Security Affairs

MAY 17, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog. Last week, Zyxel has addressed the critical CVE-2022-30525 (CVSS score: 9.8) USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 through ZLD V5.21

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 141

VPN Firewall Accountability Cybersecurity 141

Cisco Security

NOVEMBER 29, 2021

With traditional firewalls, network security teams are charged with the heavy lifting of deploying new solutions. According to Gartner, by 2025, 30% of new deployments of distributed branch-office firewalls will switch to firewall-as-a-service, up from less than 10% in 2021. Introduction. Starting with version 7.1

Firewall 145

Firewall Network Security Architecture VPN 145

eSecurity Planet

FEBRUARY 4, 2022

Antivirus Software WiFi 6 Routers Virtual Private Networks Password Managers Email Security Software Web Application Firewall Bot Management Software. Also Read: 4 Best Antivirus Software of 2022. Virtual Private Networks (VPNs). A virtual private network (VPN) takes a public internet connection (i.e. Antivirus Software.

Internet 144

Internet Internet Software Antivirus 144

Security Affairs

NOVEMBER 2, 2024

Sophos used custom implants to monitor China-linked thret actors targeting firewall zero-days in a years-long battle. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint.

Firmware 121

Firmware Government Firewall Malware 121

Bleeping Computer

MAY 15, 2022

Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. [.].

Firewall 99

Firewall VPN 99

Security Affairs

MARCH 27, 2022

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. MR3 (18.5.3) and earlier.

Firewall 100

Firewall Authentication VPN Hacking 100

Security Affairs

MAY 13, 2022

Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8)

Firewall 98

Firewall Firmware VPN Wireless 98

Security Affairs

SEPTEMBER 24, 2022

Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. and impacts Firewall versions 18.5

Firewall 100

Firewall VPN Authentication Hacking 100

Security Affairs

DECEMBER 6, 2022

Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. The post Sophos fixed a critical flaw in its Sophos Firewall version 19.5 Pierluigi Paganini.

Firewall 100

Firewall Wireless VPN Hacking 100

DoublePulsar

JANUARY 15, 2025

Each folder then contains an IP address, and each IP address contains config.confa full Fortigate config dumpand vpn-users.txt, a plaintext list of credentials. The data appears to have been assembled in October 2022, as a zero day vuln. Having a full device config including all firewall rules is a lot of information.

Firewall 80

Firewall VPN Passwords Firmware 80

Malwarebytes

APRIL 4, 2022

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Patch 1 VPN ZLD V4.30 Patch 5 in May 2022. Please note that the patches should have a release date of 03/29/2022 or later. The vulnerability. through ZLD V4.70

Firewall 95

Firewall Firmware VPN Authentication 95

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

JANUARY 20, 2023

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day.

VPN 98

VPN Firewall Internet Internet 98

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. released in October 2022.

VPN 90

VPN Passwords Firewall Firmware 90

Security Affairs

NOVEMBER 29, 2022

Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684 , in Fortinet products. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online. Pierluigi Paganini.

VPN 104

VPN Firewall Authentication Internet 104

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 110

Firewall Firmware IoT Authentication 110

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk 263

Risk VPN Internet Internet 263

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall 98

Firewall VPN Firmware Manufacturing 98

Security Boulevard

JUNE 29, 2022

Show notes for series 2, episode 2 Is your firewall as fast as you think? Do you need a personal VPN? The post DE:CODED – Firewall speeds and VPN risks appeared first on SE Labs Blog. The post DE:CODED – Firewall speeds and VPN risks appeared first on Security Boulevard.

Firewall 52

Firewall VPN Risk Small Business 52

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers,” the company said.

Firewall 102

Firewall VPN Cybercrime Software 102

eSecurity Planet

MARCH 27, 2023

Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. Overall, the proportion of financially motivated zero-day exploitation decreased in 2022. Far more of the 16 cases with a clear motive were state-sponsored – 13 of the zero-days tracked in 2022 appear to have been leveraged by cyber espionage groups.

Firewall 105

Firewall Internet Internet Ransomware 105

eSecurity Planet

APRIL 29, 2022

We’ve narrowed this list down to four categories of software that are essential to modern cybersecurity: Extended detection and response (XDR) , next-generation firewalls (NGFW) , cloud access security brokers (CASB) , and security information and event management (SIEM). . NGFWs are the third generation of firewalls. Best NGFWs.

Software 124

Software Cybersecurity Firewall Antivirus 124

Security Affairs

SEPTEMBER 7, 2022

Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747 , impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) In May 2022, Zyxel released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products.

Firewall 104

Firewall Firmware Authentication VPN 104

SecureWorld News

NOVEMBER 12, 2024

According to the advisory, "Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high-priority targets." CVE-2023-20273 (Cisco IOS XE): Allows privilege escalation once a local user has been created to root privileges.

Software 112

Software Passwords Cyber threats Risk 112

CyberSecurity Insiders

NOVEMBER 1, 2022

Back then, endpoint security focused on computers, which meant the installation of antivirus, malware protection, firewall, and (sometimes) VPN in every computer. Forrester released its 2022 State of Endpoint Security report in July this year, saying that buyers are seeking better product efficacy and integrated data security.

IoT 120

IoT Antivirus Threat Detection Cyber threats 120

eSecurity Planet

MARCH 23, 2023

Sophos and Fortinet both appear on our list of the top next-generation firewalls (NGFWs) , and while both offer very good security at their price points, they serve very different markets. If you’re just looking for a firewall with good security, Sophos will do. Fortinet offers virtual firewalls too for hybrid cloud use cases.

Firewall 115

Firewall VPN Small Business Marketing 115

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. AllegisCyber Investments. Insight Investments.

Cybersecurity 129

Cybersecurity Technology Marketing Healthcare 129

SecureList

NOVEMBER 23, 2021

Update firewalls and SSL VPN gateways in good time. And for some companies, the consequences of a security compromise in 2021 will catch up with them only in 2022. Unfortunately, it will doubtless claim many victims in the year to come. Some of those compromised might get lucky and simply fall off the cybercriminal radar.

Spyware 137

Spyware Phishing Cybercrime Energy and Utilities 137

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

Firewall 136

Firewall Firmware Cyber Attacks VPN 136

Security Affairs

DECEMBER 13, 2023

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

Small Business 136

Small Business Technology VPN Manufacturing 136

Security Affairs

APRIL 3, 2022

Sophos Firewall affected by a critical authentication bypass flaw Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict Security Affairs newsletter Round 358 by Pierluigi Paganini Western Digital addressed a critical bug in My Cloud OS 5 CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog.

Firewall 98

Firewall Hacking DDOS VPN 98

Malwarebytes

MAY 26, 2023

Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls. Patch 1, USG20(W)-VPN firmware versions 4.25 Patch 1, VPN series firmware versions 4.30 USG FLEX50(W) / USG20(W)-VPN versions ZLD V4.25

Firmware 96

Firmware VPN Firewall Accountability 96

Security Affairs

APRIL 19, 2022

“It is recommended that your QNAP NAS stay behind your router and firewall without a public IP address. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. ” reads the advisory published by QNAP. Do not let your QNAP NAS obtain a public IP address.

Internet 111

Internet Internet VPN Firewall 111

CyberSecurity Insiders

JANUARY 5, 2023

The incident was discovered by the security researchers from eSentire in October 2022. eSentire’s Threat Response Unit (TRU) stated that the attack took place on the devices of the Fortinet through a bypass vulnerability named CVE-2022-40684. But for reasons they made the information public in Jan 2023.

VPN 52

VPN Ransomware Antivirus Firewall 52

Cisco Security

JULY 18, 2022

The year 2022 has been rather hectic for many reasons, and as the World undergoes its various challenges and opportunities, We At Cisco Security have buckled up and focused on improving the World in the way which we know best: by making it more Secure. Such data encompasses network telemetry, firewall logging, and remote worker telemetry.

VPN 140

VPN Firewall Internet Internet 140

eSecurity Planet

FEBRUARY 9, 2022

And a recent Enterprise Strategy Group (ESG) study notes that cybersecurity is likely to be the top area for increased IT spending for 2022. According to ESG, 69% of organizations plan to spend more on cybersecurity in 2022. The rest – 2% – intend to pay less for cybersecurity in 2022 compared to 2021.

Backups 140

Backups Firewall DDOS Antivirus 140