Authentication, Firmware, Information Security and VPN

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices.

Firewall

Firewall Firmware Authentication VPN

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Focus on cyber security awareness and training.

Ransomware

Ransomware DDOS Passwords Backups

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As Duo’s default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network.” ” reads the joint advisory. ” continues the analysis.

Accountability

Accountability Passwords Authentication Firmware

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Disable hyperlinks in received emails.

Education

Education Ransomware Phishing Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Use multifactor authentication where possible.

Ransomware

Ransomware Antivirus Passwords Malware

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws. “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities.

Firmware

Firmware VPN Firewall Risk

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

Below is the list of protection and recommendations recommended by the researchers: locate the affected products behind the security protection devices and perform a defense-in-depth strategy for network security. Try using secure VPN networks when remote access is required, and perform adequate access control and auditing.

Software

Software Manufacturing Firmware Risk

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

. • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. • Use multifactor authentication where possible.

Ransomware

Ransomware Encryption Passwords Malware

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

Require multi-factor authentication for remote access to OT and IT networks. Update software , including operating systems, applications, and firmware on IT network assets, in a timely manner. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.

Ransomware

Ransomware Healthcare Phishing Risk

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Use multi-factor authentication with strong pass phrases where possible.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. • Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Use multifactor authentication where possible. hard drive, storage device, the cloud).

Passwords

Passwords Government Firmware Accountability

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. “Prima Systems FlexAir, Versions 2.3.38

Backups

Backups Authentication Advertising Firmware

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Security Affairs

JANUARY 3, 2020

The other vulnerability is an information disclosure issue that could be exploited by an attacker to obtain a device’s VPN configuration file, potentially exposing sensitive information. Later, the vendor updated the advisory and included tens of D-Link DIR models in the list of vulnerable devices.

Advertising

Advertising Firmware VPN Authentication

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Use multi-factor authentication where possible.

Healthcare

Healthcare Ransomware Encryption Passwords

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

If such processes lack proper authentication steps, they could work as gateways for bigger problems. It can be prevented through the use of an online VPN. Even if a local network is completely secured and all IoT devices on it have firmware and software updated to the last version, a shadow IoT device can wreak havoc.

IoT

IoT Cybersecurity Manufacturing Internet

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware

Firmware Manufacturing Passwords Penetration Testing

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” reported the SektorCERT.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. reported the SektorCERT. “An

Firewall

Firewall Firmware Cyber Attacks VPN

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. link] [link] Have a software/firmware update mechanism. Cryptographic keys on the device or pod.

IoT

IoT Firmware Mobile Manufacturing

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Also Read: Remote Work Security | Top Priorities & Projects for 2021. The truth is that solutions like single sign-on (SSO) and multi-factor authentication (MFA) can spell disaster if initial access is all a malicious actor needs to traverse the network’s resources. Current Target: VBOS.

Software

Software Firmware DNS VPN

Cyber Security Informer

NSA, CISA release guidance on hardening remote access via VPN solutions

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Webinars

Trending Sources

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Webinars

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Zyxel addressed a critical RCE flaw in its NAS devices

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Daixin Team targets health organizations with ransomware, US agencies warn

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

FBI warns of increase in PYSA ransomware attacks targeting education

BlackCat Ransomware gang breached over 60 orgs worldwide

CISA is warning of vulnerabilities in GE Power Management Devices

Two critical flaws affect CODESYS ICS Automation Software

FBI published a flash alert on Mamba Ransomware attacks

US CISA and FBI publish joint alert on DarkSide ransomware

FBI warns of ransomware threat to food and agriculture

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

CISA warns of critical flaws in Prima FlexAir access control system

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Experts found backdoors in a popular Auerswald VoIP appliance

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

IoT Secure Development Guide

The Biggest Lessons about Vulnerabilities at RSAC 2021

Stay Connected