Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. “If only 153,414 devices on the internet are patched, that leaves 335,923 / 489,337 = 69% unpatched.”

Firewall 79

Firewall VPN Firmware Internet 79

Security Affairs

JUNE 27, 2023

Researchers at Censys have identified hundreds of devices deployed within federal networks that have internet-exposed management interfaces. The experts focused on roughly 1,300 of these hosts that were accessible online and discovered hundreds of devices with management interfaces exposed to the public internet.

Internet 74

Internet Internet Firewall Wireless 74

Security Affairs

SEPTEMBER 22, 2022

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. SecurityAffairs – hacking, mining).

Cryptocurrency 90

Cryptocurrency Internet Internet Hacking 90

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. Affected product series Patch available in Firewalls ATP series running firmware ZLD V4.60 Someone could for example change firewall settings to allow or block certain traffic. SecurityAffairs – hacking, Zyxel).

Firewall 137

Firewall VPN Firmware Passwords 137

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) SecurityAffairs – hacking, Zyxel). through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall 67

Firewall Firmware VPN Wireless 67

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall 80

Firewall VPN Passwords Internet 80

Security Affairs

JUNE 25, 2021

Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote attackers to execute arbitrary commands. The vulnerability in the management interface of FortiWeb firewall was discovered by Andrey Medov, from cybersecurity firm Positive Technologies.

Hacking 105

Hacking Firewall Authentication Technology 105

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. through ZLD V5.21 Patch 1 ZLD V5.30

Firewall 69

Firewall VPN Firmware Internet 69

SiteLock

OCTOBER 21, 2021

Some information security specialists confuse the concepts of WAF and NGFW. Let us start with the abbreviations that define the categories of information security products: WAF stands for Web Application Firewall , NGFW stands for Next Generation Firewall. We have an NGFW, do we need a WAF?"

Firewall 52

Firewall Information Security Penetration Testing Banking 52

Security Affairs

MAY 24, 2024

In this advisory, I aim to explore how implementing a specific security technological combination (TLS and DDNS) negatively influences the overall security, inadvertently creating opportunities for attackers to exploit weaknesses on a massive scale. For instance, suppose firewall manufacturer ACME Inc.

DNS 106

DNS Manufacturing Firewall Internet 106

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. “Claroty has privately disclosed details to Real Time Automation (RTA), informing the vendor of a critical vulnerability in its proprietary 499ES EtherNet/IP (ENIP) stack. .

Hacking 119

Hacking Firmware Internet Internet 119

SecureWorld News

SEPTEMBER 12, 2022

China's National Computer Virus Emergency Response Center (CVERC) recently made a statement accusing the United States National Security Agency (NSA) of repeatedly hacking the Northwestern Polytechnical University, a key public military research university located in Xi'an, China. stealing over 140GB of high-value data.

Hacking 86

Hacking Cyber Attacks Government Internet 86

Security Affairs

NOVEMBER 13, 2023

At the end of August, watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. The Juniper firewalls use the Appweb web server. The affected firewalls run FreeBSD, and every FreeBSD process can access their stdin by opening /dev/fd/0.

Firewall 108

Firewall Authentication Internet Internet 108

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet 87

Internet Internet Advertising Encryption 87

Security Affairs

DECEMBER 11, 2022

Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5 SecurityAffairs – hacking, newsletter ).

Firewall 87

Firewall Banking Hacking DDOS 87

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 97

Data breaches Social Engineering Malware Hacking 97

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. “Could this attack take place over the internet? Technically speaking, yes; however, it would be very unlikely to see a setup where a pump is directly internet-connected.” SecurityAffairs – hacking, B. The post B.

Hacking 103

Hacking Authentication Internet Internet 103

Security Affairs

MAY 29, 2024

The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors exploited the flaw to gain remote firewall access and breach corporate networks. The issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances.

VPN 92

VPN Authentication Passwords Accountability 92

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Your IP or Internet Protocol address is your digital identity on the internet. Cybercriminals are interested in hacking your IP address for various reasons.

Hacking 87

Hacking VPN Internet Internet 87

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 272

Government Hacking Cyber threats Mobile 272

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. According to the report, 11 companies were immediately compromised.

Firewall 96

Firewall Firmware Cyber Attacks VPN 96

eSecurity Planet

APRIL 7, 2023

However, when your DMZ network includes a proxy server, administrators also have the option to filter all internal internet usage through the DMZ. Also read: Network Protection: How to Secure a Network How DMZ Networks Work DMZ networks work through isolation, but first, through network segmentation.

Architecture 101

Architecture Firewall Network Security Technology 101

Security Affairs

NOVEMBER 14, 2023

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. According to the report, 11 companies were immediately compromised.

Cyber Attacks 104

Cyber Attacks Firmware Firewall VPN 104

Security Affairs

APRIL 3, 2022

Sophos Firewall affected by a critical authentication bypass flaw Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict Security Affairs newsletter Round 358 by Pierluigi Paganini Western Digital addressed a critical bug in My Cloud OS 5 CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog. And how to prevent it?

Firewall 73

Firewall Hacking DDOS VPN 73

Security Affairs

APRIL 28, 2024

Companies and Government Agencies ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices Israel Tried to Keep Sensitive Spy Tech Under Wraps.

Cybercrime 90

Cybercrime Spyware Data breaches Antivirus 90

Security Affairs

MARCH 3, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Private Plane Owners’ Data Linked to LA Intl. Private Plane Owners’ Data Linked to LA Intl. Private Plane Owners’ Data Linked to LA Intl.

Cybercrime 96

Cybercrime Retail Artificial Intelligence Hacking 96

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 83

Data breaches DDOS Backups Firewall 83

Security Affairs

APRIL 19, 2022

“It is recommended that your QNAP NAS stay behind your router and firewall without a public IP address. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Only use encrypted HTTPS or other types of secure connections (SSH, etc.). Pierluigi Paganini.

VPN 99

VPN Internet Internet Firewall 99

Security Affairs

NOVEMBER 9, 2023

The vulnerability impacts more than 2,000 organizations worldwide and over 54,000 SLP instances that are publicly exposed to the Internet, including VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types. Bitsight reported the flaw to the U.S. “To

Internet 98

Internet Internet Firewall Hacking 98

Security Affairs

MARCH 2, 2024

They dropped hidden payloads or used internet protocol (IP) scanning tools, such as Angry IP Scanner, to search for vulnerable Remote Desktop Protocol (RDP) ports or by leveraging RDP on Microsoft Windows environments. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, Phobos ransomware)

Ransomware 116

Ransomware Backups Healthcare Firewall 116

Security Affairs

AUGUST 22, 2021

The team focused its analysis on Windows Firewall and AppContainer that were designed by Microsoft to limit the attack surface of applications. “Recently I’ve been delving into the inner workings of the Windows Firewall. ” reads the security advisory published by Microsoft. ” wrote Forshaw.

Firewall 114

Firewall Internet Internet Hacking 114

Security Affairs

NOVEMBER 24, 2021

experts observed that one threat actor compromised 96% of the 80 Postgres honeypots that the researchers deployed, and all the instances were hacked within 30 seconds. Each firewall policy might block 600-3,000 known scanner IP addresses. SecurityAffairs – hacking, honeypot). Rocke , TeamTNT ).” Pierluigi Paganini.

Firewall 94

Firewall Internet Internet Hacking 94

Security Affairs

DECEMBER 14, 2020

Security experts from Cyble discovered that the details of 1.9 million members of the Chinese Communist Party were leaked on a hacking forum. SecurityAffairs – hacking, Chinese Communist Party). members of Chinese Communist Party Members leaked appeared first on Security Affairs. Pierluigi Paganini.

Data breaches 116

Data breaches Mobile Backups Firewall 116

Security Affairs

JANUARY 20, 2023

.’ The experts discovered a Windows and a Linux variant of BOLDMOVE, the latter was specifically designed to target FortiGate Firewalls. “This incident continues China’s pattern of exploiting internet facing devices, specifically those used for managed security purposes (e.g., firewalls, IPSIDS appliances etc.).

VPN 95

VPN Firewall Internet Internet 95

Security Affairs

JULY 22, 2023

Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. The researchers warned that as of May 19, there were at least 42,000 instances of Zyxel devices on the public internet. reads the alert published by Rapid7.

DDOS 93

DDOS Firmware VPN Firewall 93

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 100

VPN Cybercrime Ransomware Hacking 100

Security Affairs

OCTOBER 16, 2020

. “A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. “This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”

VPN 116

VPN Firewall Advertising Internet 116