2018, Authentication and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. .”

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN

VPN Government Authentication Advertising

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Media

Hackers Leak 87,000 Fortinet VPN Passwords

eSecurity Planet

SEPTEMBER 9, 2021

The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords. to 5.4.12; if the SSL VPN service (web-mode or tunnel-mode) is enabled.

VPN

VPN Passwords Authentication Network Security

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Affected Products FortiOS 6.0 – 6.0.0

VPN

VPN Banking Passwords Malware

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

The goal is to convince the target to enter their credentials at a website set up by the attackers that mimics the organization’s corporate email or VPN portal. The phishers will usually claim that they’re calling from the employer’s IT department, supposedly to help troubleshoot some issue.

Hacking

Hacking Social Engineering Phishing Scams

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts.

VPN

VPN Encryption Advertising Authentication

Avast, NordVPN Breaches Tied to Phantom User Accounts

Krebs on Security

OCTOBER 21, 2019

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Accountability

Accountability VPN Software Antivirus

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Security Affairs

OCTOBER 22, 2019

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. . Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. .

VPN

VPN Hacking Advertising Passwords

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

agarwal_mohit) January 5, 2018. I think the URL is right but it seems inaccessible from other countries: [link] — Troy Hunt (@troyhunt) January 9, 2018. Blocking legitimate users is part of that problem, blocking users wanting to protect their traffic with a VPN is another: This has been there for the past year now.

Hacking

Hacking Government Encryption Risk

Unmasking North Korea's Covert IT Army. Before You Hire Them

SecureWorld News

NOVEMBER 12, 2024

Mandiant's research identifies a North Korean group, tracked as UNC5267, which has been executing this scheme since at least 2018. based credentials, conducting in-person or on-camera identity checks, and flagging suspicious behaviors, such as frequent VPN usage or reluctance to engage in video communication.

Government

Government VPN Education Cyber threats

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

27, 2018, Cisco’s Talos research division published a write-up outlining the contours of a sophisticated cyber espionage campaign it dubbed “ DNSpionage.” webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text. The first domain was “ ns0.idm.net.lb

DNS

DNS Internet Internet Government

Have I Been Pwned is Now Partnering With 1Password

Troy Hunt

MARCH 29, 2018

— Dan Blank (@danblank000) March 20, 2018. — Brian Ford (@BrianPFord) March 9, 2018. — Edward Deaver (@EdwardCDeaver) March 10, 2018. This is a product I was already endorsed in by my own free volition and from the perspective of my own authenticity, that was very important. Thanks for all your work!

Password Management

Password Management Passwords Data breaches Retail

Weak Cybersecurity? Here’s Something You Can Do About It

Adam Levin

NOVEMBER 15, 2019

News that Virtual Private Network ( VPN ) provider NordVPN was breached spread quickly. While the breach of a major VPN service is newsworthy, this one wasn’t particularly. But one of the watchwords of good cyber hygiene, a VPN, was breached. Who Is Using VPNs? The incident put NordVPN in the hot seat.

VPN

VPN Cybersecurity Firewall Data breaches

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices.

Firewall

Firewall Authentication Advertising VPN

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Trick or Treat: The Choice is Yours with Multifactor Authentication. Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. Fri, 10/29/2021 - 05:29.

Authentication

Authentication VPN Passwords Accountability

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. . With a VPN like Surfshark to encrypt your online traffic and keep it protected against any security breach, your valuable data isn’t going to get compromised easily anytime soon. Two-factor authentication . Firewalls .

Small Business

Small Business Cyber Attacks VPN Backups

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management.

VPN

VPN Software Authentication Encryption

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

One of the campaigns monitored by the experts and conducted by PHOSPHORUS APT group leveraged known vulnerabilities in Fortinet FortiOS SSL VPN and Microsoft Exchange Servers to deploy ransomware on vulnerable networks. . Microsoft added that password spray attacks on Office 365 accounts with multifactor authentication (MFA) enabled failed.

VPN

VPN Accountability Social Engineering Media

CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild

Security Boulevard

JANUARY 14, 2025

Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability 9.6 websocket module.

Authentication

Authentication VPN Firewall

Cisco addresses ten high-risk issues in NX-OS software

Security Affairs

AUGUST 28, 2020

The same devices are affected by a DoS flaw (CVE-2020-3397) in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation. Another DoS issue (CVE-2020-3398) in BGP MVPN affects Nexus 7000 series switches too. ” reads the advisory.

Software

Software Risk Advertising Authentication

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

Malwarebytes

APRIL 16, 2021

Enable robust logging of Internet-facing services and authentication functions. This targeting and exploitation encompasses US and allied networks, including national security and government related systems. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

VPN

VPN Internet Internet Accountability

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

On compromised ASA devices, attackers utilize the host-scan-reply field to deliver shellcode, bypassing the need for CVE-2018-0101 exploitation. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall

Firewall Government VPN Authentication

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

Security Affairs

SEPTEMBER 6, 2018

Three flaws are rated as critical, one of them is the recently discovered CVE-2018-11776 Apache Struts remote code execution vulnerability. The “critical” flaw CVE-2018-0435 affects Cisco Umbrella API, a remote authenticated attacker could leverage the vulnerability to read or modify data across multiple organizations.

Wireless

Wireless VPN Firewall Authentication

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

FEBRUARY 10, 2021

The only federal law that applies to the cybersecurity of water treatment facilities in the United States is America’s Water Infrastructure Act of 2018 , which requires water systems serving more than 3,300 people “to develop or update risk assessments and emergency response plans.” NO NEWS IS GOOD NEWS?

Hacking

Hacking Media Cybersecurity Ransomware

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Security Affairs

AUGUST 3, 2023

According to the advisory, threat actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure. The vulnerability was exploited by multiple threat actors [ 1 , 2 , 3 , 4 , 5 ], including Russia-linked APT groups that targeted critical infrastructure.

Authentication

Authentication VPN Hacking Internet

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

On compromised ASA devices, attackers utilize the host-scan-reply field to deliver shellcode, bypassing the need for CVE-2018-0101 exploitation. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

VPN

VPN Software Firewall Authentication

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. Enforce MFA on all VPN connections [ D3-MFA ].

Telecommunications

Telecommunications Authentication Passwords Accountability

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

The Zyxel Cloud CNM SecuManager is a comprehensive network management software that provides an integrated console to manage security gateways including the ZyWALL USG and VPN Series. and 3.1.1 – last updated in November 2018. log escape sequence injection xmppCnrSender.py log escape sequence injection xmppCnrSender.py

Accountability

Accountability Advertising Software Passwords

Rockwell Automation fixes multiple DoS flaws in Stratix Switch introduced by Cisco Software

Security Affairs

APRIL 7, 2019

Remote and local authentication attackers could exploit the flaws to trigger a DoS condition by sending specially crafted packets to vulnerable devices. while Cisco released security patches back in September 2018. The company recommends avoiding using any IPsec VPN connections as a temporary mitigation. 6)E2a, 15.2(6)E0a,

Software

Software Advertising VPN Authentication

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. Use multifactor authentication where possible. CISA and FBI have observed attacks carried out by APT actors that combined two the CVE-2018-13379 and CVE-2020-1472 flaws.

Government

Government Passwords Accountability Firmware

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May.

VPN

VPN Authentication Mobile Firewall

Colonial Pipeline Lawsuits Flowing Like Oil

SecureWorld News

JULY 27, 2021

Ensure that old VPN remote access systems are taken down when new ones are instituted.". Ensure that when it comes to a private company that holds an effective monopoly and a bottleneck over critical infrastructure with national security implications, that company does not use VPN remote access with lax security measures.".

Ransomware

Ransomware Authentication VPN Cybersecurity

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Malwarebytes

JUNE 3, 2022

A video of Kanye West from 2018 purportedly revealed that the rapper and producer’s iPhone passcode was 000000. Do use two-factor (also called multi-factor) authentication. Do use a VPN on public WiFi connections. Do use a VPN on public WiFi connections. To learn how to choose the best VPN for you, read our advice here.

Internet

Internet Internet Scams Passwords

5 Things Retailers Should Know About Cybersecurity

Duo's Security Blog

FEBRUARY 16, 2022

Retailers must comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates the use of multi-factor authentication (MFA) to help protect customers from data breaches. Examples of this include virtual private network (VPN), virtual desktop infrastructure (VDI), remote desktop (RDP), Secure Shell (SSH) etc.

Retail

Retail Cybersecurity Data breaches Passwords

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. OpenFire vulnerability persists Open-source chat server OpenFire has been affected by an authentication bypass vulnerability (CVE-2023-32315) since May.

VPN

VPN Authentication Mobile Firewall

How to Ensure Your Digital Security During the Rugby World Cup

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

At the 2018 Winter Olympic Games held in PyeongChang, for instance, cyber criminals leveraged a previously unknown family of malware called Olympic Destroyer to attack the Games’ servers just before the opening ceremony. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament.

IoT

IoT Internet Internet VPN

RSAC insights: ‘SASE’ disrupts networking by meshing security, connectivity at the services edge

The Last Watchdog

MAY 14, 2021

Early SD-WAN solutions “were built only to replace an MPLS-VPN with an Internet-based VPN,” Ahuja says. All of these tools became extremely necessary to ensure that you could authenticate the user before allowing them access to the right resources in the network,” Ahuja says.

Firewall

Firewall Mobile VPN Digital transformation

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

eSecurity Planet

APRIL 28, 2022

Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities. CVE-2018-13379. CVE-2018-0171. Also read: Best Patch Management Software & Tools. Web-Facing Systems at Risk. “U.S.,

Cybersecurity

Cybersecurity Software Firmware Internet

A Conversation on Zero Trust for the Modern World

Cisco Security

JUNE 30, 2021

Ash joined Cisco in 2018 via Cisco’s acquisition of Duo Security. Duo is the leading provider of multi-factor authentication (MFA) and zero trust for the workforce, combining security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools for the modern era.

Authentication

Authentication Technology Risk Passwords

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

Meaning, authentication bypasses weren’t enough. Both the vulnerabilities (dubbed CVE-2018-18472 and CVE-2018-18471) remain unpatched at the time of this publication. CVE-2018-18472 – XXE and Unauthenticated Remote Command Execution in Axentra Hipserv NAS firmware. . We were successful, in all the devices. Part One: XXE.

Firmware

Firmware IoT VPN Authentication

The evolution of ransomware in 2019: attackers think bigger, go deeper and grow more advanced

Security Affairs

MAY 27, 2020

Some operators used additional malware during their post-exploitation activities, which gave them more opportunities to obtain authentication data and even full control over Windows domains. . How it all began. Figure 1 – Heat map of ransomware operators’ TTPs based on MITRE’s ATT&CK matrix. Game-changer.

Ransomware

Ransomware Phishing Advertising Encryption

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Webinars

Trending Sources

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Webinars

Voice Phishers Targeting Corporate VPNs

Hackers Leak 87,000 Fortinet VPN Passwords

The global impact of the Fortinet 50.000 VPN leak posted online

When Low-Tech Hacks Cause High-Impact Breaches

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Avast, NordVPN Breaches Tied to Phantom User Accounts

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Unmasking North Korea's Covert IT Army. Before You Hire Them

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Have I Been Pwned is Now Partnering With 1Password

Weak Cybersecurity? Here’s Something You Can Do About It

Palo Alto Networks addresses tens of serious issues in PAN-OS

Trick or Treat: The Choice is Yours with Multifactor Authentication

Is Your Small Business Safe Against Cyber Attacks?

Addressing Remote Desktop Attacks and Security

Iran-linked APT groups continue to evolve

CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild

Cisco addresses ten high-risk issues in NX-OS software

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Cisco fixes 32 security vulnerabilities in its products, including three critical flaws

What’s most interesting about the Florida water system hack? That we heard about it at all.

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

China-linked threat actors have breached telcos and network service providers

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Rockwell Automation fixes multiple DoS flaws in Stratix Switch introduced by Cisco Software

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Colonial Pipeline Lawsuits Flowing Like Oil

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

5 Things Retailers Should Know About Cybersecurity

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

How to Ensure Your Digital Security During the Rugby World Cup

RSAC insights: ‘SASE’ disrupts networking by meshing security, connectivity at the services edge

Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

A Conversation on Zero Trust for the Modern World

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

The evolution of ransomware in 2019: attackers think bigger, go deeper and grow more advanced

Stay Connected