Information Security, Passwords and VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware.” Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60

Firewall

Firewall VPN Firmware Passwords

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. “Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers.

Passwords

Passwords Spyware VPN Malware

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employee security awareness is the most important defense against data breaches. Related: Leveraging security standards to protect your company. It involves regularly changing passwords and inventorying sensitive data. As such, you should limit the amount of information that employees have access to. Use a corporate VPN.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

Lenny Zeltser

JULY 6, 2017

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. Moreover, by using VPN exit nodes in different cities and even countries, the researcher can explore the target from multiple geographic vantage points, which sometimes yields additional findings.

VPN

VPN Software DNS Internet

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

.” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Triggering the directors of information security companies. ” Image: @nokae8.

Ransomware

Ransomware Cybercrime VPN Media

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts. This encompasses everything from protecting your passwords to being vigilant against phishing scams and online fraud. Instead, enter your credentials each time for added security.

VPN

VPN Passwords Scams Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. co and a VPN provider called HideIPVPN[.]com. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

.” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Backups VPN Authentication

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

The channel’s security must be impenetrable. They generally get into your system by guessing the password, leveraging API loopholes, or exploiting bad codes. For a channel to be secure, it should be reliable and trustworthy. The Best Ways to Secure Communication Channels . You can share passwords and secret notes.

VPN

VPN Passwords Encryption Mobile

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

.” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Backups VPN Authentication

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The most common issues discovered by the experts were outdated Linux kernel in the firmware, outdated multimedia and VPN functions, presence of hardcoded credentials, the use of insecure communication protocols and weak default passwords. “Some of the security issues were detected more than once.

Manufacturing

Manufacturing IoT Firmware VPN

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. When you access the internet through a VPN, your data is encrypted and routed through a secure tunnel.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The attackers were able to send funds from hot wallets and download user names and password hashes. “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it. ” continues the notice.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. event=start&target=” triggering the flaw CVE-2023-3519 to write a simple PHP web shell to /netscaler/ns_gui/vpn.

VPN

VPN Authentication Cyber Attacks Passwords

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

An attacker can trigger the vulnerability to extract sensitive data from the memory of the affected devices, including usernames and passwords.

Ransomware

Ransomware VPN Education Hacking

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Security Affairs

NOVEMBER 11, 2021

“ This actor has also demonstrated interest in obtaining unauthorized access to SCADA systems using common default passwords.” ” The FBI urges organizations that suffered a security breach in the past to reset passwords, enhance the security of systems exposed online and warn their employees.

VPN

VPN Cybercrime Passwords Firewall

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware

Ransomware Hacking VPN Phishing

Bronze Starlight targets the Southeast Asian gambling sector

Security Affairs

AUGUST 18, 2023

Then the loaders retrieve a second-stage payload stored in password-protected ZIP archive from Alibaba buckets. The researchers observed that the loader “AdventureQuest.exe” is signed using a certificate issued to a Singapore-based VPN provider called Ivacy VPN. ” reads the analysis published by SentinelOne.

VPN

VPN Malware Encryption Passwords

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

SEPTEMBER 2, 2022

According to eSentire, the crooks gained access to the workforce management corporation’s IT network using stolen Virtual Private Network (VPN) credentials. The researchers discovered several underground forum posts, dating from April 2022, where mx1r was looking for VPN credentials for high-profile companies. companies. . .

Hacking

Hacking VPN Ransomware Authentication

Experts found 10 malicious packages on PyPI used to steal developers’ data

Security Affairs

AUGUST 10, 2022

py file downloads and executes a malicious script that searches for local passwords and uploads them using a discord web hook. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables. Free-net-vpn and Free-net-vpn2 are malicious packages developed to target environment variables.

VPN

VPN Passwords Cyber threats Software

DepositFiles exposed config file, jeopardizing user security

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. Payment service credentials, including username, password, and endpoint, were also exposed via the config file. researchers said.

Data breaches

Data breaches VPN Media Passwords

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Security Affairs

JANUARY 3, 2022

At the end of the year, gaming giant SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket, cybersecurity firm VPN Overview reported. ” reads the report published by VPN Overview. in SEGA’s name. Several popular SEGA websites and CDNs were affected.”

VPN

VPN Malware Passwords Hacking

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The report also includes a list of mitigation measures to increase the resilience of company networks: Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., Regularly back up data, password protect backup copies offline.

Ransomware

Ransomware DDOS Passwords Backups

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.” These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger. The vendor also recommends creating distinct, strong passwords for the wireless network and router administration pages.

Firmware

Firmware VPN Wireless Passwords

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords VPN Authentication

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Passwords Backups Firmware

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware VPN Government Retail

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The RedLine malware allows operators to steal several information, including credentials, credit card data, cookies, autocomplete information stored in browsers, cryptocurrency wallets, credentials stored in VPN clients and FTP clients. The data included usernames, email addresses and plain text passwords.”

Accountability

Accountability Malware Data breaches Passwords

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

The volume of exposed data about the DTC drivers is impressive, as the database includes: Driving license number Work permit number Nationality Username Encrypted password Phone number According to the team, the MongoDB instance contained conversations with support totaling over 17K records, as well as complaints from customers.

VPN

VPN Accountability Banking Marketing

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Authentication

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware

Firmware Ransomware Passwords Mobile

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. The threat actors used various tools, including ‘ffuf’, ‘dirbuster’, ‘gowitness’, and ‘nmap.’ “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

Remote access security acts as something of a virtual barrier, preventing unauthorized access to data and assets beyond the traditional network perimeter. Keys, such as strong passwords, unique codes, or biometric scans, can be given to trusted individuals to access your resources from a distance.

Passwords

Passwords Authentication Encryption VPN

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. The attackers obtained encrypted passwords from NetScaler ADC configuration files, and the decryption key was stored on the ADC appliance. php) on victim machines.

VPN

VPN Ransomware DNS Malware

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall

Firewall Passwords VPN Authentication

Expert found a secret backdoor in Zyxel firewall and VPN

China-linked APT groups targets orgs via Pulse Secure VPN devices

Trending Sources

Fortinet VPN with default certificate exposes 200,000 businesses to hack

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Okta warns of unprecedented scale in credential stuffing attacks on online services

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

The ‘Groove’ Ransomware Gang Was a Hoax

Protecting Your Digital Identity: Celebrating Identity Management Day

Who and What is Behind the Malware Proxy Service SocksEscort?

Akira ransomware targets Finnish organizations

The Best Ways to Secure Communication Channels in The Enterprise Environment

Akira ransomware targets Finnish organizations

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

15 Cybersecurity Measures for the Cloud Era

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Everyday Threat Modeling

Iranian threat actors attempt to buy stolen data of US organizations, FBI warns

Cisco was hacked by the Yanluowang ransomware gang

Bronze Starlight targets the Southeast Asian gambling sector

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Experts found 10 malicious packages on PyPI used to steal developers’ data

DepositFiles exposed config file, jeopardizing user security

SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack

Avoslocker ransomware gang targets US critical infrastructure

ASUS addressed critical flaws in some router models

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs newsletter Round 377

FBI warns of ransomware attacks targeting the food and agriculture sector

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Dubai’s largest taxi app exposes 220K+ users

LockBit Ransomware operators hit Swiss helicopter maker Kopter

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Daixin Team targets health organizations with ransomware, US agencies warn

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

16 Remote Access Security Best Practices to Implement

FIN8-linked actor targets Citrix NetScaler systems

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Stay Connected