2014, Firewall and VPN - Cyber Security Informer

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

Firewall

Firewall Ransomware Passwords VPN

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall

Firewall Small Business Wireless Advertising

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password.

Firewall

Firewall VPN Passwords Internet

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . Pierluigi Paganini.

Firewall

Firewall Authentication VPN Advertising

The strengths and weaknesses of different VPN protocols

Security Affairs

APRIL 26, 2019

One in four internet users use a VPN regularly, but how much does the average user know about what goes on behind the software? Pulling back the curtain, a VPN runs on various VPN protocols that govern the way a VPN client communicates with a VPN server. However, the speed comes at the cost of encryption.

VPN

VPN Encryption Firewall Internet

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN

VPN Firewall Advertising Media

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

The NVD’s advisory credits VPN reviewer Wizcase.com with reporting the bug to Western Digital three years ago, back in June 2018. “These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. ” A local administration page for the MyBook Live Duo.

Internet

Internet Internet Backups Small Business

Cisco addressed CVE-2019-1663 RCE flaw in wireless routers

Security Affairs

MARCH 1, 2019

“A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.” Pierluigi Paganini.

Wireless

Wireless VPN Firewall Advertising

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls.

Firewall

Firewall Authentication Advertising VPN

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft. Pierluigi Paganini.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs

Security Affairs

AUGUST 23, 2019

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure.

VPN

VPN Advertising Firewall Hacking

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

The Iranian hackers belong to an Iran-based threat actor that was behind attacks exploiting vulnerabilities in Pulse Secure VPN, Citrix Application Delivery Controller (ADC) and Gateway , and F5’s BIG-IP ADC products. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

VPN

VPN Passwords Advertising Password Management

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

. “By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.”

VPN

VPN Malware Cyber threats Accountability

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts also recommend to access admin endpoints only through firewall or VPN gateway. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.

Advertising

Advertising Authentication VPN Firewall

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” continues the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

Install a virtual private network ( VPN ) gateway to broker all RDP connections from outside your local network. At the perimeter firewall, disallow external connections to local machines on port 3389 (TCP/UDP) or any other RDP port. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Internet Internet Advertising

GandCrab ransomware campaign targets Italy using steganography

Security Affairs

FEBRUARY 9, 2019

” This technique makes the threat hard to be detected by firewall and other defence systems. Experts were able to download the samples from the address in the de-obfuscated Powershell, including from an Italy-based VPN, and discovered several samples of the Gandcrab ransomware. ” continues the expert.

Ransomware

Ransomware Advertising Malware VPN

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. Also, there is no firewall by default.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Accountability

Accountability Advertising Software Passwords

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

VPN or Virtual Private Network is the most secure way of connecting with the online world. VPN also provides an encrypted tunnel for all your online activities and closes all doors for spies and cybercriminals. VPN also provides an encrypted tunnel for all your online activities and closes all doors for spies and cybercriminals.

Hacking

Hacking VPN Internet Internet

Imperva explains how hackers stole AWS API Key and accessed to customer data

Security Affairs

OCTOBER 14, 2019

Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula.

Firewall

Firewall Passwords Accountability Data breaches

WECON PI Studio HMI software affected by code execution flaws

Security Affairs

OCTOBER 8, 2018

Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.

Software

Software Manufacturing Advertising VPN

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Hacking Firmware Wireless

DanaBot banking Trojan evolves and now targets European countries

Security Affairs

SEPTEMBER 22, 2018

Stealer plug-in – harvests passwords from a wide variety of applications (browsers, FTP clients, VPN clients, chat and email programs, poker programs etc.). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. onion web sites.

Banking

Banking Advertising VPN Architecture

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

Security Affairs

SEPTEMBER 6, 2018

The second flaw addressed by Cisco is the CVE-2018-0423 , a buffer overflow vulnerability that resides in the web-based management interface of several firewalls and routers belonging to the RV series. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the security advisory. Pierluigi Paganini.

Wireless

Wireless VPN Firewall Authentication

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

Security Affairs

APRIL 25, 2019

Locate control system networks and devices behind firewalls and isolate them from the business network. When remote access is required, use secure methods such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Pierluigi Paganini.

Firmware

Firmware Social Engineering Advertising Malware

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs

MAY 11, 2020

The firewall should also be enabled on all devices in the loop. Ideally, the organization gives its own devices and VPN protected Wi-Fi to its employees. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Protected Devices.

Encryption

Encryption Data breaches Advertising Passwords

Security Affairs newsletter Round 235

Security Affairs

OCTOBER 13, 2019

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities. Multiple APT groups are exploiting VPN vulnerabilities, NSA warns. Sophos fixed a critical vulnerability in Cyberoam firewalls. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

VPN

VPN Data breaches Advertising Spyware

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

It sells a range of Internet appliances primarily directed at content control and network security, including devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), and anti-spam for email. SSL-VPN 200/2000/400 (EOL 2013/2014) disconnect immediately and reset passwords.

Ransomware

Ransomware Firmware VPN Passwords

The Bug Report – November Edition

McAfee

DECEMBER 1, 2021

PAN GlobalProtect VPN: CVE-2021-3064 . Palo Alto Networks (PAN) firewalls that use its GlobalProtect Portal VPN running PAN-OS versions older than 8.1.17 Randori initially reported over 70,000 internet-accessible PAN firewalls running vulnerable versions of PAN-OS according to Shodan , which it later amended to 10,000.

DNS

DNS Firewall VPN Internet

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

The affiliates used to deliver the threat via brute-forcing attacks on RDP servers or exploiting known vulnerabilities in VPN servers and firewalls. Two of the most common vulnerabilities exploited by actors using Netwalker are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).” continues the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Using Public Wi-Fi? Your data can be hacked easily! Here’s How…

Security Affairs

MAY 29, 2019

Opt for VPN. VPN is the safest mode of surfing the internet and provides the best cybersecurity. VPN also provides an encrypted tunnel for all your online transactions and encode them in a way that nobody can access any piece of information during the transaction from one end to another. Pierluigi Paganini.

Hacking

Hacking VPN Passwords Internet

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.

Backups

Backups Authentication Advertising Firmware

DHS and FBI published a joint alert on SamSam Ransomware

Security Affairs

DECEMBER 6, 2018

Place any system with an open RDP port behind a firewall and require users to use a virtual private network (VPN) to access that system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Passwords Authentication

4-year old Misfortune Cookie vulnerability threatens Capsule Technologies medical gateway device

Security Affairs

AUGUST 30, 2018

. “CyberMDX discovered a previously undocumented vulnerability in the device, noting that Qualcomm Life’s Capsule Datacaptor Terminal Server (a medical device gateway) is exposed to the “misfortune cookie” CVE-2014-9222. Also recognize that VPN is only as secure as the connected devices. ” continues the report.

Technology

Technology Advertising VPN Manufacturing

Ivanti Policy Secure: NAC Product Review

eSecurity Planet

APRIL 14, 2023

However, with three rebrandings since 2014, many potential customers may not recognize the product as a long-tenured competitor in the NAC market. As a spinoff of the network infrastructure leader, Juniper Networks, Ivanti’s Policy Secure provides effective network access control built on a foundation of deep understanding of networks.

IoT

IoT VPN Firewall Authentication

Comparing Antivirus Software 2025: Avast vs. AVG

eSecurity Planet

OCTOBER 29, 2024

per year for subsequent years Supported Operating Systems Windows, MacOS, and Android Windows, MacOS, and Android Maximum Number of Devices Supported 10 10 Firewall Yes Yes Malware Detection Rates** 100% 100% *While Avast and AVG both have free versions, those are not being considered for this review. per year for the first year; $99.99

Antivirus

Antivirus Software Engineering Firewall

The War in Technology: A Digital Iron Curtain Goes Up

SecureWorld News

MARCH 10, 2022

It's probably best to think of it as a second Great Firewall—which severely limits what content goes in and out of Russia—rather than a "Runet" as some have called it. Of course, people in Russia who can convince the Internet they aren't in Russia can still access these services through use of a VPN—a virtual private network.

Technology

Technology Internet Internet Telecommunications

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

PagerDuty Operations performance 2014 NYSE: PD Auth0 Identity management 2014 Acquired: Okta. Read more : Best Next-Generation Firewall (NGFW) Vendors. Also read : Addressing Remote Desktop Attacks and Security. Evolution Equity Partners. Insight Investments. Mimecast Email security 2012 Nasdaq: MIME. Kleiner Perkins.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Administrators can follow the Container Journal’s advice by configuring their API servers to allow cluster API access only via the internal network or a corporate VPN. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Internet Internet VPN

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

million unfilled cybersecurity positions globally by 2021 – up from 1 million in 2014. It’s all part of a national trend – accentuated in Maryland because of its cybersecurity infrastructure. According to Cybersecurity Ventures, there will be 3.5 The current number of U.S.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

How to defend your website against card skimmers

Malwarebytes

NOVEMBER 22, 2021

If your company uses a Virtual Private Network (VPN) to provide secure, remote access to company systems, you could limit access to your website login screen to company VPN users too. In 2014, Drupal, a very popular CMS, released an update for a serious security flaw. Use a Web Application Firewall (WAF).

Passwords

Passwords Software Internet Internet

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Trending Sources

Cisco fixes 5 critical flaws that could allow router firewall takeover

Sophos fixed a critical vulnerability in Cyberoam firewalls

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

The strengths and weaknesses of different VPN protocols

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

MyBook Users Urged to Unplug Devices from Internet

Cisco addressed CVE-2019-1663 RCE flaw in wireless routers

Palo Alto Networks addresses tens of serious issues in PAN-OS

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs

US CISA report shares details on web shells used by Iranian hackers

CISA says federal agency compromised by malicious cyber actor

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Flaws in leading industrial remote access systems allow disruption of operations

NetWalker ransomware operators have made $25 million since March 2020

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

GandCrab ransomware campaign targets Italy using steganography

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

5 Ways to Protect Yourself from IP Address Hacking

Imperva explains how hackers stole AWS API Key and accessed to customer data

WECON PI Studio HMI software affected by code execution flaws

Some Zyxel devices can be hacked via DNS requests

DanaBot banking Trojan evolves and now targets European countries

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

A flaw in Rockwell Controller allows attackers to redirect users to malicious Sites

GDPR Data Security Checklist in the Age of COVID-19 and the Remote Workforce

Security Affairs newsletter Round 235

SonicWall warns users of “imminent ransomware campaign”

The Bug Report – November Edition

NetWalker ransomware operators have made $25 million since March 2020

Using Public Wi-Fi? Your data can be hacked easily! Here’s How…

CISA warns of critical flaws in Prima FlexAir access control system

DHS and FBI published a joint alert on SamSam Ransomware

4-year old Misfortune Cookie vulnerability threatens Capsule Technologies medical gateway device

Ivanti Policy Secure: NAC Product Review

Comparing Antivirus Software 2025: Avast vs. AVG

The War in Technology: A Digital Iron Curtain Goes Up

Top VC Firms in Cybersecurity of 2022

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

How to defend your website against card skimmers

Stay Connected