Security Affairs

DECEMBER 16, 2020

Bansal (@0xrb) December 16, 2020. The attackers used VPN servers in the same country as the victim to obfuscate the IP addresses and evade detection. of the SolarWinds Orion Platform software that was released between March and June 2020. here is list of DGA subdomain c2: avsvmcloud[.]com The domain avsvmcloud[.]com

Hacking 145

Hacking DNS VPN Software 145

Security Affairs

MARCH 16, 2021

“The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing.

Wireless 137

Wireless IoT DNS VPN 137

Security Affairs

JANUARY 14, 2021

The campaign has been active at least since 2020, the attackers leverage remote access trojans to spy on their victims. . Some of the phishing emails from the current campaign were sent from IP addresses corresponding to a range that belongs to Powerhouse Management, a VPN service. These files have fewer than a dozen sightings each.

Malware 139

Malware Surveillance Phishing Government 139

eSecurity Planet

FEBRUARY 19, 2024

Appliances with affected software must have Anyconnect SSL VPN enabled on whichever interface is exposed to the internet for an attack to occur. The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Changing passwords, secrets, and pre-shared keys. Enabling logging.

VPN 115

VPN DNS Ransomware Software 115

Security Affairs

MARCH 20, 2020

The attackers connects to a dedicated commercially-shared VPN server using OpenVPN and then uses compromised email credentials to send out credential spam via a commercial email service provider. ” concludes the report. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Phishing 145

Phishing Accountability Advertising DNS 145

Cisco Security

JULY 28, 2021

The FBI reported that the number of cybersecurity attacks rose by 3-4x in 2020 as a result of the rapid transition to remote work. Verify user identity and device trust with Cisco Secure Access by Duo and AnyConnect VPN. Hold the first line of defense with DNS and email protection with Cisco Umbrella and Secure Email.

Cybersecurity 145

Cybersecurity DNS VPN Phishing 145

eSecurity Planet

JANUARY 14, 2022

NetScout’s latest Threat Intelligence Report found more DDoS attacks in the first half of 2021 compared to the whole of 2020. Since 2020, through various waves of DDoS extortion campaigns we’ve witnessed, this trend holds true. It is architected for nonstop DNS availability and high performance, even across the largest DDoS attacks.

DDOS 128

DDOS DNS Firewall Media 128

Malwarebytes

MAY 12, 2021

The design flaws were assigned the following CVEs: CVE-2020-24588 : Aggregation attack (accepting non-SPP A-MSDU frames). CVE-2020-24587 : Mixed key attack (reassembling fragments encrypted under different keys). CVE-2020-24586 : Fragment cache attack (not clearing fragments from memory when (re)connecting to a network).

Encryption 111

Encryption Firewall Authentication DNS 111

eSecurity Planet

MARCH 25, 2022

Like in the case of SolarWinds in 2020, masked threat actors aren’t afraid to linger for months during reconnaissance. For the generation of remote work and operations, Check Point Remote Access VPN offers central management and policy administration for controlling access to corporate networks. Examples of Notable RDP Attacks.

VPN 122

VPN Software Authentication Encryption 122

SecureList

JUNE 15, 2022

Request for access to corporate VPN. 2TB of 2020-2021 data: credentials related to banking accounts and the most popular services. I sell VPN accounts of USA companies, revenue is 1kkk$. Access type: VPN. Access type: VPN. Sale] VPN-RDP accounts for network access. Access type: VPN-RDP. Price: 7 000$.

VPN 130

VPN Accountability Ransomware Encryption 130

eSecurity Planet

MAY 28, 2021

Whether it’s a VPN , firewall , or remote access server, unauthorized entry via network gateways is a problem. Initial access methods for gateways dominate the Dark Web market, with 45% using traditional initial access like RDP , VPN, and RCE. Also Read: How to Prevent DNS Attacks. Supply Chain Attacks.

Software 121

Software DNS Firmware VPN 121

McAfee

SEPTEMBER 14, 2021

Inspecting the File (COFF) header, we observed the file’s compilation timestamp: TimeDateStamp: 05/12/2020 08:23:47 – Date and time the image was created. The PlugX families we observed used DNS [ T1071.001 ] [ T1071.004 ] as the transport channel for C2 traffic, in particular TXT queries. GET / */[redacted].rar. 180.50.*.*.

Malware 144

Malware DNS Accountability Manufacturing 144

eSecurity Planet

SEPTEMBER 25, 2023

Cloudflare One Cloudflare released their initial SASE offering in October 2020 and continues to add features and capabilities. The lowest tier of Cloudflare One provides support for 50 users maximum, 24 hours of activity logging, and up to three network locations for office-based DNS filtering.

DNS 98

DNS DDOS IoT Firewall 98

eSecurity Planet

SEPTEMBER 29, 2021

Recent research by Positive Technologies looked at the cyber threat landscape during Q2 2021 and found that ransomware attacks reached “stratospheric” levels, accounting for 69% of all malware attacks, a huge jump from 39% in Q2 2020. Free VPN with up to 300 MB of traffic per day. DNS filtering.

Ransomware 111

Ransomware VPN Backups Malware 111

eSecurity Planet

MAY 2, 2024

50,000 DDoS attacks on public domain name service (DNS) resolvers. 553% increase in DNS Flood attacks from 1H 2020 to 2H 2023. DDoS attacks on single networks or websites render them unavailable, but DDoS attacks on DNS resolvers bring down all networks and websites using that DNS resource.

Cybersecurity 123

Cybersecurity DDOS Penetration Testing Passwords 123

eSecurity Planet

MAY 19, 2022

Already a leading SD-WAN pick, the HPE subsidiary boosted its market position with acquisitions of security vendor Cape Networks in 2018 and WAN specialist Silver Peak Systems in 2020. EdgeConnect Enterprise critically comes with firewall , segmentation , and application control capabilities. Features: Aruba EdgeConnect Enterprise SD-WAN.

Firewall 122

Firewall Architecture Encryption Network Security 122

SecureList

JUNE 2, 2022

In 2020, we discovered a whole new distribution method for the WinDealer malware that leverages the automatic update mechanism of select legitimate applications. This can be done with the use of a VPN, but these may be illegal depending on the jurisdiction and would typically not be available to Chinese-speaking targets. 111.120.0.0/14

Malware 137

Malware Encryption Social Engineering Telecommunications 137

Malwarebytes

MAY 5, 2022

Here is a list containing some of the services that the Nigerian Tesla threat actor used: PerfectMoney Glassdoor signupanywhere (could be a source to get victims emails) omail.io (service for extracting emails) warzone.ws (Warzone RAT) worldwiredlabs (NetWire RAT) le-vpn.com and bettervpn.com zenmate.com tigervpn hotvpn (VPN provider) securitycode.eu

Malware 93

Malware Scams Phishing Accountability 93

SecureList

SEPTEMBER 21, 2023

Botnet based on Medusa, working since 2020. DNS changer Malicious actors may use IoT devices to target users who connect to them. A 2022 campaign known as Roaming Mantis, or Shaoye, spread an Android app whose capabilities included modifying DNS settings on Wi-Fi routers through the administration interface. Our advantages: 1.

IoT 134

IoT DDOS Passwords Malware 134

Fox IT

JANUARY 12, 2021

NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020. After obtaining a valid account, they use this account to access the victim’s VPN, Citrix or another remote service that allows access to the network of the victim.

VPN 68

VPN Accountability Passwords DNS 68

eSecurity Planet

AUGUST 11, 2023

SASE provides an edge security solution that addresses these challenges without the bottlenecks of traditional virtual private network (VPN) solutions. Security will become centralized, integrated, and simplified and operations can improve by removing any VPN and local firewall bottlenecks. What Is SASE?

Firewall 105

Firewall IoT Technology Internet 105

Vipre

JANUARY 25, 2021

According to the independent institute AV-TEST , the number of total new malware in 2020 increased by 13% compared to the last year, and malware for macOS by 1200% for the same period. An easy way to enhance your online security and privacy is by using a VPN while browsing the internet. Identity Theft Protection Tools.

Identity Theft 40

Identity Theft Backups VPN Antivirus 40

McAfee

AUGUST 23, 2020

Remote users and branch offices were logically connected to this central network via technologies like VPN, MPLS, and leased lines, so the secure network perimeter could be maintained. While this approach sufficed for years, digital transformation has created major challenges. However, there are major drawbacks to this model.

Architecture 85

Architecture Digital transformation Internet Internet 85

SecureList

JULY 9, 2024

The result is an unranked list of integrated data sources that can be used for developing detection logic, such as: For Command Execution: OS logs, EDR, networked device administration logs and so on; For Process Creation: OS logs, EDR; For Network Traffic Content: WAF, proxy, DNS, VPN and so on; For File Modification: DLP, EDR, OS logs and so on.

Engineering 116

Engineering DNS Technology Accountability 116

SecureList

APRIL 27, 2021

One of the suspected FinFly Web servers was active for more than a year between October 2019 and December 2020. As it turned out, it was active for a very short time around September 2020 on a host that appears to have been impersonating the popular Mail.ru The activities peaked in November 2020, but are still ongoing.

Malware 145

Malware Government Spyware Social Engineering 145

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 145

Malware Government Surveillance Spyware 145

SecureList

OCTOBER 19, 2021

EMBEDDED MODULE PE timestamp:2020-09-17 InternalName:<payload32.dll> It retrieves the DNS names of all the directory trees in the local computer’s forest. EMBEDDED EXE MODULE timestamp:2020-04-23 InternalName:<none>AliasName:mailCollector. < The vpnDll32 module establishes a VPN connection.

Banking 145

Banking Passwords VPN Internet 145

SecureList

DECEMBER 19, 2024

The targeted company employs this technology to allow employees to download specific policies to their corporate devices, granting them secure access to the Fortinet VPN. The affected system was a Windows server exposed to the internet, with only two ports open.

Internet 106

Internet Internet Passwords Accountability 106