2014, Information Security and VPN - Cyber Security Informer

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai.

VPN

VPN Government Advertising Firmware

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Advertising Telecommunications Hacking

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN

VPN Advertising Healthcare Data breaches

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN

VPN Advertising Accountability Healthcare

7 VPN services left data of millions of users exposed online

Security Affairs

JULY 21, 2020

vpnMentor experts reported that seven Virtual Private Network (VPN) recently left 1.2 Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see. . The server was secured on July 15 th.

VPN

VPN Advertising Passwords Internet

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN InfoSec Advertising Cybersecurity

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Security Affairs

JANUARY 17, 2020

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. Pierluigi Paganini.

VPN

VPN Firewall Advertising Media

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security Affairs

SEPTEMBER 23, 2019

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. “There is an unquoted search path vulnerability in Forcepoint VPN Client for Windows versions lower than 6.6.1.” Pierluigi Paganini.

VPN

VPN Advertising Hacking Malware

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

VPN

VPN Encryption Advertising Authentication

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. ” reads the post published by Microsoft. Pierluigi Paganini.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Security Affairs

OCTOBER 22, 2019

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. . Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. .

VPN

VPN Hacking Advertising Passwords

Dozens of unsecured databases wiped by mysterious Meow attack

Security Affairs

JULY 22, 2020

Immediately after the first attacks, security experts started searching for vulnerable databases exposed online. One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN , hackers targeted its Elasticsearch database. Recently vpnMentor experts reported that seven Virtual Private Network (VPN) left 1.2

VPN

VPN Advertising Hacking Information Security

VPNpro research: this Chinese-linked company secretly owns 10 VPNs with 86 million installs

Security Affairs

MAY 30, 2019

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. The study also revealed that two of those VPN products are under its other developer name, Lemon Clove, and another two by Autumn Breeze 2018. Innovative Connecting VPNs products.

VPN

VPN Small Business Advertising Mobile

REVil ransomware infected 18,000 computers at Telecom Argentina

Security Affairs

JULY 20, 2020

Immediately after the attack was detected by the internal IT staff, the company warned its employees of not connecting its internal VPN network and avoiding opening emails with suspicious archive attachments. In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.

Ransomware

Ransomware VPN Advertising Internet

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

Experts found new variants of Agent Tesla Trojan that include modules to steal credentials from popular web browsers, VPN software, as well as FTP and email clients. “Agent Tesla is now able to harvest configuration data and credentials from a number of common VPN clients, FTP and Email clients, and Web Browsers.

Passwords

Passwords Spyware VPN Malware

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

Experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. BadPackets reported that SeaChange had a Pulse Secure VPN server ( [link] ) vulnerable to CVE-2019-11510 from April 24, 2019 until March 24, 2020. Pierluigi Paganini.

Software

Software Ransomware VPN Advertising

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times. Pierluigi Paganini.

Social Engineering

Social Engineering VPN Phishing Authentication

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking VPN Advertising Government

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs

MAY 8, 2020

As a result, all RUB members, for example, have no access to the Outlook mail program and the VPN tunnel, which is necessary to access folders from the home office. e-mail, VPN tunnel, “Serviceportal”). ^sk Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks VPN Advertising Hacking

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco released security updates to address other 22 high and medium severity security vulnerabilities impacting several routers, WebEx, Cisco SD-WAN Solution Software versions and other software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Cisco).

Firewall

Firewall Small Business Wireless Advertising

Elexon, a middleman in the UK power grid network hit by cyber-attack

Security Affairs

MAY 17, 2020

Experts from security firm Bad Packets reported that Elexon had been running an outdated version of Pulse Secure VPN server, if confirmed threat actors could have exploited it to access the internal network. NSA also warned of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws.

Cyber Attacks

Cyber Attacks VPN Advertising Cyber threats

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government VPN Telecommunications Advertising

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Use two-factor authentication with strong passwords.

Ransomware

Ransomware VPN Advertising Marketing

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

Kaspersky recommends organizations to adopt the following security measures: At the very least, use strong passwords. Make RDP available only through a corporate VPN. Use a reliable security solution. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Use Network Level Authentication (NLA).

Passwords

Passwords Advertising Authentication VPN

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 3 (@pancak3lullz) October 15, 2020.

Ransomware

Ransomware Malware Advertising Cybercrime

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Since early February, the Russian government has blocked other encrypted email and VPN services in Russia, including ProtonMail and ProtonVPN VPN service. The Russian government asks all Internet service providers and VPN providers operating in the country to provide information about their users. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

US CISA report shares details on web shells used by Iranian hackers

Security Affairs

SEPTEMBER 16, 2020

The Iranian hackers belong to an Iran-based threat actor that was behind attacks exploiting vulnerabilities in Pulse Secure VPN, Citrix Application Delivery Controller (ADC) and Gateway , and F5’s BIG-IP ADC products. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

VPN

VPN Passwords Advertising Password Management

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks also addressed serious cross-site scripting (XSS) vulnerability in the GlobalProtect Clientless VPN can be exploited to compromise a user’s session by tricking the victims into visiting a malicious website. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firewall

Firewall Authentication Advertising VPN

Security Affairs - Untitled Article

Security Affairs

JULY 22, 2019

GlobalProtect products allow organizations to set up a virtual private network (VPN) access, they also implement other security and management features. “ n this article, we would like to talk about the vulnerability on Palo Alto SSL VPN. Palo Alto calls their SSL VPN product line as GlobalProtect.

VPN

VPN Advertising Authentication Information Security

Chilean bank BancoEstado hit by REVil ransomware

Security Affairs

SEPTEMBER 7, 2020

The REvil ransomware gang is one of the most active groups, in the past, the operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. and Elexon electrical middleman. Pierluigi Paganini.

Banking

Banking Ransomware Advertising VPN

Dragos Report: Analysis of ICS flaws disclosed in 2019

Security Affairs

FEBRUARY 20, 2020

data historians, OPC servers, cross-domain web applications, and VPN services), their exploitation could potentially allow attackers to move from the IT to the OT networks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising VPN Engineering Hacking

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. If you have not updated the firmware yet, disable remote access (admin) and SSL VPN. Vigor300B < v1.5.1 Vigor3900 < v1.5.1

Firmware

Firmware VPN Accountability Advertising

UK Fintech company Finastra hit by a cyber attack

Security Affairs

MARCH 21, 2020

.” Experts from cyber-security firm Bad Packets speculate attackers might have exploited the CVE-2019-11510 vulnerability to compromise unpatched Pulse Secure VPN servers at the Fintech firm. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Travelex deja vu? Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Advertising Data breaches Ransomware

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

VPN

VPN Advertising Surveillance Ransomware

CISA says federal agency compromised by malicious cyber actor

Security Affairs

SEPTEMBER 25, 2020

The threat actors initially leveraged compromised credentials for Microsoft Office 365 (O365) accounts, domain administrator accounts, and credentials for the agency’s Pulse Secure VPN server. 166 and then browsed pages on a SharePoint site and downloaded a file (Data from Information Repositories: SharePoint [ T1213.002 ]).

VPN

VPN Malware Cyber threats Accountability

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

. “In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies,” Palo Alto Networks explains.

Firewall

Firewall Authentication VPN Advertising

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. One of these files is, ‘file1.exe,’

Ransomware

Ransomware Advertising Cryptocurrency Passwords

SeaChange video delivery provider discloses REVIL ransomware attack

Security Affairs

SEPTEMBER 10, 2020

.” The company did not disclose details of the attack, at the time the experts from BadPackets pointed out that attackers might have exploited the Pulse Secure VPN CVE-2019-11510 to compromise the company. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. and Elexon electrical middleman.

Ransomware

Ransomware VPN Banking Advertising

15 billion credentials available in the cybercrime marketplaces

Security Affairs

JULY 9, 2020

The cost for antivirus accounts is just over $20, while other types of accounts (cable, social media, VPN, streaming, adult, music, file sharing, and video game accounts) typically go for less than $10. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cybercrime

Cybercrime Antivirus Marketing Accountability

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from your devices or machines.

VPN

VPN Cryptocurrency Malware Software

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Webinars

Trending Sources

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Webinars

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

7 VPN services left data of millions of users exposed online

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Dozens of unsecured databases wiped by mysterious Meow attack

VPNpro research: this Chinese-linked company secretly owns 10 VPNs with 86 million installs

REVil ransomware infected 18,000 computers at Telecom Argentina

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Cisco fixes 5 critical flaws that could allow router firewall takeover

Elexon, a middleman in the UK power grid network hit by cyber-attack

The Russian Government blocked ProtonMail and ProtonVPN

Netwalker ransomware operators claim to have stolen data from Forsee Power

RDP brute-force attacks rocketed since beginning of COVID-19

REvil Ransomware member win the auction for KPot stealer source code

Russian govn blocked Tutanota service in Russia to stop encrypted communication

US CISA report shares details on web shells used by Iranian hackers

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs - Untitled Article

Chilean bank BancoEstado hit by REVil ransomware

Dragos Report: Analysis of ICS flaws disclosed in 2019

Hackers target zero-day flaws in enterprise Draytek network devices

UK Fintech company Finastra hit by a cyber attack

Security Affairs newsletter Round 286

CISA says federal agency compromised by malicious cyber actor

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

SeaChange video delivery provider discloses REVIL ransomware attack

15 billion credentials available in the cybercrime marketplaces

Law enforcement operation dismantled 911 S5 botnet

Stay Connected