2021 and VPN - Cyber Security Informer

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

Here are 12 New Year Resolutions for a safer and more secure digital you in 2021: Think before you click that email link: 2020 was a record-breaking year for ransomware, malware, and phishing , and many, if not most of these attacks were launched with the click on a link in an email. That’s always the case when it comes to cybersecurity.

VPN

VPN Antivirus Passwords Backups

GUEST ESSAY: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

The Last Watchdog

JANUARY 18, 2022

After a gloomy start with its first three breach intensive quarters, 2021 has finally ended, and on a positive note. Related: Cybersecurity experts reflect on 2021. Our analysis looked into data breaches that occurred from October to December 2021 (Q4) and compared them with the numbers from July through August 2021 (Q3).

Data breaches

Data breaches VPN Internet Internet

Why No HTTPS? The 2021 Version

Troy Hunt

AUGUST 12, 2021

So I fire up Nord VPN and exit through a US node in an incognito window and I get. Even though we have Lush in Australia, I'm seeing content obviously designed for the other side of the world. I wonder where Alexa says Lush is based, let's try this API: [link] Huh, it's American. exactly the same UK page.

VPN

Ivacy Best VPN Christmas Deal For 2021

SecureBlitz

DECEMBER 22, 2021

Here’s the Ivacy best VPN Christmas deal for the year 2021. Ivacy VPN, your on-stop for VPN solutions, is here again with yet another offer that will bring smiles to the faces of users this Christmas season. You get to save up to 90% OFF Ivacy VPN 5-Year Lifetime Plan and also get Free 2.

VPN

VPN Cybersecurity

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064 , in its GlobalProtect portal and gateway interfaces. 2021-11-10: This report was published.

VPN

VPN Firewall Internet Internet

Cisco fixes critical, high severity vulnerabilities in VPN routers

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. SecurityAffairs – hacking, VPN routers). ” reads the advisory.

VPN

VPN Small Business Hacking Internet

21 million free VPN users’ data exposed

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. So this is a mess, and a timely reminder of why trust in a VPN provider is so crucial. Past VPN errors.

VPN

VPN Passwords Internet Internet

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. SecurityAffairs – hacking, VPN routes). Pierluigi Paganini.

VPN

VPN Small Business Wireless Firmware

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

Expired certificate caused a Pulse Secure VPN global scale outage

Security Affairs

APRIL 12, 2021

Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired. x 14th April, 2021 (End of Day PST).

VPN

VPN Software Hacking Information Security

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “In reads the report published by FireEye. reads the report published by FireEye.

VPN

VPN Government Authentication Cybersecurity

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords

Passwords Wireless VPN Accountability

New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises

CyberSecurity Insiders

FEBRUARY 16, 2021

2021 Research Highlights Growing Security Vulnerabilities Around Targeted Social Engineering, Ransomware and Malware Attacks. To download the full study, see the Zscaler 2021 VPN Risk Report. For the last three decades, VPNs have been deployed to provide remote users with access to resources on corporate networks.

VPN

VPN Risk Digital transformation Social Engineering

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

The Hacker News

FEBRUARY 5, 2021

The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN

VPN

VPN Small Business

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021. 2020 VPN series running firmware ZLD V4.60 Patch1 in April 2021 NXC5500 V6.10 Patch1 in April 2021.

Firewall

Firewall VPN Firmware Passwords

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. ” reads the report published by FireEye. ” continues the report.

VPN

VPN Hacking Authentication Government

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

VPN

VPN Government Malware Hacking

Wazawaka Goes Waka Waka

Krebs on Security

FEBRUARY 14, 2022

Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. Wazawaka, a.k.a. Matveev, a.k.a. “Orange,” a.k.a.

Ransomware

Ransomware VPN Cybercrime Accountability

WireGuard vs. OpenVPN: Comparing Top VPN Protocols

eSecurity Planet

JANUARY 26, 2022

A VPN protocol creates the tunnels that your traffic travels through when you use a VPN to keep your communications private. WireGuard and OpenVPN are two popular open-source VPN protocols that businesses and users can choose from when they sign up for a VPN service. Also Read: VPN Security Risks: Best Practices for 2022.

VPN

VPN Mobile Wireless Marketing

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. mike [link] pic.twitter.com/fkU2USEZis — Swisscom CSIRT (@swisscom_csirt) January 26, 2021. SecurityAffairs – hacking, Fortinet VPN). ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The post APT groups chain VPN and Windows Zerologon bugs to attack US government networks appeared first on Security Affairs. ” concludes the alert. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances. SecurityAffairs – hacking, VPN).

VPN

VPN Authentication Hacking Information Security

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

The Hacker News

NOVEMBER 10, 2021

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 (CVSS score: 9.8), the security weakness impacts PAN-OS 8.1

VPN

VPN Firewall Cybersecurity

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. ” Kaspersky spotted the activity of the group by investigating two weaponized documents that were uploaded to VirusTotal in July 2020 and March 2021. .

VPN

VPN Internet Internet Software

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN

VPN Computers and Electronics Antivirus Software

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Security Affairs

AUGUST 19, 2021

Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers. Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. Pierluigi Paganini.

Small Business

Small Business Wireless VPN Firewall

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

DECEMBER 2, 2021

In January 2021, technology vendor Ubiquiti Inc. 28, other Ubiquiti employees spotted the unusual downloads, which had leveraged internal company credentials and a Surfshark VPN connection to hide the downloader’s true Internet address. The message was sent through an IP address associated with the same Surfshark VPN.

VPN

VPN Internet Internet Accountability

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Roll your own VPN and other tech advice

Javvad Malik

NOVEMBER 1, 2021

I heard you should use a VPN when online, can you recommend one?”. “Ha! I have my own custom VPN that is protected with this sweet crypto I rolled myself that runs off these PS4s”. From Windows or Mac, this FTP account could be accessed through built-in software» — @mikko (@mikko) October 23, 2021. Less space than a nomad.

VPN

VPN Wireless Marketing Accountability

Secure Access for Remote Workers: RDP, VPN & VDI

eSecurity Planet

NOVEMBER 4, 2021

The many solutions available mirror the breadth of possible use cases, but we can achieve a high-level understanding by reviewing the four most common solutions: RDP, VPN, VDI, and DaaS. VPNs: An Imperfect Solution. VPNs remain vulnerable to stolen credentials , zero-day attacks , and sloppy updating. RDP: A Pre-Cloud Solution.

VPN

VPN Firewall Encryption Passwords

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

The 6 Nastiest Malware of 2021

Webroot

OCTOBER 13, 2021

And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021. Discover more about 2021’s Nastiest Malware on the Webroot Community. The post The 6 Nastiest Malware of 2021 appeared first on Webroot Blog. How malware disrupted our lives.

Malware

Malware Small Business Antivirus Ransomware

Tech CEO Sentenced to 5 Years in IP Address Scheme

Krebs on Security

OCTOBER 17, 2023

But on just the second day of his trial in November 2021, Golestan changed his mind and pleaded guilty to 20 counts of wire fraud in connection with the phantom companies he used to secure the IP addresses. Golestan initially sought to fight those charges. Golestan did not respond to a request for comment.

Internet

Internet Internet VPN Marketing

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday. Pierluigi Paganini.

VPN

VPN Media Hacking Information Security

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN

VPN Government Malware Manufacturing

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

Security Affairs

OCTOBER 20, 2021

Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. Contact us: [link] — Zerodium (@Zerodium) October 19, 2021. Additional info about the Zerodium Exploit Acquisition Program is available here.

VPN

VPN Software Mobile Hacking

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

The Last Watchdog

DECEMBER 9, 2021

In 2021 we witnessed the continuation of the seismic shift in how people work, a change that started at the beginning of the global pandemic. The acceleration of cloud, mobility, and security initiatives proved to be critical for organizations looking to weather the new threats and disruptions.

Mobile

Mobile IoT Cybersecurity Digital transformation

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The Last Watchdog

JULY 11, 2022

Related: VPNs vs ZTNA. It’s in findings of a deep dive data analytics study led by Surfshark , a supplier of VPN services aimed at the consumer and SMB markets. Here are excerpts of our dialogue, edited for clarity and length: LW: Is it safe to assume demand for consumer VPNs has spiked, post Covid19?

VPN

VPN Data breaches Internet Internet

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Malwarebytes

DECEMBER 9, 2024

de Vries in 2021. Keep your online privacy yours by using Malwarebytes Privacy VPN. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted for the murder of Dutch journalist Peter R. We don’t just report on privacywe offer you the option to use it.

Encryption

Encryption VPN Media Marketing

Patch now! FatPipe VPN zero-day actively exploited

Malwarebytes

NOVEMBER 18, 2021

According to its marketing team, a FatPipe MPVPN can make your VPN “900% more secure.” According to the agency, a recent forensic analysis has revealed that Advanced Persistent Threat (APT) actors (plural) have been abusing the flaw since May 2021. ” But FatPipe says could , and the FBI says did.

VPN

VPN Software Internet Internet

Google now allows digital fingerprinting of its users

Malwarebytes

FEBRUARY 19, 2025

When introduced in April 2021, it allowed users to opt out of being tracked across apps and websites. Try Malwarebytes Privacy VPN. Its not hard to see why this is scary. Apple’s App Tracking Transparency (ATT) feature caused a significant upset in the mobile advertising industry.

Advertising

Advertising VPN Internet Internet

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook.

DNS

DNS Firmware VPN Risk

12 Online Resolutions for 2021

GUEST ESSAY: Data breaches across the globe slowed significantly in Q4 2021 versus Q1-Q3

Trending Sources

Why No HTTPS? The 2021 Version

Ivacy Best VPN Christmas Deal For 2021

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Cisco fixes critical, high severity vulnerabilities in VPN routers

21 million free VPN users’ data exposed

Cisco fixes critical remote code execution issues in SMB VPN routers

APT hacked a US municipal government via an unpatched Fortinet VPN

Expired certificate caused a Pulse Secure VPN global scale outage

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Chinese threat actors use Quad7 botnet in password-spray attacks

New VPN Risk Report by Zscaler Uncovers Hidden Security Risks Impacting Enterprises

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP

Expert found a secret backdoor in Zyxel firewall and VPN

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

China-linked APT groups targets orgs via Pulse Secure VPN devices

Wazawaka Goes Waka Waka

WireGuard vs. OpenVPN: Comparing Top VPN Protocols

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

A Deep Dive Into the Residential Proxy Service ‘911’

CISA published 2021 Top 15 most exploited software vulnerabilities

Cisco will not patch critical flaw CVE-2021-34730 in EoF routers

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Roll your own VPN and other tech advice

Secure Access for Remote Workers: RDP, VPN & VDI

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

The 6 Nastiest Malware of 2021

Tech CEO Sentenced to 5 Years in IP Address Scheme

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

China’s Volt Typhoon botnet has re-emerged

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Patch now! FatPipe VPN zero-day actively exploited

Google now allows digital fingerprinting of its users

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Stay Connected