2014, Authentication and Firewall - Cyber Security Informer

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

In any perimeter defense a key component is firewalls—the proverbial guard towers in your fortifications. In this Threat Trends release, we’ll be looking at Cisco Secure Firewall. The goal is to highlight the common threats that organizations encounter and block with Secure Firewall. Secure Firewall version 7.0

Firewall

Firewall Authentication DNS Accountability

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.

Firewall

Firewall Passwords Accountability Advertising

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Advertising

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. Retail giant Home Depot has agreed to a $17.5 ” . .

Retail

Retail Data breaches Penetration Testing Information Security

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Ransomware Passwords VPN

Authentication and the Have I Been Pwned API

Troy Hunt

JULY 18, 2019

I highlighted 3 really important attributes at the time of launch: There is no authentication. Combating Abuse with Firewall Rules Firewall rules on Cloudflare are amazingly awesome. In the end, the path forward was clear - the API would need to be authenticated. There is no rate limiting. There is no cost.

Authentication

Authentication Firewall Data breaches Mobile

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10.

Firewall

Firewall Authentication VPN Advertising

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 1, 2022

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The CVE-2022-1040 is an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall

Firewall Authentication Hacking Cybersecurity

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. ” continues the report.

Firewall

Firewall VPN Firmware Internet

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” While the user’s shell is limited to running the /opt/phoenix/ phscripts /bin/ tunnelshell script, SSH authentication still succeeds.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Advertising Firmware Firewall

FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life

Security Affairs

AUGUST 6, 2020

Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.” After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year,” the FBI said. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Cyber Attacks

Cyber Attacks Healthcare Firewall Advertising

Palo Alto Networks addresses another high severity issue in PAN-OS devices

Security Affairs

JULY 9, 2020

Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability , tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. x base score of 10. .

Firewall

Firewall Advertising Authentication Hacking

Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Security Affairs

SEPTEMBER 10, 2020

Palo Alto Networks addressed critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Palo Alto Networks has released security updates to patch critical and high-severity denial-of-service (DoS) and arbitrary code execution vulnerabilities in its PAN-OS firewall software.

Firewall

Firewall Authentication Advertising Software

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

. “A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. “This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”

VPN

VPN Firewall Advertising Internet

Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code

Security Affairs

JULY 15, 2019

A critical vulnerability affecting the Ad Inserter WordPress plugin could be exploited by authenticated attackers to remotely execute PHP code. Security researchers at Wordfence discovered a critical vulnerability in the Inserter WordPress plugin that could be exploited by authenticated attackers to remotely execute PHP code.

Authentication

Authentication Firewall Advertising Information Security

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

This vulnerability is pre-authentication and requires no user interaction. “Simply disabling UDP Transport, or firewalling the UDP port (usually port 3391) is sufficient to prevent exploitation,” explained the popular researcher Marcus Hutchins. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Firewall Education Engineering

Imperva data Breach: WAF customers’ data exposed

Security Affairs

AUGUST 27, 2019

Security firm Imperva revealed it has suffered a data breach that affecting some customers of its Cloud Web Application Firewall (WAF) product. Cybersecurity firm Imperva disclosed a data breach that has exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Data breaches

Data breaches Firewall Passwords Advertising

Juniper fixes tens of flaws affecting the Junos OS

Security Affairs

OCTOBER 16, 2020

The vendor has published 40 security advisories related to security vulnerabilities in the Junos OS operating system that runs on Juniper’s firewalls and other third-party components. “If SAML authentication is not enabled, the product is not affected. . “If SAML authentication is not enabled, the product is not affected.

Authentication

Authentication Advertising Firewall Hacking

Large-scale campaign targets configuration files from WordPress sites

Security Affairs

JUNE 4, 2020

“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the analysis.

Advertising

Advertising Firewall Accountability Authentication

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

The Agency confirmed that an authenticated attacker with access to the solution via a general license could exploit the flaws to trigger a DoS condition or to achieve arbitrary information disclosure and data manipulation. Locate control system networks and remote devices behind firewalls, and isolate them from the business network.

Advertising

Advertising Authentication VPN Firewall

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and the threat can also be mitigated by blocking TCP port 3389. Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication.

Penetration Testing

Penetration Testing Firewall Authentication Advertising

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Use an additional layer of authentication ( MFA/2FA ). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Internet Internet Advertising

SAML: Still Going Strong After Two Decades

eSecurity Planet

MARCH 26, 2022

These communications on the backend of username and password login processes ensure users get authenticated by the overarching identity manager and authorized to use the given web service(s). Context: Authentication vs. Authorization. Despite the recent prevalence of OAuth and OIDC for authentication and authorization, SAML 2.0

Authentication

Authentication Mobile Accountability Firewall

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. The malware act as an attack vector used to load the tainted firmware onto a peripheral device that is not able to validate its origin and authenticity. ” reads the analysis published by the experts.

Firmware

Firmware Hacking Authentication Advertising

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

Security Affairs

SEPTEMBER 25, 2020

Two vulnerabilities can allow authenticated attackers with local access to the target devices to execute arbitrary code. One vulnerability can be exploited by an authenticated attacker to access some parts of the user interface they normally should not be able to access. Pierluigi Paganini. SecurityAffairs – hacking, DoS).

Software

Software DNS Wireless Advertising

API Security and Hackers: What?s the Need?

Security Affairs

MAY 30, 2020

Authentication. To increase the complexity of hacking your device, always get to know who is calling your APIs, by using a simple access authentication (user/password) or an API key (asymmetric key). The authorization and/or authentication of your APIs should be delegated. API Firewalling. Encryption. Just be cryptic.

Authentication

Authentication Firewall Encryption Passwords

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

Security Affairs

MAY 18, 2020

“During a routine research audit for our Sucuri Firewall , we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.” Once the attacker has authenticated as an admin, it could add a new admin account to take over the site. Pierluigi Paganini.

Advertising

Advertising Authentication Firewall Hacking

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

DECEMBER 8, 2020

Locking down web gateways and erecting a robust firewall were considered the be-all and end-all. SD-WAN arose in 2014 as a way to use software to manage traffic moving across large networks, especially to-and-from geographically dispersed branches. Incapsula was acquired by web application firewall vendor Imperva.

Firewall

Firewall Digital transformation Internet Internet

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

Security Affairs

MARCH 31, 2020

Firewall rule released for Wordfence Premium users. April 23, 2020 – Firewall rule becomes available to Wordfence free users. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firewall

Firewall Advertising Engineering Authentication

Cisco addresses flaws in its products, including Small Business routers and Webex

Security Affairs

JANUARY 24, 2019

The vulnerability could be exploited by a remote, authenticated attacker to cause a DoS condition and in some conditions to execute arbitrary code with root privileges. In most cases, exploitation requires the attacker to authenticate to the targeted system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Small Business

Small Business IoT Authentication Engineering

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

no authentication and clear-text communication Incorrect HTTP requests cause out of range access in Zope XSS on the web interface Private SSH key Backdoor APIs Backdoor management access and RCE Pre-auth RCE with chrooted access. Also, there is no firewall by default.” log escape sequence injection xmppCnrSender.py

Accountability

Accountability Advertising Software Passwords

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

In order to discover potential targets and locate the information it needs to authenticate against, the script passively collects data from /.ssh/config,bash_history, Experts also recommend to access admin endpoints only through firewall or VPN gateway. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

MARCH 21, 2019

The experts demonstrated that an attacker could exploit the issue by setting up an HTTP Server with NTLM authentication, then use an XXE/SSRF vulnerability to force a NTLM authentication from the victim. When authenticating with NTLMv1, attacker can directly relay the Net-NTLM Hash to the victim’s SMB service.

Authentication

Authentication Advertising Engineering Firewall

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Keep operating system patches up-to-date.

Malware

Malware Passwords Advertising Antivirus

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, HP).

Hacking

Hacking Accountability Passwords Advertising

PoC exploit code for Apache Solr RCE flaw is available online

Security Affairs

NOVEMBER 25, 2019

sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. are affected by the flaw.

Advertising

Advertising Firewall Engineering Authentication

Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild

Security Affairs

APRIL 12, 2019

According to security experts at WordFence, the vulnerability in Yuzo plugin stems from missing authentication checks in the plugin routines used to store settings in the database. “The vulnerability in Yuzo Related Posts stems from missing authentication checks in the plugin routines responsible for storing settings in the database.”

Scams

Scams Advertising Authentication Firewall

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

If these services are required, use strong passwords or Active Directory authentication. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Keep operating system patches up-to-date.

Malware

Malware Government Passwords Advertising

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

Unlike other printer management protocols, the IPP protocol supports multiple security features, including authentication and encryption, but evidently organizations don’t use them. “Obviously, these counts only represent devices that are not firewalled and allow direct querying over the IPv4 Internet.”

Internet

Internet Internet Firmware Advertising

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Set up a Web Application Firewall to block suspicious and malicious requests from reaching the website. Require strong administrative passwords(use a password manager for best results) and enable two-factor authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

eCommerce

eCommerce Malware Encryption Advertising

The strengths and weaknesses of different VPN protocols

Security Affairs

APRIL 26, 2019

The protocol relies on encryption, authentication and peer-to-peer protocol (PPP) negotiation. Does not support Perfect Forward Secrecy One of the least secure protocols Firewalls can block PPTP. Firewalls can easily block it because it only communicates over UDP. Slower than OpenVPN due to double encapsulation.

VPN

VPN Encryption Firewall Internet

Zyxel addresses Zero-Day vulnerability in NAS devices

Security Affairs

FEBRUARY 25, 2020

. “Multiple ZyXEL network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.” “ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. and earlier.

Authentication

Authentication Advertising Firmware Internet

Threat Trends: Firewall

Hackers exploit SQL injection zero-day issue in Sophos firewall

Trending Sources

Cisco fixes 5 critical flaws that could allow router firewall takeover

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Authentication and the Have I Been Pwned API

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Sophos fixed a critical vulnerability in Cyberoam firewalls

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

Palo Alto Networks addresses tens of serious issues in PAN-OS

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

FBI is warning of cyber attacks against Windows 7 systems that reached end-of-life

Palo Alto Networks addresses another high severity issue in PAN-OS devices

Palo Alto Networks fixes severe Code Execution and DoS flaws in PAN-OS

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Imperva data Breach: WAF customers’ data exposed

Juniper fixes tens of flaws affecting the Junos OS

Large-scale campaign targets configuration files from WordPress sites

Flaws in leading industrial remote access systems allow disruption of operations

NSA urges Windows Users and admins to Patch BlueKeep flaw

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

SAML: Still Going Strong After Two Decades

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Cisco fixes 34 High-Severity flaws in IOS and IOS XE software

API Security and Hackers: What?s the Need?

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

Cisco addresses flaws in its products, including Small Business routers and Webex

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Experts found a critical vulnerability in the NSA Ghidra tool

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

HP Device Manager flaws expose Windows systems to hack

PoC exploit code for Apache Solr RCE flaw is available online

Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild

US govt agencies share details of the China-linked espionage malware Taidoor

A daily average of 80,000 printers exposed online via IPP

Visa warns of new sophisticated credit card skimmer dubbed Baka

The strengths and weaknesses of different VPN protocols

Zyxel addresses Zero-Day vulnerability in NAS devices

Stay Connected