Firmware, Hacking and VPN - Cyber Security Informer

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

Security Affairs

DECEMBER 8, 2020

An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. SecurityAffairs – hacking, D-Link).

VPN

VPN Hacking Firmware Authentication

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Zyxel fixes a critical bug in its business firewall and VPN devices

Security Affairs

APRIL 1, 2022

Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. Patch 1 VPN ZLD V4.30

Firewall

Firewall VPN Firmware Authentication

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. Cisco has addressed the flaw with the release of firmware version 1.0.01.02

VPN

VPN Small Business Wireless Firmware

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. ” continues the researchers.

VPN

VPN Government Advertising Firmware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware. ” ASUS added.

Firmware

Firmware VPN Wireless Passwords

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” s Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China-linked APT) ” continues the report.

Malware

Malware Firmware VPN Backups

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. ” reads the advisory published by Zyxel.

Firmware

Firmware Firewall Authentication VPN

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

” When security experts began raising the alarm about a possible zero-day in Barracuda’s products, the Chinese hacking group altered their tactics, techniques and procedures (TTPs) in response to Barracuda’s efforts to contain and remediate the incident, Mandiant found. “Patch your #Fortigate.” ”

Risk

Risk VPN Internet Internet

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. ” reads the advisory.

DNS

DNS Hacking Firmware Wireless

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

All the affected models have a patched firmware available for download on the vendor’s website.” SecurityAffairs – hacking, DrayTek Vigor). The post Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Internet Internet Passwords

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The most common issues discovered by the experts were outdated Linux kernel in the firmware, outdated multimedia and VPN functions, presence of hardcoded credentials, the use of insecure communication protocols and weak default passwords. SecurityAffairs – hacking, routers). ” reads the advisory published by the experts.

Manufacturing

Manufacturing IoT Firmware VPN

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware

Firmware Passwords Accountability VPN

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. SecurityAffairs – hacking, Zyxel).

Firewall

Firewall Firmware VPN Wireless

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. SecurityAffairs – hacking, domain name system).

Firewall

Firewall VPN Firmware Internet

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. SecurityAffairs – DrayTek, hacking).

Firmware

Firmware VPN Accountability Advertising

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. SecurityAffairs – hacking, Zyxel). The CVE-2022-34747 (CVSS score: 9.8) 11)C0 and earlier V5.21(AAZF.12)C0

Firewall

Firewall Firmware Authentication VPN

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. SecurityAffairs – hacking, SOHO). This code is part of Circle , which is used to implement parental control features to these devices. R6700v3 – 1.0.4.106 R6900 – 1.0.2.16

DNS

DNS Firmware VPN Risk

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1 SecurityAffairs – hacking, China). Pierluigi Paganini.

Government

Government VPN Firmware Energy and Utilities

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” In September, while the AgeLocker ransomware was continuing to target QNAP NAS systems, the Taiwanese vendor urged customers to update the firmware and apps. SecurityAffairs – hacking, QNAP). Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Malware Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches. Use least privileges access: Use a secure virtual private network (VPN) service for remote access and restrict remote access to the device. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT

IoT DDOS Malware Firmware

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Below is the content of the ransom not shared by a victim on the BleepingComputer forum: Here is the content: “ ……… You was hacked by CHECKMATE team. ……… “ The vendor recommends not exposing the SMB service to the internet and using VPN to access the NAS and reduce the attack surface.

Ransomware

Ransomware Encryption Passwords Internet

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. SecurityAffairs – hacking, DeadBolt ransomware).

Ransomware

Ransomware Internet Internet Encryption

Security Affairs newsletter Round 309

Security Affairs

APRIL 11, 2021

SecurityAffairs – hacking, newsletter). Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4% If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cyber Attacks

Cyber Attacks Firmware Malware VPN

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Both vulnerabilities affect Small Business RV320 and RV325 Dual Gigabit WAN VPN routers running firmware versions 1.4.2.15 Pierluigi Paganini. ( – Cisco Cisco RV325, hacking). The initial fix for this vulnerability was found to be incomplete.

Small Business

Small Business Firmware Advertising VPN

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Consider installing and using a VPN. SecurityAffairs – hacking, FBI). hard drive, storage device, the cloud). Use multifactor authentication with strong pass phrases where possible. Disable hyperlinks in received emails.

Ransomware

Ransomware Passwords Backups Firmware

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

“GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities. Also recognize VPN is only as secure as the connected devices. SecurityAffairs – hacking, CISA). ” continues the alert. Pierluigi Paganini.

Firmware

Firmware VPN Firewall Risk

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Unauthenticated Command Injection bug opens D-Link VPN routers to hack

Trending Sources

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

NSA, CISA release guidance on hardening remote access via VPN solutions

Zyxel fixes a critical bug in its business firewall and VPN devices

Cisco fixes critical remote code execution issues in SMB VPN routers

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Zyxel published guidance for protecting devices from ongoing attacks

ASUS addressed critical flaws in some router models

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Widespread exploitation by botnet operators of Zyxel firewall flaw

A critical flaw in industrial automation systems opens to remote hack

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

CISA Order Highlights Persistent Risk at Network Edge

Some Zyxel devices can be hacked via DNS requests

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Multiple DDoS botnets were observed targeting Zyxel devices

HelloKitty ransomware gang targets vulnerable SonicWall devices

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Who and What is Behind the Malware Proxy Service SocksEscort?

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel fixed firewall unauthenticated remote command injection issue

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Hackers target zero-day flaws in enterprise Draytek network devices

Zyxel addressed a critical RCE flaw in its NAS devices

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Daixin Team targets health organizations with ransomware, US agencies warn

AgeLocker ransomware operation targets QNAP NAS devices

A new Zerobot variant spreads by exploiting Apache flaws

New Checkmate ransomware target QNAP NAS devices

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs newsletter Round 309

Cisco fixes flaws RV320 and RV325 routers targeted in attacks

FBI warns of ransomware attacks targeting the food and agriculture sector

CISA is warning of vulnerabilities in GE Power Management Devices

Stay Connected