Backdoor in Zyxel Firewalls and Gateways

Schneier on Security

This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. […].

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Great Firewall Report experts revealed that recent versions of Shadowsocks (3.3.1 and earlier) could bypass the firewall.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

What is a Personal Firewall?

ZoneAlarm

Firewalls are a term many know as protective of their computers from cyberattacks, but not many know what they do and why they need it (if at all). Data Privacy Data Protection Firewall Network Security Online Privacy Online Safety PC security

Save time with Dynamic Attributes for Cisco Secure Firewall

Cisco Retail

The shift of applications and the associated security controls within dynamic cloud environments create challenges for firewall teams to keep up with security requirements. Secure Firewall Threat Defense 7.0 Dynamic Objects Configuration Guide for Firewall Management Center (FMC).

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

Today, Zyxel acknowledged the same flaw is present in many of its firewall products. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity.

Back to the Future of Firewall

Cisco Retail

As a network and workload security strategy leader, I spend a lot of time thinking about the future of the good old network firewall. Spoiler alert: I’m not going to join the cool club of pronouncing the firewall dead. Insert Your Firewall Here. Read Me First.

What Does A Web Application Firewall Do?

SiteLock

A web application firewall (WAF) can help. What does a web application firewall do? Unlike a classic firewall working at the network level, a WAF protects you at the application level. […]. The post What Does A Web Application Firewall Do? Web Application Firewall

Bot protection now generally available in Azure Web Application Firewall

Bleeping Computer

Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week. [.].

A New Way of Firewalling with Cisco Secure Firewall Cloud Native

Cisco Retail

With application environments becoming dynamic, there is a desperate need for security tooling, including firewalls, to do the same. Whether on-premises or in public or private clouds, Secure Firewall Cloud Native empowers NetOps and SecOps teams to run at DevOps speed.

What Is The Benefit Of A Web Application Firewall?

SiteLock

Now that you know all about web application firewalls (WAFs), you may be wondering: What is the benefit of a web application firewall? The post What Is The Benefit Of A Web Application Firewall? Web Application Firewall

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. “It was designed to download payloads intended to exfiltrate XG Firewall-resident data.

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

The Hacker News

Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers.

Secure and Save with Cisco Secure Firewall Threat Defense Virtual

Cisco Retail

Organizations rely on Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv), Cisco’s proven network firewall with IPS, URL filtering, and malware defense that protects virtualized environments in private and public clouds. Security Cisco Secure Firewall network security

Building a scalable RAVPN architecture in Oracle Cloud Infrastructure using Cisco Secure Firewall

Cisco Retail

With Cisco Secure Firewall, organizations are able to build a scalable RAVPN architecture on OCI, providing employees secure remote access to their organization’s resources from any location or endpoint. Design 1 – Load balance RAVPN sessions to multiple firewalls using OCI DNS service.

Top Next-Generation Firewall (NGFW) Vendors

eSecurity Planet

Cloud features – like public cloud support, CASB and cloud workload protection – and cloud-based management have also grown in importance, and Firewalls as a Service (FWaaS) are catching on too. For more on Palo Alto, see our writeup on the PA Series firewalls.

Cisco Secure Firewall insertion using Cisco cAPIC in Azure

Cisco Retail

Traditional firewall integration in on-prem Data Centers. ILB load balances traffic from the consumer EPGs to the internet through multiple Cisco Secure Firewalls (NGFWv). The above network topology depicts Cisco Secure Firewall in the hub VNET (overlay 2) in Azure.

Resolve network security issues efficiently with the Firewall Analyzer-ServiceDesk Plus integration

Security Boulevard

ManageEngine Firewall Analyzer reviews firewall logs to capture network security threats. The post Resolve network security issues efficiently with the Firewall Analyzer-ServiceDesk Plus integration appeared first on ManageEngine Blog. Security Bloggers Network Firewall Analyze

Scalable Security with Cisco Secure Firewall Cloud Native

Cisco Retail

This is where Cisco Secure Firewall Cloud Native (SFCN) comes in. Cisco Secure Firewall Cloud Native brings together the benefits of Kubernetes and Cisco’s industry-leading security technologies, providing a resilient architecture for infrastructure security at scale.

Cisco Supports Secure Firewall Threat Defense Virtual on Nutanix AHV

Cisco Retail

Today, Cisco is giving you that power by expanding the support of Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv) to Nutanix AHV. If you are already taking advantage of Secure Firewall Thread Defense Virtual, you can now run your appliance in Nutanix AHV.

How To Turn Off A Web Application Firewall: What You Need To Know

SiteLock

A web application firewall (WAF) is a powerful tool for protecting your website or web applications against hackers, bots, and other malicious visitors. The post How To Turn Off A Web Application Firewall: What You Need To Know appeared first on The SiteLock Blog.

Cisco SecureX with Secure Firewall: More Value Than Ever

Cisco Retail

Cisco Secure Firewall protects hundreds of thousands of networks and Snort IPS has over a million deployments around the world. With the Firewall Threat Defense 7.0 sxo-05-security-workflows/workflows/secure-firewall/.

Crowdstrike Firewall Management Product Review

eSecurity Planet

Crowdstrike’s Firewall Management platform is a host firewall tool that centralizes defense against malware threats. A number of à la carte features like firewall management, EDR, and IT hygiene can be bundled as a scalable Pro, Enterprise, or Premium package.

Achieving PCI DSS Compliant Firewalls within a Small Business

Security Boulevard

The most important and integral part of any data security begins with having firewalls installed in the environment. Not just that, installing firewalls is an essential requirement of the Payment Card Industry Data Security Standard (PCI DSS ). What is a PCI DSS Compliant Firewall?

Survey Uncovers High Level of Concern Over Firewalls

Dark Reading

More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology

BSides Vancouver 2021 – Petr McAllister’s ‘How To Secure Microservices Without Traditional Firewall’

Security Boulevard

The post BSides Vancouver 2021 – Petr McAllister’s ‘How To Secure Microservices Without Traditional Firewall’ appeared first on Security Boulevard.

Cloudflare introduces SD-WAN- and firewall-as-a-service offerings

Tech Republic Security

In a bid to replace MPLS circuits and SD-WAN appliances, Cloudflare has introduced Magic WAN and Magic Firewall and partnerships with VMware, Aruba, Digital Realty, CoreSite and EdgeConneX

Attackers Target Sophos Firewalls with Zero-Day

Dark Reading

Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices

Building the Human Firewall

Dark Reading

Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what

Cisco Secure Firewall Threat Defense Virtual now supported on Cisco HyperFlex

Cisco Retail

Today, we are driving simplified security to your hyperconverged infrastructure (HCI), delivering support for Cisco Secure Firewall Threat Defense Virtual (formerly FTDv/NGFWv) on Cisco HyperFlex. Cisco Secure Firewall Threat Defense Virtual for Private Cloud.

Secure Workload and Secure Firewall – Unified Segmentation

Cisco Retail

host-based firewalls) or by a device that sits in the network (e.g., network firewalls or cloud provider security groups). 2) Firewall Management Center (FMC). 3) Firewall Threat Defense (FTD). Some questions may never be answered: Tea or Coffee? Cricket or Baseball?

Eight Common OT / Industrial Firewall Mistakes

Threatpost

Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.

Perimeter 81 launches new Firewall-as-a-Service offering

Tech Republic Security

The network defense provider joins a growing list of companies offering cloud-based firewalls

Firewall Vendor Patches Critical Auth Bypass Flaw

Threatpost

Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users. Vulnerabilities Web Security

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

The Last Watchdog

So we don’t break anything or leave too many things open, like a firewall might do.” Disrupting firewalls Gurvich makes no bones about the fact that Guardicore has set out to disrupt a portion of the $9 billion firewall market.

SonicWall bug that affected 800K firewalls was only partially fixed

Bleeping Computer

New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched.

Next-Gen Firewalls 101: Not Just a Buzzword

Dark Reading

In a rare twist, "next-gen" isn't just marketing-speak when it comes to next-gen firewalls, which function differently than traditional gear and may enable you to replace a variety of devices

Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks

Security Boulevard

The post Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from “Dependency Confusion” Attacks appeared first on Security Boulevard. Security Bloggers Network dependency confusion FEATURED Nexus Firewall Nexus Repository Product

Introducing MVISION Cloud Firewall – Delivering Protection Across All Ports and Protocols

McAfee

Architected for the cloud-first and remote-first deployments, MVISION Cloud Firewall secures access to applications and resources on the internet, accessed from every remote site and location, through a cloud-native service model. Wherever networks went, firewalls followed.

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

Bleeping Computer

The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. [.]. Fortinet has fixed multiple severe vulnerabilities impacting its products.

US Power Grid Cyberattack Due to Unpatched Firewall: NERC

Dark Reading

A firewall vulnerability enabled attackers to repeatedly reboot the victim entity's firewalls, causing unexpected outages

Zyxel Firewalls and VPN Servers: Victims of a New Cyberattack

Heimadal Security

Cybercriminals’ focus stays on the Zyxel firewalls and VPN products. Have Only Zyxel Firewalls and VPN Been Compromised? The post Zyxel Firewalls and VPN Servers: Victims of a New Cyberattack appeared first on Heimdal Security Blog.

VPN 64

Hackers Mount Zero-Day Attacks on Sophos Firewalls

Threatpost

A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan. Vulnerabilities Web Security asnarok trojan Attacks cyberattack Data Stealing Sophos sql injection vulnerability xg firewall zero day

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password. “A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6