SC Magazine

APRIL 8, 2021

Kaspersky reported how recent attacks against a series of European industrial networks were accomplished at a vulnerability in Fortinet’s FortiGate VPN. In the early months of 2021, ransomware operators, believed to be manually delivering Cring ransomware, struck a series of European industrial networks.

VPN 101

VPN Ransomware Encryption Media 101

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware 134

Ransomware VPN Authentication Hacking 134

Bleeping Computer

SEPTEMBER 8, 2023

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [.]

VPN 137

VPN Ransomware 137

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware 109

Ransomware Backups VPN Authentication 109

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 256

Ransomware Cybercrime VPN Healthcare 256

The Hacker News

JULY 15, 2021

Networking equipment maker SonicWall is alerting customers of an "imminent" ransomware campaign targeting its Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x x firmware.

VPN 103

VPN Ransomware Firmware Mobile 103

The Hacker News

JANUARY 18, 2022

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation.

VPN 117

VPN Cybercrime Ransomware 117

Threatpost

JUNE 9, 2021

Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating.

VPN 128

VPN Passwords Accountability Ransomware 128

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. concludes the alert.

Ransomware 85

Ransomware Backups VPN Authentication 85

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. ” reads a post published by Cisco PSIRT.

Authentication 111

Authentication Ransomware VPN Hacking 111

Security Boulevard

JANUARY 12, 2024

The post Ivanti VPN Zero-Day Combo Chained ‘by China’ appeared first on Security Boulevard. Under active exploitation since last year—but still no patch available.

VPN 83

VPN Data privacy Security Awareness Risk 83

Krebs on Security

AUGUST 19, 2021

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ” This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. ” Image: Sophos.

Ransomware 359

Ransomware Social Engineering Cybercrime Scams 359

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 135

VPN Passwords Banking Advertising 135

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN 125

VPN Government Firmware Authentication 125

Bleeping Computer

MAY 7, 2023

A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities." [.]

Antivirus 133

Antivirus Ransomware Encryption VPN 133

CyberSecurity Insiders

JANUARY 5, 2023

A Canadian college and a global investment firm’s computer network were compromised with ransomware after hackers broke into the virtual private network of Fortinet devices. eSentire TRU named the newly found ransomware as Kalaja-Tomorr or Kalajatomorr that emerged in March 2022 and is targeting only English-speaking companies.

VPN 52

VPN Ransomware Antivirus Firewall 52

Security Affairs

NOVEMBER 8, 2023

Five Canadian hospitals were victims of a ransomware attack, threat actors claim to have stolen data from them and leaked them. Five Canadian hospitals revealed they were victims of ransomware attacks after threat actors leaked alleged stolen data. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 112

Ransomware Healthcare VPN Insurance 112

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue. in attacks in the wild. This week the U.S.

Ransomware 128

Ransomware VPN Education Hacking 128

Heimadal Security

APRIL 8, 2021

Cybercriminals are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a brand new type of ransomware, tracked as Cring ransomware to companies in the industrial sector. The post Unpatched Fortinet VPN Devices Are Attacked by New Cring Ransomware appeared first on Heimdal Security Blog.

VPN 68

VPN Ransomware Telecommunications Cybersecurity 68

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 104

Ransomware Encryption Antivirus VPN 104

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN 116

VPN Cybercrime Advertising Accountability 116

Krebs on Security

NOVEMBER 2, 2021

A number of publications in September warned about the emergence of “ Groove ,” a new ransomware group that called on competing extortion gangs to unite in attacking U.S. Some security experts said the post of the Fortinet VPN usernames and passwords was aimed at drawing new affiliates to Groove. ” reads the Oct.

Ransomware 256

Ransomware Cybercrime VPN Media 256

Bleeping Computer

APRIL 7, 2021

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [.].

VPN 144

VPN Ransomware Encryption 144

Malwarebytes

AUGUST 28, 2023

The Cisco Product Security Incident Response Team (PSIRT) has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication (MFA). The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for MFA.

Ransomware 86

Ransomware VPN Passwords Backups 86

CyberSecurity Insiders

FEBRUARY 16, 2021

2021 Research Highlights Growing Security Vulnerabilities Around Targeted Social Engineering, Ransomware and Malware Attacks. To download the full study, see the Zscaler 2021 VPN Risk Report. For the last three decades, VPNs have been deployed to provide remote users with access to resources on corporate networks. Zscaler, Inc.

VPN 125

VPN Risk Digital transformation Social Engineering 125

eSecurity Planet

JANUARY 11, 2024

These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics. How does remote encryption work?

Ransomware 112

Ransomware Encryption IoT VPN 112

The Hacker News

JUNE 7, 2021

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed.

VPN 107

VPN Passwords Accountability Ransomware 107

Security Affairs

JANUARY 24, 2024

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. The company said that the ransomware attack took place on Friday night and impacted only one data center in Sweden. The company later confirmed the news of an Akira ransomware attack.

Ransomware 107

Ransomware VPN Government Retail 107

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. ” continues the EUROPOL. Europol said.

VPN 81

VPN Cybercrime Ransomware Advertising 81

Security Affairs

AUGUST 10, 2022

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. yanluowang ransomware has posted #Cisco to its leaksite.

Ransomware 125

Ransomware Hacking VPN Phishing 125

Heimadal Security

SEPTEMBER 9, 2021

The threat actor says that the exploited Fortinet vulnerability has been patched but, many VPN credentials remain valid. This could be considered a serious incident as the leaked VPN credentials could allow malicious actors to access a network and perform data exfiltration, install malware, and launch ransomware attacks.

VPN 84

VPN Passwords Ransomware Malware 84

SecureWorld News

JANUARY 20, 2022

SecureWorld News has reported on multiple success stories when it comes to law enforcement fighting back against ransomware. It also provided double VPN and had servers in multiple countries, making it almost impossible for law enforcement to detect. Joint operation takes down VPNLab.net. What made VPNLab.net popular?

VPN 90

VPN Ransomware Cybercrime Data breaches 90

Javvad Malik

NOVEMBER 1, 2021

Drop them into a large enterprise that’s been crippled by ransomware, and they’ll get it up and running in an hour using some open source software, a few lines of code and one Raspberry Pi. I heard you should use a VPN when online, can you recommend one?”. “I I heard you should use a VPN when online, can you recommend one?”. “Ha!

VPN 133

VPN Wireless Marketing Accountability 133

CyberSecurity Insiders

APRIL 9, 2021

European Enterprises mainly involved in manufacturing are being targeted by a new strain of Ransomware dubbed as Cring and confirmed sources say that the malware is being spread by exploitation of Fortinet VPN Vulnerability.

Ransomware 140

Ransomware VPN Manufacturing Backups 140

Malwarebytes

MARCH 29, 2021

In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN. But obscuring your Internet activity—including the websites you visit, the searches you make, the files you download—doesn’t mean that a VPN magically disappears those things. Source: ComputerWeekly).

VPN 80

VPN Internet Internet Manufacturing 80

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Experts also spotted a tainted version of the Psiphon tool, an open-source VPN software used to evade internet censorship. SecurityAffairs – hacking, ransomware).

VPN 123

VPN Internet Internet Software 123

Malwarebytes

OCTOBER 11, 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

Ransomware 121

Ransomware Social Engineering Backups Engineering 121