Authentication, Firewall, Information and VPN

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points.

Firewall

Firewall VPN Authentication Hacking

Sophos Firewall affected by a critical authentication bypass flaw

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier. MR3 (18.5.3)

Firewall

Firewall Authentication VPN Hacking

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Security Affairs

DECEMBER 3, 2023

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall

Firewall Authentication VPN Cyber Attacks

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall

Firewall Government VPN Authentication

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions.

VPN

VPN Firewall Firmware Authentication

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. This is reachable pre-authentication, on every SSL VPN appliance.

Firewall

Firewall VPN Authentication Media

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Follow me on Twitter: @securityaffairs and Facebook.

Firewall

Firewall VPN Authentication Cyber Attacks

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall

Firewall Firmware IoT Authentication

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Sophos warns of a new actively exploited flaw in Firewall product

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall

Firewall VPN Authentication Hacking

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” continues the advisory.

VPN

VPN Accountability Firewall Data breaches

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. ” concludes the post. Pierluigi Paganini.

VPN

VPN Firewall Authentication Internet

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22. It was designed to download payloads intended to exfiltrate XG Firewall-resident data.

Firewall

Firewall Ransomware Passwords VPN

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication

Authentication Ransomware VPN Passwords

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. The post Cisco fixes 5 critical flaws that could allow router firewall takeover appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall

Firewall Small Business Wireless Authentication

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Remote workers face having both their personal and work-related information compromised. Set-up 2-factor authentication. Two-factor authentication or two-step verification involves adding a step to add an extra layer of protection to accounts. Since a VPN tunnels traffic through a server in a location of your choosing.

VPN

VPN Firewall Antivirus Passwords

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10.

Firewall

Firewall Authentication VPN Advertising

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29. Colonial Pipeline.

Authentication

Authentication VPN Passwords Accountability

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x and would provide additional updates as more information emerges. The impacted products are: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

VPN

VPN Software Firewall Authentication

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. CVE-2022-0910 : An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.

Firewall

Firewall Firmware Authentication VPN

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, “Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions.” in its firewall devices.

Firmware

Firmware Firewall Authentication VPN

NSA, CISA Release Guidance for Choosing and Hardening VPNs

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN

VPN Authentication Passwords Software

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

With a VPN like Surfshark to encrypt your online traffic and keep it protected against any security breach, your valuable data isn’t going to get compromised easily anytime soon. Two-factor authentication . Firewalls . For basic network security, make sure to regularly update the information to protect it from hackers.

Small Business

Small Business Cyber Attacks VPN Backups

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. Orca has now released further research information. Both vulnerabilities affected authenticated users of Apache Oozie and Apache Ambari. versions 7.4.0 versions 7.2.0

VPN

VPN Authentication Software Firewall

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The hackers were also able to turn off the two-factor authentication (2FA). We released a statement urging customers to take immediate action to protect their personal information. “Please keep your CAS behind a firewall and VPN. “Please keep your CAS behind a firewall and VPN.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

ToddyCat is making holes in your infrastructure

SecureList

APRIL 22, 2024

This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it. One of the group’s main goals is to steal sensitive information from hosts. The remote server IP information is shown in the table below.

VPN

VPN Passwords Encryption Malware

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v

VPN

VPN Firewall Firmware Authentication

Portnox Cloud: NAC Product Review

eSecurity Planet

APRIL 19, 2023

authentication to gather endpoint information for reporting and enforcement. The agent does not make any changes to the endpoint , so it will be suitable for BYOD, but it provides valuable information into the status of the device such as location data, dangerous applications, jail-broken devices, and OS versions.

IoT

IoT Authentication VPN Backups

An Unholy Union: Remote Access and Ransomware

Approachable Cyber Threats

OCTOBER 16, 2020

During the COVID-19 pandemic for example, you may use a Virtual Private Network (VPN) to connect to your organization’s network as if you’re sitting in the office, or you might use Remote Desktop Protocol (RDP) to connect to your computer that’s now collecting dust on your office desk. That adds on even more expenses! So what should we do?”

Ransomware

Ransomware VPN Internet Internet

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication.

VPN

VPN Authentication Ransomware Antivirus

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Manufacturing Healthcare Education

NSA issues advice for securing wireless devices

Malwarebytes

AUGUST 4, 2021

By releasing an information sheet that provides guidance on securing wireless devices while in public (pdf) —for National Security System, Department of Defense, and Defense Industrial Base teleworkers—the NSA has provided useful information on malicious techniques used by cyber actors, and ways to protect against them.

Wireless

Wireless Encryption VPN Computers and Electronics

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

Security Affairs

JUNE 30, 2020

Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. x base score of 10.

Firewall

Firewall Authentication VPN Hacking

Cisco warns of large-scale brute-force attacks against VPN and SSH services

New TunnelVision technique can bypass the VPN encapsulation

Webinars

Trending Sources

Zyxel firewall and VPN devices affected by critical flaws

Webinars

Zyxel fixed four bugs in firewalls and access points

Sophos Firewall affected by a critical authentication bypass flaw

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

VulnRecap 1/16/24 – Major Firewall Issues Persist

NSA, CISA release guidance on hardening remote access via VPN solutions

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Sophos warns of a new actively exploited flaw in Firewall product

Okta warns of unprecedented scale in credential stuffing attacks on online services

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Cisco fixes 5 critical flaws that could allow router firewall takeover

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Sophos fixed a critical vulnerability in Cyberoam firewalls

Trick or Treat: The Choice is Yours with Multifactor Authentication

Security firm SonicWall was victim of a coordinated attack

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Zyxel addressed a critical RCE flaw in its NAS devices

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

NSA, CISA Release Guidance for Choosing and Hardening VPNs

Is Your Small Business Safe Against Cyber Attacks?

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

Palo Alto Networks addresses tens of serious issues in PAN-OS

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

ToddyCat is making holes in your infrastructure

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Portnox Cloud: NAC Product Review

An Unholy Union: Remote Access and Ransomware

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

FBI and CISA warn of attacks by Rhysida ransomware gang

NSA issues advice for securing wireless devices

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

Stay Connected