Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN 82

VPN Authentication Small Business Telecommunications 82

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 121

VPN Firewall Accountability Cybersecurity 121

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. Targets span across the globe, they include both small businesses and large organizations. The experts published the Yara rule for the detection of similar KrustyLoader samples.

VPN 88

VPN Malware Authentication Small Business 88

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye.

VPN 129

VPN Government Malware Hacking 129

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. “Earth Krahang abuses the trust between governments to conduct their attacks.

Government 79

Government Phishing Accountability VPN 79

Security Affairs

JANUARY 12, 2023

Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.”

VPN 86

VPN Malware Engineering Government 86

Security Affairs

JANUARY 20, 2023

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day.

VPN 96

VPN Firewall Internet Internet 96

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN 112

VPN Hacking Authentication Government 112

Security Affairs

FEBRUARY 1, 2024

. “As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.” ” reads the directive. The software firm recommends importing the “mitigation.release.20240126.5.xml” 20240126.5.xml”

VPN 98

VPN Authentication Software Malware 98

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN 103

VPN Government Authentication Cybersecurity 103

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Pierluigi Paganini.

Government 90

Government VPN Telecommunications Advertising 90

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN 83

VPN Advertising Accountability Healthcare 83

Security Affairs

JULY 13, 2021

NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. The move to limit the access online to Cubans aims at blocking citizens from sharing information about the situation within the country. Source Fox News.

Media 91

Media Government Internet Internet 91

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. . Pierluigi Paganini.

VPN 84

VPN Advertising Healthcare Data breaches 84

Krebs on Security

NOVEMBER 2, 2021

government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. 22 post from Groove calling for attacks on the United States government sector. government sector and they eat it up. Triggering the directors of information security companies.

Ransomware 261

Ransomware Cybercrime VPN Media 261

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN 94

VPN Advertising Hacking Government 94

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN 63

VPN Firewall Advertising Media 63

Security Affairs

OCTOBER 23, 2020

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. This joint advisory provides information on Russia-linked APT actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. .

Government 110

Government Hacking Advertising Passwords 110

Security Affairs

JUNE 2, 2024

OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 90

Data breaches VPN Cloud Migration Cybercrime 90

Security Affairs

SEPTEMBER 15, 2020

CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems. CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security.

Government 71

Government VPN Firmware Energy and Utilities 71

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The state sponsored hackers also uses the VPN access to scan for vulnerabilities in targeted organizations.

VPN 79

VPN Manufacturing Education Hacking 79

Security Affairs

JANUARY 24, 2024

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. At present, Tietoevry cannot provide a definite timeframe for the complete restoration process due to the complexity of the security breach.

Ransomware 104

Ransomware VPN Government Retail 104

Security Affairs

FEBRUARY 6, 2024

Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. reads the advisory published by the security vendor.

Malware 104

Malware Firmware VPN Backups 104

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. The security breach took place on on May 14, and the institute discovered it only on May 31, then the research institute reported the incident to the government and launched an investigation.

Hacking 140

Hacking VPN Internet Internet 140

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches 77

Data breaches VPN Hacking Banking 77

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 81

Firewall VPN Firmware Internet 81

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN, VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, and IPVanish VPN. ” reads the announcement published by Roskomnadzor.

VPN 73

VPN Internet Internet Mobile 73

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN 326

VPN Risk Hacking Encryption 326

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 103

VPN Cybercrime Ransomware Hacking 103

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

VPN 105

VPN Software Firewall Authentication 105

Security Affairs

SEPTEMBER 30, 2022

Several hacker groups are assisting protestors in Iran using Telegram, Signal and other tools to bypass government censorship. The hackers are sharing tools and tips to bypass censorship, including opening VPN servers, to avoid restrictions introduced in the country following the death of Mahsa Amini.

VPN 85

VPN Government Internet Internet 85

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Cyber Attacks 108

Cyber Attacks VPN Authentication Hacking 108

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured.

Ransomware 102

Ransomware Encryption Antivirus VPN 102

Security Affairs

JUNE 13, 2023

. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 81

Firewall VPN Firmware Manufacturing 81

Security Affairs

NOVEMBER 14, 2022

The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Then the threat actors abused the victim’s Telegram account to steal VPN configuration data (authentication and certificates).

Ransomware 78

Ransomware Computers and Electronics VPN Malware 78

Security Affairs

MAY 30, 2019

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. The study also revealed that two of those VPN products are under its other developer name, Lemon Clove, and another two by Autumn Breeze 2018. Innovative Connecting VPNs products.

VPN 98

VPN Small Business Mobile Advertising 98

Security Affairs

MARCH 1, 2024

Government experts also reported that the exploitation of the flaw can allow threat actors to maintain root-level persistence. CISA and other government agencies suggest that defenders utilize Ivanti’s recently released external Integrity Checker Tool (ICT), made available on 27th February. ” reads the advisory.

Authentication 77

Authentication Cyber threats VPN Government 77