivirus Passwords

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

MAY 2, 2023

Experts must monitor firewalls, test business continuity plans and identify vulnerabilities with seemingly little payoff. Enforce strict authentication and verification measures for server access requests. An increasingly digitized world means analysts can’t rest. These feelings are a side effect of cybersecurity burnout.

Cybersecurity

Cybersecurity Firewall Risk Cyber Risk

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Sophos Firewall affected by a critical authentication bypass flaw

Trending Sources

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Zyxel fixed four bugs in firewalls and access points

How is information stored in cloud secure from hacks

Multiple flaws in pfSense firewall can lead to arbitrary code execution

How to Perform a Firewall Audit in 11 Steps (+Free Checklist)

VulnRecap 1/16/24 – Major Firewall Issues Persist

What Is a Firewall Policy? Steps, Examples & Free Template

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Hackers exploit SQL injection zero-day issue in Sophos firewall

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Researchers published PoC exploit code for Juniper SRX firewall flaws

Zyxel firewall and VPN devices affected by critical flaws

Sophos warns of a new actively exploited flaw in Firewall product

Threat actors actively exploit recently fixed Sophos firewall bug

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

Fortinet urges customers to immediately fix a critical authentication bypass flaw in FortiGate and FortiProxy

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Endangered data in online transactions and how to safeguard company information

Cisco fixes 5 critical flaws that could allow router firewall takeover

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Cisco will not fix the authentication bypass flaw in EoL routers

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

What do Cyber Threat Actors do with your information?

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Sophos fixed a critical vulnerability in Cyberoam firewalls

What Is a Circuit-Level Gateway? Definitive Guide

Top Web Application Firewall (WAF) Vendors

New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products

Trick or Treat: The Choice is Yours with Multifactor Authentication

SonicWall urges organizations to fix critical flaws in GMS/Analytics products

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

What Is DNS Security? Everything You Need to Know

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

Stay Connected