Information Security, Passwords and VPN

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “The data includes: IPs.

VPN

VPN Passwords Firewall Firmware

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. These routers are used to relay brute-force attacks on Microsoft 365 accounts.

Passwords

Passwords Wireless VPN Accountability

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Passwords

Attackers exploited SonicWall SMA appliances since January 2025

Security Affairs

APRIL 19, 2025

Arctic Wolf has uncovered an active campaign, running from January to April 2025, targeting SonicWall SMA 100 series appliances to steal VPN credentials. Threat actors were spotted exploiting the default super admin account (admin@LocalDomain), which often still uses the weak default password password.

Passwords

Passwords VPN Firewall Accountability

ASUS routers with AiCloud vulnerable to auth bypass exploit

Security Affairs

APRIL 18, 2025

It finally recommends using strong, unique passwords (min. 10 characters, mix of letters, numbers, symbols) for both Wi-Fi and admin pages and avoiding reusing passwords or using easy sequences like 1234567890. ” concludes the security advisory. ” concludes the security advisory.

Firmware

Firmware Authentication Passwords VPN

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN

VPN Firewall Technology Passwords

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN

VPN Passwords Authentication Accountability

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall

Firewall Passwords VPN Authentication

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Solutions Upgrade to FortiOS 5.4.13, 5.6.8,

VPN

VPN Banking Passwords Malware

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware.” Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60

Firewall

Firewall VPN Firmware Passwords

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

.” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Triggering the directors of information security companies. ” Image: @nokae8.

Ransomware

Ransomware Cybercrime VPN Media

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall

Firewall VPN Accountability Firmware

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN

VPN Government Authentication Advertising

7 VPN services left data of millions of users exposed online

Security Affairs

JULY 21, 2020

vpnMentor experts reported that seven Virtual Private Network (VPN) recently left 1.2 Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see. . The server was secured on July 15 th.

VPN

VPN Advertising Passwords Internet

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare

Healthcare Ransomware VPN Malware

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. “Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers.

Passwords

Passwords Spyware VPN Malware

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. As such, you should limit the amount of information that employees have access to. Use a corporate VPN.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

Lenny Zeltser

JULY 6, 2017

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. Moreover, by using VPN exit nodes in different cities and even countries, the researcher can explore the target from multiple geographic vantage points, which sometimes yields additional findings.

VPN

VPN Software DNS Internet

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Passwords for mail access could be intercepted, and exposed services may allow password guessing attacks on the server. “This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server.” We see around 3.3M

Encryption

Encryption Passwords Internet Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. co and a VPN provider called HideIPVPN[.]com. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report.

Firewall

Firewall Ransomware VPN Encryption

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems. Scattered Spider used phishing and smishing attacks to trick employees to provide their credentials.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Strong segmentation with firewalls and DMZs, securing VPN gateways, and ensuring encrypted traffic with TLS v1.3 Disabling unnecessary protocols and services, avoiding default passwords, and verifying software integrity bolster resilience. are essential for protecting data.

Telecommunications

Telecommunications Government Mobile Cyber threats

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Security Affairs

OCTOBER 22, 2019

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. . Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. .

VPN

VPN Hacking Advertising Passwords

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Most often, communication between the service provider and the client takes place via VPN connections and Remote Desktop Protocol (RDP) services.

VPN

VPN Accountability Passwords Antivirus

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Passwords

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. When you access the internet through a VPN, your data is encrypted and routed through a secure tunnel.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The most common issues discovered by the experts were outdated Linux kernel in the firmware, outdated multimedia and VPN functions, presence of hardcoded credentials, the use of insecure communication protocols and weak default passwords. “Some of the security issues were detected more than once.

Manufacturing

Manufacturing IoT Firmware VPN

Cyber Security Awareness Month: Cyber tune-up checklist

Webroot

OCTOBER 1, 2024

By safeguarding our information from cyber threats, we can all help keep the digital world we live in more secure. Password best practices One of the best ways to keep your personal data out of the hands of hackers is also one of the simplest. Create strong passwords. Here are some tips for creating unbreakable passwords.

Security Awareness

Security Awareness Passwords Backups Password Management

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

One of the campaigns monitored by the experts and conducted by PHOSPHORUS APT group leveraged known vulnerabilities in Fortinet FortiOS SSL VPN and Microsoft Exchange Servers to deploy ransomware on vulnerable networks. . Microsoft added that password spray attacks on Office 365 accounts with multifactor authentication (MFA) enabled failed.

VPN

VPN Accountability Social Engineering Media

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

In January 2025, they exploited a zero-day in Ivanti Pulse Connect VPN ( CVE-2025-0282 ). Then, the threat actors move laterally from on-premises to cloud environments by dumping Active Directory, stealing passwords from key vaults, and escalating privileges.

Energy and Utilities

Energy and Utilities Passwords VPN Healthcare

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords VPN Authentication

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. The double supply chain compromise that led to malware being pushed out to some 3CX customers. Image: Mandiant.

Malware

Malware Software Technology Accountability

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

The channel’s security must be impenetrable. They generally get into your system by guessing the password, leveraging API loopholes, or exploiting bad codes. For a channel to be secure, it should be reliable and trustworthy. The Best Ways to Secure Communication Channels . You can share passwords and secret notes.

VPN

VPN Passwords Encryption Mobile

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Chinese threat actors use Quad7 botnet in password-spray attacks

Trending Sources

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Attackers exploited SonicWall SMA appliances since January 2025

ASUS routers with AiCloud vulnerable to auth bypass exploit

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

International law enforcement operation dismantled RedLine and Meta infostealers

Check Point released hotfix for actively exploited VPN zero-day

Cisco warns of password-spraying attacks targeting Secure Firewall devices

The global impact of the Fortinet 50.000 VPN leak posted online

Expert found a secret backdoor in Zyxel firewall and VPN

The ‘Groove’ Ransomware Gang Was a Hoax

China-linked APT groups targets orgs via Pulse Secure VPN devices

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

7 VPN services left data of millions of users exposed online

NailaoLocker ransomware targets EU healthcare-related entities

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Fortinet VPN with default certificate exposes 200,000 businesses to hack

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

Everyday Threat Modeling

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Who and What is Behind the Malware Proxy Service SocksEscort?

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Trusted relationship attacks: trust, but verify

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

15 Cybersecurity Measures for the Cloud Era

Okta warns of unprecedented scale in credential stuffing attacks on online services

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Cyber Security Awareness Month: Cyber tune-up checklist

Iran-linked APT groups continue to evolve

China-linked APT Silk Typhoon targets IT Supply Chain

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

3CX Breach Was a Double Supply Chain Compromise

The Best Ways to Secure Communication Channels in The Enterprise Environment

Stay Connected