Firmware, Information and VPN - Cyber Security Informer

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN

VPN Passwords Firewall Firmware

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.”

Firewall

Firewall Firmware VPN Authentication

ASUS routers with AiCloud vulnerable to auth bypass exploit

Security Affairs

APRIL 18, 2025

. “An improper authentication control vulnerability exists in certain ASUS router firmware series. “We have released new firmware update for 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series.” Asus also urges users to update the routers firmware via the ASUS support page when available.

Firmware

Firmware Authentication Passwords VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Zyxel firewalls targeted in recent ransomware attacks

Security Affairs

NOVEMBER 25, 2024

“A command injection vulnerability in the IPSec VPN feature of some firewall versions could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device.” ” The vendor addressed these vulnerabilities with the release of firmware version 5.39

Firewall

Firewall Ransomware VPN Firmware

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware

Firmware Government Firewall Malware

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. Cisco has addressed the flaw with the release of firmware version 1.0.01.02

VPN

VPN Small Business Wireless Firmware

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. Up to now, a large number of VPN users have been attacked.” are vulnerable.

VPN

VPN Government Advertising Firmware

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14

Firewall

Firewall VPN Accountability Firmware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

Penetration Testing

JUNE 15, 2025

The flaws, tracked as CVE-2025-45984 through CVE-2025-45988, affect a wide range of firmware versions used in both consumer and enterprise-grade networking equipment. Shared Affected Codebase: Each flaw targets the same goahead binary and associated shared object, amplifying the impact across models and firmware versions.

Firmware

Firmware DNS Penetration Testing Advertising

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We are actively investigating the issue and will provide an updated advisory when we have more information.” . “In some cases, this compromise has led to a factory reset that appears to erase all data on the device.

Internet

Internet Internet Backups Small Business

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

The SOCKS (or SOCKS5) protocol allows Internet users to channel their Web traffic through a proxy server, which then passes the information on to the intended destination. co and a VPN provider called HideIPVPN[.]com. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service. WHO’S BEHIND SOCKSESCORT?

Malware

Malware VPN Internet Internet

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN

VPN Passwords Firewall Firmware

Two SonicWall SMA100 flaws actively exploited in the wild

Security Affairs

MAY 1, 2025

Below are the descriptions of the two flaws: CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv ” Both flaws impact SMA 100 Series devices, including SMA 200, 210, 400, 410, 500v.

Firmware

Firmware Mobile Authentication VPN

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. ” reads the security bulletin.

Firmware

Firmware VPN Accountability Advertising

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing Manufacturing

Privacy Roundup: Week 13 of Year 2025

Security Boulevard

MARCH 31, 2025

Information and summaries provided here are as-is for warranty purposes. Generally speaking, you as the user could preset a "contract" for web properties you visit that inform the website which information you will and will not offer for access to content/services. Malware campaigns covered generally target/affect the end user.

VPN

VPN Surveillance Malware Data breaches

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Security Affairs

JANUARY 3, 2020

Experts disclosed PoC exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. ”” D-Link, was informed about the flaw by a third-party company in mid-October, but its initial security advisory only identified the DIR-859 router family as being vulnerable.

Advertising

Advertising Firmware VPN Authentication

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” continues the report.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)

Kali Linux

JUNE 12, 2025

New GNOME VPN IP Extension Just like we did for Xfce back in Kali 2024.1 , we’ve now brought the VPN IP indicator to GNOME too! It shows the IP address of your current VPN connection right in the panel — and with a simple click, it copies it straight to your clipboard. Want the full scoop? KDE Plasma 6.3

VPN

VPN Wireless Firmware Authentication

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 2, 2025

is an improper neutralization of special elements in the SMA100 SSL-VPN management interface. SMA100 devices updated with the fixed firmware version 10.2.1.14-75sv An attacker can exploit the flaw to map URLs to file system locations that are permitted to be served by the server CVE-2023-44221 (CVSS score: 7.2)

Firmware

Firmware Authentication VPN Mobile

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall

Firewall Firmware VPN Authentication

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The most common issues discovered by the experts were outdated Linux kernel in the firmware, outdated multimedia and VPN functions, presence of hardcoded credentials, the use of insecure communication protocols and weak default passwords. “Some of the security issues were detected more than once.

Manufacturing

Manufacturing IoT Firmware VPN

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability Firewall

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. The daemon connects to Circle and Netgear to obtain version information and updates to the circled daemon and its filtering database. R6700v3 – 1.0.4.106 R6900 – 1.0.2.16

DNS

DNS Firmware VPN Risk

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. continues the report. continues the report.

Firewall

Firewall Firmware Cyber Attacks VPN

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, routers)

Authentication

Authentication Firmware Manufacturing VPN

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Information and summaries provided here are as-is for warranty purposes. While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. They also have appeared to partner with Proton.

Surveillance

Surveillance Telecommunications Data breaches Spyware

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

. “The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.”

Government

Government VPN Firmware Energy and Utilities

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware. ” ASUS added.

Firmware

Firmware VPN Wireless Passwords

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” COATHANGER is a stealthy malware that hooks system calls that could reveal its presence. ” continues the report. reads the advisory published by the security vendor.

Malware

Malware Firmware VPN Backups

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

“Claroty has privately disclosed details to Real Time Automation (RTA), informing the vendor of a critical vulnerability in its proprietary 499ES EtherNet/IP (ENIP) stack. Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

NSA, CISA Release Guidance for Choosing and Hardening VPNs

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN

VPN Authentication Passwords Software

Update now! ASUS fixes nine security flaws

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware

Firmware VPN Risk Cybersecurity

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

SonicWall warns of an exploitable SonicOS vulnerability

Trending Sources

ASUS routers with AiCloud vulnerable to auth bypass exploit

Expert found a secret backdoor in Zyxel firewall and VPN

NSA, CISA release guidance on hardening remote access via VPN solutions

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Zyxel firewalls targeted in recent ransomware attacks

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Cisco fixes critical remote code execution issues in SMB VPN routers

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

MyBook Users Urged to Unplug Devices from Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Two SonicWall SMA100 flaws actively exploited in the wild

Hackers target zero-day flaws in enterprise Draytek network devices

Patch now! Insecure Hikvision security cameras can be taken over remotely

Privacy Roundup: Week 13 of Year 2025

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

HelloKitty ransomware gang targets vulnerable SonicWall devices

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)

U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Zyxel published guidance for protecting devices from ongoing attacks

ASUS fixed critical remote authentication bypass bug in several routers

Privacy Roundup: Week 12 of Year 2025

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

ASUS addressed critical flaws in some router models

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

A critical flaw in industrial automation systems opens to remote hack

Widespread exploitation by botnet operators of Zyxel firewall flaw

NSA, CISA Release Guidance for Choosing and Hardening VPNs

Update now! ASUS fixes nine security flaws

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Stay Connected