Security Affairs

JANUARY 12, 2024

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. ” reads the advisory published by the vendor. “This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory.”

Firewall 109

Firewall Hacking Software Information Security 109

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. On March 25, Sophos announced to have fixed the authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall.

Firewall 127

Firewall DNS Authentication Malware 127

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. The security firm reported that this vulnerability is being used in attacks against a small set of specific organizations, primarily in South Asia. reads the advisory. “A reads the advisory.

Firmware 92

Firmware Firewall Internet Internet 92

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks.

Firewall 105

Firewall Government VPN Authentication 105

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. critical severity score of 9.8)

Firewall 96

Firewall VPN Authentication Hacking 96

Security Affairs

DECEMBER 9, 2022

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. the report concludes. Pierluigi Paganini.

Firewall 135

Firewall Wireless IoT Hacking 135

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Follow me on Twitter: @securityaffairs and Facebook.

Firewall 122

Firewall VPN Authentication Cyber Attacks 122

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices.

Firewall 93

Firewall Firmware VPN DDOS 93

CyberSecurity Insiders

JUNE 20, 2023

The terms computer security, information security and cybersecurity were practically non-existent in the 1980s, but believe it or not, firewalls have existed in some form since that time. But what sets NGFWs apart from traditional firewalls? NGFWs offer several advantages over traditional firewalls.

Firewall 76

Firewall Network Security Architecture Digital transformation 76

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall 145

Firewall Passwords Accountability Advertising 145

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. and impacts Sophos Firewall versions 18.5

Firewall 88

Firewall Authentication VPN Hacking 88

Security Affairs

DECEMBER 6, 2022

Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. The post Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Firewall 99

Firewall Wireless VPN Hacking 99

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall 80

Firewall VPN Authentication Hacking 80

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 95

Firewall Firmware VPN Authentication 95

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. ” reads the advisory.

Firewall 85

Firewall VPN Authentication Media 85

Security Boulevard

MAY 6, 2021

The most important and integral part of any data security begins with having firewalls installed in the environment. Not just that, installing firewalls is an essential requirement of the Payment Card Industry Data Security Standard (PCI DSS ). What is a PCI DSS Compliant Firewall? Requirements. Description.

Small Business 100

Small Business Firewall Wireless Internet 100

Security Affairs

MARCH 30, 2022

SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. The vulnerability impacts 31 different Firewall devices running versions 7.0.1-5050 SecurityAffairs – hacking, Firewall). ” reads the advisory published by SonicWall. Pierluigi Paganini.

Firewall 86

Firewall Hacking Information Security 86

Security Affairs

JANUARY 31, 2021

Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it.

Firewall 137

Firewall Surveillance Internet Internet 137

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997.

Firewall 85

Firewall VPN Firmware Internet 85

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall 83

Firewall Authentication Hacking Cybersecurity 83

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. Affected product series Patch available in Firewalls ATP series running firmware ZLD V4.60 Someone could for example change firewall settings to allow or block certain traffic. Patch1 in Dec. Patch1 in Dec. Patch1 in Dec.

Firewall 139

Firewall VPN Firmware Passwords 139

Security Affairs

MARCH 29, 2022

Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed an authentication bypass vulnerability, tracked as CVE-2022-1040 , that resides in the User Portal and Webadmin areas of Sophos Firewall. and impacts Sophos Firewall versions 18.5

Firewall 67

Firewall Authentication Hacking Cybersecurity 67

SiteLock

AUGUST 27, 2021

A web application firewall — also known as a WAF — is basically a website’s gatekeeper. These bad bots visit websites for negative purposes — crawling a site’s code in search of security vulnerabilities, for instance. And a web application firewall is your first line of defense to ward off attackers.

Small Business 98

Small Business Firewall Retail Encryption 98

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook.

Firewall 73

Firewall Firmware VPN Wireless 73

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 111

VPN Firewall Firmware Authentication 111

Security Affairs

FEBRUARY 5, 2021

Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. . Pierluigi Paganini.

Firewall 116

Firewall System Administration Technology Hacking 116

SiteLock

OCTOBER 21, 2021

Some information security specialists confuse the concepts of WAF and NGFW. Let us start with the abbreviations that define the categories of information security products: WAF stands for Web Application Firewall , NGFW stands for Next Generation Firewall. We have an NGFW, do we need a WAF?"

Firewall 52

Firewall Information Security Penetration Testing Banking 52

Security Affairs

JUNE 13, 2023

BleepingComputer reported that searching for Fortigate firewalls exposed online there are more than 250K installs worldwide , most of them in the US. The issue impacts at least: FortiOS-6K7K version 7.0.10 FortiOS-6K7K version 7.0.5 FortiOS-6K7K version 6.4.12 FortiOS-6K7K version 6.4.10 FortiOS-6K7K version 6.4.8 FortiOS-6K7K version 6.4.6

Firewall 86

Firewall VPN Firmware Manufacturing 86

Security Boulevard

NOVEMBER 17, 2022

The post BSidesKC 2022 – Reanna Schultz’ ‘Training The Human Firewall’ appeared first on Security Boulevard. Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel.

Firewall 52

Firewall Education Information Security Cybersecurity 52

Security Affairs

JULY 16, 2020

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. The post Cisco fixes 5 critical flaws that could allow router firewall takeover appeared first on Security Affairs.

Firewall 91

Firewall Small Business Wireless Authentication 91

Security Boulevard

JULY 21, 2021

The post BSides Vancouver 2021 – Petr McAllister’s ‘How To Secure Microservices Without Traditional Firewall’ appeared first on Security Boulevard. Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel.

Firewall 98

Firewall Education InfoSec Information Security 98

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall 81

Firewall VPN Passwords Internet 81

Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. Pierluigi Paganini.

Firewall 75

Firewall VPN Firmware Internet 75

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . Pierluigi Paganini.

Firewall 90

Firewall Authentication VPN Advertising 90

Security Boulevard

NOVEMBER 7, 2023

Permalink The post DEF CON 31 – Alex’s ‘Meduza – Exiled Pirate Media Outlet Breaks Thru The Kremlin Propaganda Firewall’ appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Firewall 49

Firewall Media Architecture Education 49

eSecurity Planet

FEBRUARY 21, 2024

A circuit-level gateway (CLG) is a firewall feature that acts as a proxy and filters packets based on session information. CLGs are important because they provide specialized security filtering and prevent the discovery of IP addresses and open ports on CLG-protected devices.

Firewall 92

Firewall DDOS Architecture Cybersecurity 92

Security Affairs

MARCH 18, 2024

A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrange’s Malware Scanner as part of the company Bug Bounty initiative Extravaganza.

Firewall 96

Firewall Malware Passwords Hacking 96