Authentication, Hacking, Information Security and VPN

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN

VPN Firewall Authentication Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. It does not have ANY authentication.

VPN

VPN Education Authentication Engineering

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. The statement reveals that one of the two hacking groups was a China-linked cyber espionage group. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure.

VPN

VPN Authentication Software Malware

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. ” concludes the bulletin.

Authentication

Authentication VPN Phishing Hacking

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances.

VPN

VPN Authentication Hacking Information Security

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware

Ransomware Hacking VPN Phishing

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Security Affairs

MAY 25, 2021

A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated attacker to execute arbitrary code with elevated privileges.

VPN

VPN Authentication Hacking Software

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Sophos Firewall affected by a critical authentication bypass flaw

Security Affairs

MARCH 27, 2022

Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. “An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. .”

Firewall

Firewall Authentication VPN Hacking

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Around 19,500 end-of-life Cisco routers are exposed to hack

Security Affairs

JANUARY 21, 2023

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). reads the advisory published by the company.

Hacking

Hacking Small Business VPN Internet

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. SecurityAffairs – hacking, Fortinet).

VPN

VPN Firewall Authentication Internet

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

Cisco addressed severe flaws in its Secure Client

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

VPN

VPN Authentication Hacking Information Security

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking

Hacking VPN Ransomware Authentication

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

The threat actor compromised network administrator credentials through the account of a former employee that was used to successfully authenticate to an internal virtual private network (VPN) access point. Neither of the two administrative accounts had multifactor authentication (MFA) enabled.

Government

Government VPN Accountability Authentication

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Government Authentication Cybersecurity

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Avoid entering any data if you see a warning message about a site’s authenticity. Most browsers will alert you if a site isn’t secure. Also, consider using a Virtual Private Network (VPN) to encrypt your data and make it unreadable to hackers. Be cautious if you see two Wi-Fi networks with similar names.

DNS

DNS VPN Encryption Passwords

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” ” concludes the report.

Hacking

Hacking VPN Marketing Authentication

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

CVE-2023-6398 – A post-authentication command injection vulnerability in the file upload binary in some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP. Patch 1 ZLD V4.32 Patch 1 ZLD V5.10 Patch 1 ZLD V4.32

Firewall

Firewall VPN Authentication Hacking

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. X-Force discovered the campaign while conducting an incident response activity for a client that had reported slow authentications on the NetScaler install.

VPN

VPN Authentication Cyber Attacks Passwords

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Firewall

Firewall Government VPN Authentication

Multiple Sage X3 vulnerabilities expose systems to hack

Security Affairs

JULY 8, 2021

Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 Medium) Update available CVE-2020-7389 CWE-306 Missing Authentication for Critical Function in Developer Environment in Syracuse 5.5 SecurityAffairs – hacking, SAGE). Pierluigi Paganini.

Hacking

Hacking Authentication VPN Software

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. SecurityAffairs – CVE-2019-14899 , hacking). Pierluigi Paganini.

VPN

VPN Encryption Advertising Authentication

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. ” reads a post published by the organization on Medium.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

A new malware named Cuttlefish targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data. The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources.

Malware

Malware DNS Authentication Telecommunications

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 4.73, VPN series firmware versions 4.60 The company also fixed a high-severity post-authentication command injection issue ( CVE-2023-27991 , CVSS score: 8.8)

Firewall

Firewall Firmware VPN Authentication

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Security Affairs

JUNE 12, 2023

The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. This is reachable pre-authentication, on every SSL VPN appliance. “The flaw would allow a hostile agent to interfere via the VPN, even if the MFA is activated.” Patch your #Fortigate. .

Firewall

Firewall VPN Authentication Media

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

VPN

VPN Software Firewall Authentication

New TunnelVision technique can bypass the VPN encapsulation

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Webinars

Trending Sources

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Webinars

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Multiple malware used in attacks exploiting Ivanti VPN flaws

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Fortinet VPN with default certificate exposes 200,000 businesses to hack

NSA, CISA release guidance on hardening remote access via VPN solutions

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Zyxel firewall and VPN devices affected by critical flaws

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Cisco was hacked by the Yanluowang ransomware gang

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Sophos Firewall affected by a critical authentication bypass flaw

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Around 19,500 end-of-life Cisco routers are exposed to hack

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Akira ransomware targets Finnish organizations

Okta warns of unprecedented scale in credential stuffing attacks on online services

Cisco addressed severe flaws in its Secure Client

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

U.S. CISA: hackers breached a state government organization

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Akira ransomware targets Finnish organizations

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Hackers can hack organizations using data found on their discarded enterprise network equipment

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Zyxel fixed four bugs in firewalls and access points

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Multiple Sage X3 vulnerabilities expose systems to hack

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Cuttlefish malware targets enterprise-grade SOHO routers

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Stay Connected