The Hacker News

FEBRUARY 5, 2021

The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN

VPN 137

VPN Small Business 137

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 143

VPN Firewall Firmware Authentication 143

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN 134

VPN Government Hacking Accountability 134

Security Affairs

APRIL 12, 2021

Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired. x 14th April, 2021 (End of Day PST).

VPN 127

VPN Software Hacking Information Security 127

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In reads the report published by FireEye. reads the report published by FireEye.

VPN 134

VPN Government Authentication Cybersecurity 134

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords 132

Passwords Wireless VPN Accountability 132

CyberSecurity Insiders

FEBRUARY 16, 2021

2021 Research Highlights Growing Security Vulnerabilities Around Targeted Social Engineering, Ransomware and Malware Attacks. To download the full study, see the Zscaler 2021 VPN Risk Report. For the last three decades, VPNs have been deployed to provide remote users with access to resources on corporate networks.

VPN 125

VPN Risk Digital transformation Social Engineering 125

The Hacker News

NOVEMBER 10, 2021

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1

VPN 138

VPN Firewall Cybersecurity 138

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021.

Firewall 144

Firewall VPN Firmware Passwords 144

eSecurity Planet

JANUARY 26, 2022

A VPN protocol creates the tunnels that your traffic travels through when you use a VPN to keep your communications private. WireGuard and OpenVPN are two popular open-source VPN protocols that businesses and users can choose from when they sign up for a VPN service. Also Read: VPN Security Risks: Best Practices for 2022.

VPN 124

VPN Mobile Wireless Marketing 124

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

VPN 140

VPN Government Malware Hacking 140

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. ” reads the report published by FireEye. ” continues the report.

VPN 127

VPN Hacking Authentication Government 127

Krebs on Security

FEBRUARY 14, 2022

Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. Wazawaka, a.k.a. Matveev, a.k.a. “Orange,” a.k.a.

Ransomware 242

Ransomware VPN Cybercrime Accountability 242

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. mike [link] pic.twitter.com/fkU2USEZis — Swisscom CSIRT (@swisscom_csirt) January 26, 2021. SecurityAffairs – hacking, Fortinet VPN). ” continues Kaspersky.

VPN 129

VPN Ransomware Antivirus Firmware 129

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The post APT groups chain VPN and Windows Zerologon bugs to attack US government networks appeared first on Security Affairs. ” concludes the alert. Pierluigi Paganini.

VPN 145

VPN Government Authentication Advertising 145

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. SecurityAffairs – hacking, VPN).

VPN 112

VPN Authentication Hacking Information Security 112

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN 140

VPN Internet Internet Software 140

Security Affairs

AUGUST 19, 2021

Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers. Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. Pierluigi Paganini.

Small Business 118

Small Business Wireless VPN Firewall 118

Krebs on Security

DECEMBER 2, 2021

In January 2021, technology vendor Ubiquiti Inc. 28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. The message was sent through an IP address associated with the same Surfshark VPN.

VPN 265

VPN Internet Internet Accountability 265

eSecurity Planet

NOVEMBER 4, 2021

The many solutions available mirror the breadth of possible use cases, but we can achieve a high-level understanding by reviewing the four most common solutions: RDP, VPN, VDI, and DaaS. VPNs: An Imperfect Solution. VPNs remain vulnerable to stolen credentials , zero-day attacks , and sloppy updating. RDP: A Pre-Cloud Solution.

VPN 124

VPN Firewall Encryption Passwords 124

Javvad Malik

NOVEMBER 1, 2021

I heard you should use a VPN when online, can you recommend one?”. “Ha! I have my own custom VPN that is protected with this sweet crypto I rolled myself that runs off these PS4s”. From Windows or Mac, this FTP account could be accessed through built-in software» — @mikko (@mikko) October 23, 2021. Less space than a nomad.

VPN 133

VPN Wireless Marketing Accountability 133

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Webroot

OCTOBER 13, 2021

And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021. Discover more about 2021’s Nastiest Malware on the Webroot Community. The post The 6 Nastiest Malware of 2021 appeared first on Webroot Blog. How malware disrupted our lives.

Malware 145

Malware Small Business Antivirus Ransomware 145

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 140

VPN Firewall Accountability Cybersecurity 140

Malwarebytes

NOVEMBER 18, 2021

According to its marketing team, a FatPipe MPVPN can make your VPN “900% more secure.” According to the agency, a recent forensic analysis has revealed that Advanced Persistent Threat (APT) actors (plural) have been abusing the flaw since May 2021. ” But FatPipe says could , and the FBI says did.

VPN 127

VPN Software Internet Internet 127

The Last Watchdog

DECEMBER 9, 2021

In 2021 we witnessed the continuation of the seismic shift in how people work, a change that started at the beginning of the global pandemic. The acceleration of cloud, mobility, and security initiatives proved to be critical for organizations looking to weather the new threats and disruptions.

Mobile 177

Mobile IoT Cybersecurity Digital transformation 177

Security Affairs

JANUARY 18, 2022

Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday. Pierluigi Paganini.

VPN 114

VPN Media Hacking Information Security 114

Malwarebytes

FEBRUARY 19, 2025

When introduced in April 2021, it allowed users to opt out of being tracked across apps and websites. Try Malwarebytes Privacy VPN. Its not hard to see why this is scary. Apple’s App Tracking Transparency (ATT) feature caused a significant upset in the mobile advertising industry.

Advertising 133

Advertising VPN Internet Internet 133

Malwarebytes

DECEMBER 9, 2024

de Vries in 2021. Keep your online privacy yours by using Malwarebytes Privacy VPN. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted for the murder of Dutch journalist Peter R. We don’t just report on privacywe offer you the option to use it.

Encryption 121

Encryption VPN Media Marketing 121

The Last Watchdog

JULY 11, 2022

Related: VPNs vs ZTNA. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets. Here are excerpts of our dialogue, edited for clarity and length: LW: Is it safe to assume demand for consumer VPNs has spiked, post Covid19?

VPN 229

VPN Data breaches Internet Internet 229

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN 121

VPN Government Malware Manufacturing 121

Security Affairs

OCTOBER 20, 2021

Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. Contact us: [link] — Zerodium (@Zerodium) October 19, 2021. Additional info about the Zerodium Exploit Acquisition Program is available here.

VPN 121

VPN Software Mobile Hacking 121

Bleeping Computer

JANUARY 17, 2022

Microsoft has released emergency out-of-band (OOB) updates to address multiple issues caused by Windows Updates issued during the January 2021 Patch Tuesday. [.].

VPN 141

VPN 141

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook.

DNS 141

DNS Firmware VPN Risk 141

Bleeping Computer

MAY 22, 2024

Securities and Exchange Commission (SEC) after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. [.] The Intercontinental Exchange (ICE) will pay a $10 million penalty to settle charges brought by the U.S.

VPN 85

VPN 85

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus 331

Antivirus VPN Encryption Malware 331

CyberSecurity Insiders

JULY 30, 2021

Here is the most recent vulnerability report, including the top CVE list for the second quarter of 2021. The X-axis above depicts all vulnerabilities found in the second quarter from 1 April to 30 June 2021. The CVE Dirty Dozen for Q2 2021. vulnerability – CVE-2021-1675. Web application exploits continue to dominate.

Engineering 126

Engineering VPN Authentication Internet 126