article thumbnail

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

The problem: Researchers at cybersecurity company Truesec uncovered data that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Enabling logging.

VPN 66
article thumbnail

Blister malware using code signing certificates to evade anti malware detection

CyberSecurity Insiders

As some hackers have developed a malware that uses code signing certificates to avoid detection by security defenses and has the tendency to download payloads onto a compromised system. And the certification is linked to a Russian company titled Blist LLC that delivers payloads such as Cobalt Strike and BitRAT on demand.

Malware 124
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

February 8, 2024 FortiOS Sees Critical Vulnerability in SSL VPN Functionality Type of vulnerability: Arbitrary code execution by an unauthenticated user. The problem: Fortinet disclosed a vulnerability in its SSL VPN feature within FortiOS, the operating system that manages its next-generation firewall products. Connect Secure 9.1R17.3

VPN 85
article thumbnail

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

Basic VPN and IPS focus on the connections between internal resources and external threats, which ignores network devices or trusted VPN connections. NGFWs can decrypt and inspect VPN traffic to monitor file exfiltration as well as detect increased and anomalous traffic.

article thumbnail

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication. MFA should be enabled for all VPN users.

VPN 81
article thumbnail

What Is Secure Remote Access?

eSecurity Planet

Note that not all of these venues are inherently or perfectly secure — they have vulnerabilities and require additional protective measures. Even VPN, while marketed as a security tool, has weaknesses of its own. Why Is Securing Access for Remote Workers So Important? Read more about the different types of remote access.

VPN 78
article thumbnail

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools. Sophos researchers first flagged this in May, and another researcher later noted that multiple other Cisco VPN instances had been compromised.

VPN 73