Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. Pierluigi Paganini.

Authentication 98

Authentication VPN Phishing Hacking 98

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier. MR3 (18.5.3)

Firewall 100

Firewall Authentication VPN Hacking 100

Security Affairs

NOVEMBER 29, 2022

Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684 , in Fortinet products. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild.

VPN 104

VPN Firewall Authentication Internet 104

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022. Pierluigi Paganini.

Internet 98

Internet Internet VPN Authentication 98

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 263

Risk VPN Internet Internet 263

Security Affairs

MAY 26, 2022

Below is the list of the four vulnerabilities, the most severe one is a command injection flaw in some CLI commands tracked as CVE-2022-26532 (CVSS v3.1 CVE-2022-0910 : An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.

Firewall 141

Firewall VPN Authentication Cyber Attacks 141

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. Recently, hackers leaked 87,000 Fortinet VPN passwords , mostly from companies who hadn’t yet patched a two-year-old vulnerability. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication 104

Authentication Passwords Mobile Accountability 104

Security Affairs

OCTOBER 21, 2021

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. This article focuses on the top five attack vectors organizations should look out for and defend against in 2022. Conclusion. Follow me on Twitter: @securityaffairs and Facebook.

IoT 139

IoT Phishing Passwords Scams 139

Security Affairs

AUGUST 3, 2023

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.

Authentication 98

Authentication VPN Hacking Internet 98

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall 98

Firewall VPN Authentication Hacking 98

Krebs on Security

JULY 10, 2022

Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. “I get so angry when I think about all this,” he said.

Accountability 335

Accountability Passwords Authentication Password Management 335

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Top game titles by number of related threats.

Mobile 134

Mobile Passwords Software Accountability 134

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not leet , just damn persistent.” ” HOW DID WE GET HERE?

Social Engineering 286

Social Engineering Phishing Engineering Accountability 286

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. “TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it.

Firewall 102

Firewall VPN Cybercrime Software 102

eSecurity Planet

SEPTEMBER 19, 2022

Multi-factor authentication. This solution offers true two-factor authentication and impressive encryption capabilities. True two-factor authentication. This upgrade offers 1 GB of encrypted file storage, two-factor authentication with YubiKey, FIDO and Duo, as well as priority customer support. Password auto-filling.

Password Management 122

Password Management Passwords Software Encryption 122

SecureWorld News

NOVEMBER 12, 2024

According to the advisory, "Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high-priority targets." CVE-2023-20273 (Cisco IOS XE): Allows privilege escalation once a local user has been created to root privileges.

Software 112

Software Passwords Cyber threats Risk 112

Malwarebytes

DECEMBER 14, 2022

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. The vulnerability that is exploited in the wild is listed under CVE-2022-44698 and described as a Windows SmartScreen Security Feature bypass vulnerability. CVE-2022-44670 and CVE-2022-44676 are remote code execution (RCE) vulnerabilities.

Internet 98

Internet Internet VPN Authentication 98

CSO Magazine

JANUARY 13, 2023

Remote code execution in FortiOS SSL-VPN. The vulnerability, tracked as CVE-2022-42475 , is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.

Network Security 113

Network Security VPN Authentication Government 113

Fox IT

DECEMBER 28, 2022

CVE-2022-27510 – Unauthorized access to Gateway user capabilities. On November 8th 2022, Citrix published a security bulletin for CVE-2022-27510 , a critical authentication bypass vulnerability affecting Citrix ADC (formerly known as NetScaler) and Citrix Gateway. nc, Date: Sep 23 2022, 13:12:49 (64-bit) Done.

Internet 16

Internet Internet VPN Media 16

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal). LockBit 2.0.

Ransomware 89

Ransomware Phishing Accountability Technology 89

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 136

Ransomware Backups VPN Authentication 136

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware 136

Ransomware Hacking VPN Phishing 136

Malwarebytes

OCTOBER 24, 2022

Cisco has published a security advisory for a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an authenticated, remote attacker to read and delete files on an affected device. The most urgent patch in this update is aimed at CVE-2022-20822. The bug, with a CVSS score of 7.1

VPN 93

VPN Authentication Engineering Internet 93

Security Affairs

SEPTEMBER 12, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user. . ” reads an update published by Cisco on September September 11, 2022.

Ransomware 115

Ransomware VPN Authentication Phishing 115

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Cybersecurity 214

Cybersecurity Digital transformation Computers and Electronics Encryption 214

Heimadal Security

SEPTEMBER 13, 2022

The American technology giant, Cisco, confirmed that the data leaked by Yanluowang ransomware gang on September 11, 2022, is authentic. The company’s network has been breached through the VPN account of an employee. The data now released on the dark web was stolen in a cyberattack in May, this year.

Ransomware 98

Ransomware VPN Authentication Accountability 98

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. AllegisCyber Investments. Insight Investments.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 122

Ransomware Backups VPN Authentication 122

DoublePulsar

JANUARY 15, 2025

Each folder then contains an IP address, and each IP address contains config.confa full Fortigate config dumpand vpn-users.txt, a plaintext list of credentials. The data appears to have been assembled in October 2022, as a zero day vuln. In other words, the data is authentic. Somebody just released them.

Firewall 80

Firewall VPN Passwords Firmware 80

SecureList

NOVEMBER 23, 2021

For instance, we see a new trend emerging in the criminal ecosystem of spyware-based authentication data theft, with each individual attack being directed at a very small number of targets (from single digits to several dozen). Update firewalls and SSL VPN gateways in good time. But not all. Threats to OT.

Spyware 138

Spyware Phishing Cybercrime Energy and Utilities 138

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products.

Firewall 104

Firewall Firmware Authentication VPN 104

Security Boulevard

JANUARY 14, 2025

Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability 9.6 websocket module. through 7.0.16 Upgrade to 7.0.17 through 7.0.19

Authentication 59

Authentication VPN Firewall 59

Security Affairs

SEPTEMBER 2, 2022

Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022. The experts also discovered posts on a Dark Web access broker auction site where a threat actor was purchasing VPN credentials for large U.S.

Hacking 111

Hacking VPN Ransomware Passwords 111

eSecurity Planet

APRIL 29, 2022

They still validate traffic via packet filtering and VPN support, but they can also use whitelists or a signature-based IPS to determine whether applications are safe or not. These tools are able to manage single sign-on, log data, authentication and authorization, device profiling and encryption, and tokenization. Palo Alto Networks.

Software 123

Software Cybersecurity Firewall Antivirus 123

Security Affairs

APRIL 28, 2023

through 4.73, VPN series firmware versions 4.60 The company also fixed a high-severity post-authentication command injection issue ( CVE-2023-27991 , CVSS score: 8.8) through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.16

Firewall 98

Firewall Firmware VPN Authentication 98

SecureWorld News

DECEMBER 15, 2022

This vulnerability is a critical remote code execution (RCE) bug, tracked as CVE-2022-27518, which would allow the threat actor to "facilitate illegitimate access to targeted organizations by bypassing normal authentication controls.".

VPN 104

VPN Ransomware Authentication Cybersecurity 104

Security Affairs

OCTOBER 17, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. “Note (!)

Telecommunications 133

Telecommunications Authentication Data collection Passwords 133