article thumbnail

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

The problem: Researchers at cybersecurity company Truesec uncovered data that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Enabling logging.

VPN 113
article thumbnail

Blister malware using code signing certificates to evade anti malware detection

CyberSecurity Insiders

As some hackers have developed a malware that uses code signing certificates to avoid detection by security defenses and has the tendency to download payloads onto a compromised system. And the certification is linked to a Russian company titled Blist LLC that delivers payloads such as Cobalt Strike and BitRAT on demand.

Malware 124
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Vulnerability Recap 6/3/24 – Check Point, Okta & Fortinet Issues

eSecurity Planet

May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. The problem: Recently discovered zero-day CVE-2024-24919 affects Check Point virtual private network (VPN) products.

VPN 109
article thumbnail

VulnRecap 2/12/24: Ivanti, JetBrains, Fortinet, Linux Issues

eSecurity Planet

February 8, 2024 FortiOS Sees Critical Vulnerability in SSL VPN Functionality Type of vulnerability: Arbitrary code execution by an unauthenticated user. The problem: Fortinet disclosed a vulnerability in its SSL VPN feature within FortiOS, the operating system that manages its next-generation firewall products. Connect Secure 9.1R17.3

VPN 109
article thumbnail

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication. MFA should be enabled for all VPN users.

VPN 104
article thumbnail

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

Basic VPN and IPS focus on the connections between internal resources and external threats, which ignores network devices or trusted VPN connections. NGFWs can decrypt and inspect VPN traffic to monitor file exfiltration as well as detect increased and anomalous traffic.

article thumbnail

Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

eSecurity Planet

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Firewall 109