Krebs on Security

AUGUST 21, 2020

The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. authenticate the phone call before sensitive information can be discussed.

VPN 363

VPN Social Engineering Authentication Engineering 363

The Last Watchdog

APRIL 28, 2025

28, 2025, CyberNewswire — Windscribe , a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.

VPN 100

VPN Advertising Internet Internet 100

Security Affairs

JANUARY 8, 2025

The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. hardware firewalls: SonicOS 6.5.5.1-6n

Firewall 112

Firewall Firmware VPN Authentication 112

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks.

VPN 363

VPN Passwords Software Telecommunications 363

Schneier on Security

AUGUST 25, 2021

It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic.

Internet 363

Internet Internet Surveillance VPN 363

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN 123

VPN Passwords Authentication Accountability 123

Krebs on Security

NOVEMBER 21, 2020

. “Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information,” GoDaddy spokesperson Dan Race said. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Cryptocurrency 364

Cryptocurrency VPN Scams Social Engineering 364

Malwarebytes

FEBRUARY 19, 2025

The announcement read: Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing. With all these pieces of information, its possible to create a unique fingerprint by which websites can recognize you, even if you clear your cookies.

Advertising 138

Advertising VPN Internet Internet 138

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN 131

VPN Firewall Marketing Encryption 131

Tech Republic Security

SEPTEMBER 9, 2024

Explore their features, performance and pricing to make an informed decision. Compare Surfshark and NordVPN to determine which one is better.

VPN 174

VPN 174

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN 356

VPN Computers and Electronics Antivirus Software 356

Malwarebytes

JANUARY 9, 2025

Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services. million people. For a full list of compromised extensions, visit here.

Malware 129

Malware Small Business Artificial Intelligence VPN 129

Adam Levin

OCTOBER 16, 2020

The bookseller sent an email to customers notifying them that their personal information had been exposed, but that their financial information had not been compromised. . Barnes & Noble has confirmed a data breach following a cyberattack that took many of their services offline. .

Data breaches 286

Data breaches VPN Passwords Accountability 286

Security Affairs

APRIL 12, 2025

The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. ” Fortinet pointed out that only devices with SSL-VPN enabled are impacted. . FortiOS 7.4,

VPN 103

VPN Engineering Hacking Cybersecurity 103

Adam Levin

NOVEMBER 26, 2019

The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations. The personally identifiable information of children was included in several of the records.

B2B 295

B2B Spyware VPN Phishing 295

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 139

VPN Firewall Authentication Hacking 139

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. ” concludes the report.

Healthcare 83

Healthcare Ransomware VPN Malware 83

Adam Levin

DECEMBER 16, 2020

Use a VPN: If you need to transmit sensitive information online, look into a VPN provider, or see if your workplace can provide one. VPNs aren’t foolproof, but they can add one more level of security and privacy to what you do online, especially if you rely on public WiFi networks.

VPN 245

VPN Antivirus Passwords Backups 245

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN 111

VPN Firewall Technology Passwords 111

Tech Republic Security

APRIL 5, 2024

There’s no reason to risk your privacy or your most confidential information, or even be deprived of your favorite content, when a solution is so affordable. Use coupon SECURE20 at checkout through 4/7 to unlock an additional 20% off this deal!

VPN 191

VPN Risk Data privacy 191

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication.

VPN 109

VPN Authentication Hacking Risk 109

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN 133

VPN Malware Authentication Hacking 133

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

VPN 120

VPN Government Malware Manufacturing 120

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 329

Antivirus VPN Encryption Malware 329

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords 131

Passwords Wireless VPN Accountability 131

Krebs on Security

DECEMBER 2, 2021

28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. The message was sent through an IP address associated with the same Surfshark VPN. million at the time).

VPN 266

VPN Internet Internet Accountability 266

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. The J-magic campaign is notable for targeting JunoOS, a FreeBSD-based operating system that threat actors rarely target in malware attacks.

Malware 119

Malware VPN Encryption Hacking 119

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups 127

Backups VPN Ransomware Authentication 127

Krebs on Security

NOVEMBER 21, 2024

Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page.

Identity Theft 265

Identity Theft Phishing Cryptocurrency Accountability 265

The Last Watchdog

JANUARY 18, 2022

This conclusion is derived from an analysis of data taken from our data breach detection tool, Surfshark Alert , which comprises publicly available breached data sets to inform our users of potential threats. Apart from using a VPN to prevent companies from collecting data, we invite everyone to try Surfshark Alert. But that’s not all.

Data breaches 279

Data breaches VPN Internet Internet 279

Webroot

MAY 9, 2025

These scammers are trying to gather personal data like your drivers license number and credit card information so they can steal from you. Youre asked for sensitive information like bank logins and passwords, which can be used to drain your bank account. Dont share: Never share any of your personal or financial information via text.

Scams 72

Scams Mobile Banking VPN 72

Krebs on Security

NOVEMBER 2, 2021

.” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Triggering the directors of information security companies. ” Image: @nokae8.

Ransomware 328

Ransomware Cybercrime Media VPN 328

Security Affairs

MARCH 10, 2025

The attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA). The group stated that it stole sensitive data such as private correspondence, personal information, and official decrees.

Ransomware 116

Ransomware VPN Healthcare Malware 116

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 130

VPN Firmware Malware Government 130

Malwarebytes

FEBRUARY 12, 2025

Wolfie Christl, a data privacy expert investigating the ad tech industry commented: Sharing data with Meta is highly problematic, even with consent, but doing so without explicit informed consent shows a blatant disregard for the law.

Data collection 129

Data collection Marketing Data privacy VPN 129

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall 80

Firewall VPN Accountability Firmware 80

Security Affairs

APRIL 19, 2025

Arctic Wolf has uncovered an active campaign, running from January to April 2025, targeting SonicWall SMA 100 series appliances to steal VPN credentials. This week, SonicWall updated its advisory, confirming that this vulnerability is potentially being exploited in the wild.

Passwords 104

Passwords VPN Firewall Accountability 104