Hacking, Information Security, Passwords and VPN

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware.” Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60

Firewall

Firewall VPN Firmware Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware

Ransomware Hacking VPN Phishing

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking

Hacking VPN Ransomware Authentication

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. “Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers.

Passwords

Passwords Spyware VPN Malware

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

An initial access broker claims to have hacked Deutsche Bank

Security Affairs

NOVEMBER 11, 2022

An initial access broker claims to have hacked Deutsche Bank and is offering access to its systems for sale on Telegram. A threat actor ( 0x_dump ) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online. SecurityAffairs – hacking, Deutsche Bank).

Banking

Banking Hacking InfoSec Insurance

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

An attacker can trigger the flaw by supplying carefully crafted username and/or password as base64 encoded strings inside the fields aa and ab of the login page. Leak of the sensitive data stored on the router (keys, administrative passwords, etc.) SecurityAffairs – hacking, DrayTek Vigor). Pierluigi Paganini.

Hacking

Hacking Internet Internet Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

“With this level of detail, impersonating network or internal hosts would be far simpler for an attacker, especially since the devices often contain VPN credentials or other easily cracked authentication tokens.” Exposed corporate data and sensitive data include the maps of sensitive applications hosted locally or in the cloud.

Hacking

Hacking VPN Marketing Authentication

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. Cisco investigated the hacking campaign with the help of Rapid7. concludes the alert.

Ransomware

Ransomware Backups VPN Authentication

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

An attacker can trigger the vulnerability to extract sensitive data from the memory of the affected devices, including usernames and passwords. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) ” continues the report.

Ransomware

Ransomware VPN Education Hacking

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 SecurityAffairs – hacking, newsletter). Pierluigi Paganini.

Spyware

Spyware Manufacturing Small Business Surveillance

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The most common issues discovered by the experts were outdated Linux kernel in the firmware, outdated multimedia and VPN functions, presence of hardcoded credentials, the use of insecure communication protocols and weak default passwords. “Some of the security issues were detected more than once. Pierluigi Paganini.

Manufacturing

Manufacturing IoT Firmware VPN

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. When you access the internet through a VPN, your data is encrypted and routed through a secure tunnel.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware VPN Government Retail

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

In at least one compromise, the APT actor laterally traversed an SLTT victim network and accessed documents related to sensitive network configurations and passwords, standard operating procedures (SOP), IT instructions, such as requesting password resets, vendors and purchasing information. printing access badges.

Government

Government Hacking Advertising Passwords

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. event=start&target=” triggering the flaw CVE-2023-3519 to write a simple PHP web shell to /netscaler/ns_gui/vpn.

VPN

VPN Authentication Cyber Attacks Passwords

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it. ” continues the notice.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

The volume of exposed data about the DTC drivers is impressive, as the database includes: Driving license number Work permit number Nationality Username Encrypted password Phone number According to the team, the MongoDB instance contained conversations with support totaling over 17K records, as well as complaints from customers.

VPN

VPN Accountability Banking Marketing

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. ” reads the advisory published by the CERT-UA.

Telecommunications

Telecommunications Authentication Data collection Passwords

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. email and password pairs leaked online. SecurityAffairs – hacking, cyber stories).

Hacking

Hacking VPN Passwords Ransomware

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Then the loaders retrieve a second-stage payload stored in password-protected ZIP archive from Alibaba buckets. The researchers observed that the loader “AdventureQuest.exe” is signed using a certificate issued to a Singapore-based VPN provider called Ivacy VPN. ” reads the analysis published by SentinelOne.

VPN

VPN Malware Encryption Passwords

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Security Affairs

JANUARY 3, 2022

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported. ” reads the report published by VPN Overview. SecurityAffairs – hacking, S3 bucket). in SEGA’s name.

VPN

VPN Malware Passwords Hacking

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

“ This actor has also demonstrated interest in obtaining unauthorized access to SCADA systems using common default passwords.” ” The FBI urges organizations that suffered a security breach in the past to reset passwords, enhance the security of systems exposed online and warn their employees.

VPN

VPN Cybercrime Passwords Firewall

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Cybercriminals may exploit hacked email accounts to distribute harmful files or links to unwary users within the company or externally. researchers said.

Data breaches

Data breaches VPN Media Passwords

Experts found 10 malicious packages on PyPI used to steal developers’ data

Security Affairs

AUGUST 10, 2022

py file downloads and executes a malicious script that searches for local passwords and uploads them using a discord web hook. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables.

VPN

VPN Passwords Cyber threats Software

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.” These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger. The vendor also recommends creating distinct, strong passwords for the wireless network and router administration pages.

Firmware

Firmware VPN Wireless Passwords

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords VPN Authentication

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. SecurityAffairs – hacking, ransomware). The post LockBit Ransomware operators hit Swiss helicopter maker Kopter appeared first on Security Affairs. ” reported ZDNet. .”

Ransomware

Ransomware VPN Encryption Authentication

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.”

Accountability

Accountability Malware Data breaches Passwords

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware

Firmware Ransomware Passwords Mobile

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 402 by Pierluigi Paganini appeared first on Security Affairs.

Small Business

Small Business Password Management VPN Healthcare

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The report also includes a list of mitigation measures to increase the resilience of company networks: Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., Regularly back up data, password protect backup copies offline.

Ransomware

Ransomware DDOS Passwords Backups

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malware creates a proxy or VPN tunnel on the compromised router to exfiltrate data, and then uses stolen credentials to access targeted resources. The malware passively monitors network packets for “credential markers,” including usernames, passwords, and authentication tokens.

Malware

Malware DNS Authentication Telecommunications

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 Ivanti fixed this critical code execution issue in Pulse Connect Secure VPN early this month.

Malware

Malware VPN Authentication Hacking

Fortinet VPN with default certificate exposes 200,000 businesses to hack

China-linked APT groups targets orgs via Pulse Secure VPN devices

Webinars

Trending Sources

Expert found a secret backdoor in Zyxel firewall and VPN

Webinars

Cisco was hacked by the Yanluowang ransomware gang

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Okta warns of unprecedented scale in credential stuffing attacks on online services

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Akira ransomware targets Finnish organizations

An initial access broker claims to have hacked Deutsche Bank

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Who and What is Behind the Malware Proxy Service SocksEscort?

Hackers can hack organizations using data found on their discarded enterprise network equipment

5 Ways to Protect Yourself from IP Address Hacking

Akira ransomware targets Finnish organizations

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs newsletter Round 377

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Everyday Threat Modeling

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

15 Cybersecurity Measures for the Cloud Era

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Dubai’s largest taxi app exposes 220K+ users

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs most-read cyber stories of 2021

Bronze Starlight targets the Southeast Asian gambling sector

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

DepositFiles exposed config file, jeopardizing user security

Experts found 10 malicious packages on PyPI used to steal developers’ data

ASUS addressed critical flaws in some router models

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

LockBit Ransomware operators hit Swiss helicopter maker Kopter

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs newsletter Round 402 by Pierluigi Paganini

Avoslocker ransomware gang targets US critical infrastructure

Cuttlefish malware targets enterprise-grade SOHO routers

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Stay Connected