Firewall, Government and VPN - Cyber Security Informer

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Firewall

Firewall Government VPN Authentication

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

5 common VPN myths busted

Malwarebytes

MARCH 11, 2021

Virtual Private Networks ( VPN s) are popular but often misunderstood. VPNs are for illegal activity. Some people think that VPNs are only useful for doing things like torrenting, accessing geo-locked content, or getting around work/school/government firewalls. I don’t need a mobile VPN.

VPN

VPN Encryption Mobile Surveillance

How To Set Up a Firewall in 8 Easy Steps + Best Practices

eSecurity Planet

APRIL 30, 2024

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Verify that the chosen firewall can meet your security standards and functions.

Firewall

Firewall Architecture Firmware Risk

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Security Affairs

JANUARY 20, 2023

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. firewalls, IPSIDS appliances etc.).

VPN

VPN Firewall Internet Internet

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN

VPN Firewall Advertising Media

The strengths and weaknesses of different VPN protocols

Security Affairs

APRIL 26, 2019

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. However, the speed comes at the cost of encryption.

VPN

VPN Encryption Firewall Internet

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk VPN Internet Internet

Dark Pink APT Group Strikes Government Entities in South Asian Countries

Security Boulevard

MARCH 10, 2023

Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. Analysts assess the content of the decoy documents is designed to target government entities in ASEAN countries.

Government

Government Malware Encryption Passwords

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA).

VPN

VPN Software Firewall Authentication

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities VPN Manufacturing Firewall

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

JULY 30, 2021

Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted: one bad, one good.

VPN

VPN Firewall Encryption Accountability

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

Attackers also use to exploit the Kentico Content Management System (CVE-2019-10068) and used SQLmap to bypass Web Application Firewalls. . Government experts also attempt to enable Remote Desktop Protocol (RDP) on victim machines or to bruteforce existing RDP accesses. Follow me on Twitter: @securityaffairs and Facebook.

VPN

VPN Cybercrime Passwords Firewall

NSA, CISA Release Guidance for Choosing and Hardening VPNs

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN

VPN Authentication Passwords Software

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Small Business

Small Business Technology VPN Manufacturing

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Telecommunications Technology Government

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Manufacturing Healthcare Education

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

In July, Ivanti’s Endpoint Manager Mobile (EPMM) saw the vulnerability CVE-2023-35078, exploited by threat actors who spied on the Norwegian government, and earlier this month Tenable researchers discovered vulnerability CVE-2023-32560, which affects Ivanti’s Avalanche supply chain device management solution.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

In July, Ivanti’s Endpoint Manager Mobile (EPMM) saw the vulnerability CVE-2023-35078, exploited by threat actors who spied on the Norwegian government, and earlier this month Tenable researchers discovered vulnerability CVE-2023-32560, which affects Ivanti’s Avalanche supply chain device management solution.

VPN

VPN Authentication Mobile Firewall

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Security Affairs newsletter Round 320

Security Affairs

JUNE 27, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. thousand servers are still vulnerable Mercedes-Benz data breach impacted roughly 1000 individuals Microsoft: Russia-linked SolarWinds hackers breached three new entities.

Ransomware

Ransomware VPN Firewall Hacking

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Accountability

Accountability VPN Manufacturing Firewall

Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

eSecurity Planet

MARCH 27, 2023

.” The three activity sets included a campaign against the Philippine government between March and May 2022; a campaign against telecommunications and business service providers in South Asia in April 2022; and a campaign against organizations in Belarus and Russia in May 2022.

Firewall

Firewall Internet Internet Telecommunications

Is Cisco’s Acquisition of Splunk a Shade of Brilliance or Madness?

Security Boulevard

OCTOBER 16, 2023

In cybersecurity, Cisco invested early in IPS, Firewall, VPN, and endpoint security; they produced exceptional results. A significant component of this is the emergence of artificial intelligence and machine learning to become embedded across every aspect of the enterprise, service provider, and government systems.

Artificial Intelligence

Artificial Intelligence Identity Theft Marketing Wireless

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

There are people moving to “next-gen” firewalls (a great innovation of 2005) in 2022. To further illustrate this point, one of the innovations sandbox participants showed the slide that mentioned that the VPN market alone today is larger than the entirety of all cloud security markets, defined broadly and loosely, and then rounded upwards.

VPN

VPN Marketing Firewall Passwords

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

According to the CISA’s report , Iranian hackers from an unnamed APT group are employing several known web shells, in attacks on IT, government, healthcare, financial, and insurance organizations across the United States. The malware used by the threat actors includes the ChunkyTuna, Tiny, and China Chopper web shells.

VPN

VPN Passwords Advertising Password Management

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. and foreign government organizations. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.”

Ransomware

Ransomware VPN Cybercrime Advertising

COVID-19: A guide to securing your remote workforce

SiteLock

AUGUST 27, 2021

Use a VPN to Protect Online Communications. With this new mobility, organizations should make it a requirement for all employees to use a virtual private network (VPN) on their work devices, ensuring company assets and communications are secure. Top 3 online security tips for remote workers.

VPN

VPN Scams Mobile Education

Learning from the Oldsmar Water Treatment Attack to Prevent Critical Infrastructure Breaches

CyberSecurity Insiders

APRIL 1, 2021

After an investigation of the Oldsmar incident, it was revealed that the hacker was able to gain access because the computer system was using an unsupported version of Windows with no firewall. Despite being discovered and stopped, the incident amplified the discussion on how the government and private sector can prevent these attacks.

Passwords

Passwords VPN Data breaches Accountability

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM. Consider using it for high value accounts such as Domain Admins when possible.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Is The Cost Of Predictive Cyber Security Worth The Investment?

Security Boulevard

MAY 12, 2022

The Livingston firewall rapidly became replaced with Checkpoint running on Windows NT server, (Stop laughing, I actually set one up once). Cisco came to market with the PIX firewall, Netscreen came to market with the ASIC based firewall, and suddenly, security had a voice. Critical — Secure EDP/VPN access- (Predictive).

Cyber Insurance

Cyber Insurance Insurance Marketing Firewall

ITHC (IT Health Check) and PSN compliance: an overview and considerations

IT Security Guru

JUNE 22, 2021

Just to make sure we’re all up to speed, the PSN (Public Services Network) is a UK government network which was established to enable public-sector organizations to share resources easily. Any systems you have in place to allow staff to connect into your organisation remotely, including VPN. PSN compliance. External systems.

Passwords

Passwords Authentication Wireless Government

The War in Technology: A Digital Iron Curtain Goes Up

SecureWorld News

MARCH 10, 2022

It's probably best to think of it as a second Great Firewall—which severely limits what content goes in and out of Russia—rather than a "Runet" as some have called it. Of course, people in Russia who can convince the Internet they aren't in Russia can still access these services through use of a VPN—a virtual private network.

Technology

Technology Internet Internet Telecommunications

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

Thus, it would be best if you secured all networks by incorporating firewalls and advanced encryption technology. If you have to work remotely, avoid using public Wi-Fi and activate a VPN (Virtual Private Network). But since it is a cumbersome process, business owners can implement strict policies that govern data access and use.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Trending CVEs for the Week of March 4th, 2019

NopSec

MARCH 6, 2019

Since our last week’s post, security firm Cloudflare has detailed how they developed and deployed a Web Application Firewall (WAF) rule to detect those attackers. Affected Products Cisco RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 Cisco RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45

Wireless

Wireless VPN Small Business Firewall

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. and foreign government organizations. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.”

Ransomware

Ransomware VPN Cybercrime Advertising

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

There are people moving to “next-gen” firewalls (a great innovation of 2005) in 2022. To further illustrate this point, one of the innovations sandbox participants showed the slide that mentioned that the VPN market alone today is larger than the entirety of all cloud security markets, defined broadly and loosely, and then rounded upwards.

VPN

VPN Marketing Firewall Passwords

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

This article will explore the nature of MSSPs and how they can help businesses, nonprofits, governments, and other organizations have better security with less effort. Managed firewall services setup, configure, and maintain physical or virtual firewall appliances and then monitor alerts to respond to threats detected by the firewall.

Telecommunications

Telecommunications Firewall Penetration Testing Cybersecurity

ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. to gain access to ICS VPN appliances. Zero trust is a fundamentally different architecture than those built upon firewalls and VPNs.

VPN

VPN Risk Architecture Firewall

IT threat evolution Q1 2024

SecureList

JUNE 3, 2024

The code and networking IoCs (Indicators of Compromise) overlap with the Windows samples described by ESET that were used in attacks against government entities in Guyana.

Banking

Banking Malware Computers and Electronics Mobile

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Webinars

Trending Sources

NSA, CISA release guidance on hardening remote access via VPN solutions

Webinars

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

5 common VPN myths busted

How To Set Up a Firewall in 8 Easy Steps + Best Practices

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

The strengths and weaknesses of different VPN protocols

CISA Order Highlights Persistent Risk at Network Edge

Dark Pink APT Group Strikes Government Entities in South Asian Countries

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

NSA, CISA Release Guidance for Choosing and Hardening VPNs

China-linked APT Volt Typhoon linked to KV-Botnet

FBI chief says China is preparing to attack US critical infrastructure

FBI and CISA warn of attacks by Rhysida ransomware gang

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs newsletter Round 320

China-linked APT Volt Typhoon targets critical infrastructure organizations

Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

Is Cisco’s Acquisition of Splunk a Shade of Brilliance or Madness?

RSA 2022 Musings: The Past and The Future of Security

US CISA report shares details on web shells used by Iranian hackers

NetWalker ransomware operators have made $25 million since March 2020

COVID-19: A guide to securing your remote workforce

Learning from the Oldsmar Water Treatment Attack to Prevent Critical Infrastructure Breaches

Microsoft Targets Critical Outlook Zero-Day Flaw

Is The Cost Of Predictive Cyber Security Worth The Investment?

ITHC (IT Health Check) and PSN compliance: an overview and considerations

The War in Technology: A Digital Iron Curtain Goes Up

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Trending CVEs for the Week of March 4th, 2019

NetWalker ransomware operators have made $25 million since March 2020

RSA 2022 Musings: The Past and The Future of Security

What is a Managed Security Service Provider? MSSPs Explained

ThreatLabz Coverage Advisory: Ivanti’s VPN Vulnerabilities Exploited by Hackers, New Zero-Days Pose Critical Risk

IT threat evolution Q1 2024

Stay Connected