Encryption, Information Security and VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

Malwarebytes

JANUARY 4, 2023

Synology has issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of Synology VPN Plus Server. VPN Plus Server. VPN Plus Server allows users to turn their Synology Router into a Virtual Rrivate Network (VPN) server. 0534 and 1.4.4-0635

VPN

VPN Internet Internet Engineering

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. RAPIDPULSE can serve as an encrypted file downloader for the attacker. and Europe.”

VPN

VPN Government Malware Hacking

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. We condemn the blocking of Tutanota. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts.

VPN

VPN Encryption Advertising Authentication

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

Make sure your connection is encrypted by looking for the padlock symbol or “https” in the address bar to the left of the website address. And avoid accessing sensitive information or making financial transactions while connected to public Wi-Fi. But they can also be a breeding ground for hackers.

VPN

VPN Passwords Scams Accountability

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

When you are typing the secret that you want to send, SharePass will calculate how secure it is. Based on those results, you might consider changing your password and use a more secure one. The messages you send are encrypted on the client side so the content is visible only by you and the recipient intended to read it.

VPN

VPN Passwords Encryption Mobile

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Each of the archives we were able to retrieve consists of a legitimate executable vulnerable to DLL search order hijacking, a malicious DLL that gets sideloaded by the executable when started, and an encrypted data file named agent.data.” ” reads the analysis published by SentinelOne. IP-based geolocation service.

VPN

VPN Malware Encryption Passwords

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware strain outstands for the use of encryption to protect the ransomware binary. This technique allows the encryptor to avoid detection. We are in the final!

Ransomware

Ransomware VPN Antivirus Encryption

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. The malware uses AES encryption for C2 communication, however, depending on the transmitted data, RSA may also be utilized.

Malware

Malware VPN Encryption Hacking

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware

Ransomware Encryption VPN Malware

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Encryption plays an integral role in securing the online data as well as its integrity. Final Thoughts.

Encryption

Encryption Cyber threats Ransomware Cybercrime

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.” ” reads the advisory published by the company.

VPN

VPN Encryption Authentication Hacking

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Not all providers are created equal, and it’s important to do your research to find one that will meet your specific needs and security requirements. Data encryption. In the cloud era, data encryption is more important than ever. It is also important to make sure that your data is encrypted both in motion and at rest.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

The agency released an executable along with a user manual that provides step-by-step instructions to recover encrypted data for free. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. The offset is stored in the encrypted file name of each file.

Ransomware

Ransomware Cybersecurity Encryption VPN

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. The best way to protect data in this way is to set up a corporate VPN (a virtual private network). VPNs allow employees to connect to the internet securely while hiding the company’s IP address.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 11, 2023

.” Adobe addressed the vulnerability in January 2023 and PoC exploit code for this issue is available online.

VPN

VPN Encryption Hacking Risk

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

The volume of exposed data about the DTC drivers is impressive, as the database includes: Driving license number Work permit number Nationality Username Encrypted password Phone number According to the team, the MongoDB instance contained conversations with support totaling over 17K records, as well as complaints from customers.

VPN

VPN Accountability Banking Marketing

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Authentication

QNAP will patche OpenSSL flaws in its NAS devices

Security Affairs

SEPTEMBER 1, 2021

The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. Moderate Ongoing VPN Plus Server Important Ongoing VPN Server Moderate Ongoing. credentials) in the heap while the issue is exploited. reads the advisory published by the company.

VPN

VPN Encryption Hacking Internet

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Advertising

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware

Ransomware DDOS Passwords Backups

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Only use encrypted HTTPS or other types of secure connections (SSH, etc.).

VPN

VPN Internet Internet Firewall

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Encryption VPN Backups

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs

DECEMBER 10, 2022

The ransomware encrypts the network shares, that are found on the local network and the local drives, with the AES algorithm. The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. The malware changes the extension of the encrypted files to ‘.royal’.

Healthcare

Healthcare Ransomware Encryption Malware

Security Affairs newsletter Round 396

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware

Spyware Data breaches VPN Hacking

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

VPN

VPN Surveillance Advertising Ransomware

NetWORK: Redefining Network Security

Cisco Security

MAY 17, 2021

Among the most consequential is Secure Firewall Threat Defense 7.0, We’ve increased throughput by up to 30%—across enabled AVC, IPS, and VPN services—for the majority of Cisco Secure Firewalls. Today, we’re also announcing a new way forward: NetWORK security. Announcing the new Cisco Secure Firewall Cloud Native.

Network Security

Network Security Firewall VPN Encryption

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

The attack chain begins with attacks to internet-facing systems via Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) using legitimate credentials. Then the malware perform a scan in local directories and network shares for content to encrypt. The copy is then deleted and an executable is unpacked in memory.

Ransomware

Ransomware Encryption Malware VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Trending Sources

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

APT hacked a US municipal government via an unpatched Fortinet VPN

China-linked APT groups targets orgs via Pulse Secure VPN devices

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Fortinet VPN with default certificate exposes 200,000 businesses to hack

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

New Hive ransomware variant is written in Rust and use improved encryption method

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Russian govn blocked Tutanota service in Russia to stop encrypted communication

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Akira ransomware received $42M in ransom payments from over 250 victims

Protecting Your Digital Identity: Celebrating Identity Management Day

The Best Ways to Secure Communication Channels in The Enterprise Environment

Who and What is Behind the Malware Proxy Service SocksEscort?

Bronze Starlight targets the Southeast Asian gambling sector

New CACTUS ransomware appeared in the threat landscape

Everyday Threat Modeling

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Black Kingdom ransomware is targeting Microsoft Exchange servers

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Some Synology products impacted by recently disclosed OpenSSL flaws

15 Cybersecurity Measures for the Cloud Era

Korean cybersecurity agency released a free decryptor for Hive ransomware

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

FBI published a flash alert on Mamba Ransomware attacks

Dubai’s largest taxi app exposes 220K+ users

LockBit Ransomware operators hit Swiss helicopter maker Kopter

QNAP will patche OpenSSL flaws in its NAS devices

The Russian Government blocked ProtonMail and ProtonVPN

Daixin Team targets health organizations with ransomware, US agencies warn

Avoslocker ransomware gang targets US critical infrastructure

FIN8-linked actor targets Citrix NetScaler systems

QNAP users are recommended to disable UPnP port forwarding on routers

FBI issued an alert on Ragnar Locker ransomware activity

US HHS warns healthcare orgs of Royal Ransomware attacks

Security Affairs newsletter Round 396

Security Affairs newsletter Round 286

NetWORK: Redefining Network Security

Hades ransomware gang targets big organizations in the US

Stay Connected