2023, Authentication and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Top 15 Exploited Vulnerabilities of 2023

SecureWorld News

NOVEMBER 12, 2024

A new joint Cybersecurity Advisory, co-authored by leading cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom, details the vulnerabilities malicious actors routinely exploited in 2023.

Software

Software Passwords Cyber threats Risk

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. ” reads the advisory.

VPN

VPN Authentication Hacking Cybersecurity

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT.

Authentication

Authentication Ransomware VPN Hacking

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN

VPN Authentication Cyber Attacks Passwords

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Authentication Small Business Telecommunications

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The flaw CVE-2023-46805 (CVSS score 8.2) is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Malware Authentication Small Business

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN

VPN Authentication Firmware Phishing

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

The directive applies to any networking devices — such as firewalls, routers and load balancers — that allow remote authentication or administration. The researchers found that just being able to reach the management interface for a vulnerable Fortinet SSL VPN appliance was enough to completely compromise the devices.

Risk

Risk VPN Internet Internet

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication

Authentication VPN Hacking Government

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

The Hacker News

JANUARY 12, 2024

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023.

VPN

VPN Malware Authentication

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication

Authentication VPN Hacking Government

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware

Ransomware VPN Authentication Hacking

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. The flaw CVE-2023-46805 (CVSS score 8.2) CISA also warned to continue to audit privilege-level access accounts.

VPN

VPN Authentication Software Malware

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

SEPTEMBER 26, 2023

26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. Advertising Practices: Given the complexity and different use cases for VPNs, claims must not mislead.

VPN

VPN Internet Internet Technology

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

eSecurity Planet

SEPTEMBER 5, 2023

August 28, 2023 Ransomware Group Exploits Citrix NetScaler Vulnerability In July, Citrix released a patch for a critical remote code execution vulnerability ( CVE-2023-3519 ), which affected the company’s NetScaler ADC and NetScaler Gateway products and carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale.

VPN

VPN Authentication Ransomware Antivirus

The four cybersecurity trends to watch in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

Cybersecurity

Cybersecurity VPN Digital transformation Education

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, in its firewall devices.

Firmware

Firmware Firewall Authentication VPN

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware

Ransomware Backups VPN Authentication

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16 Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall

Firewall VPN Authentication Hacking

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN

VPN Authentication Mobile Firewall

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Security Affairs

DECEMBER 3, 2023

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. The addressed issues are tracked as CVE-2023-35136 , CVE-2023-35139 , CVE-2023-37925 , CVE-2023-37926 , CVE-2023-4397 , CVE-2023-4398 , CVE-2023-5650 , CVE-2023-5797 , CVE-2023-5960.

Firewall

Firewall Authentication VPN Cyber Attacks

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

VPN

VPN Authentication Mobile Firewall

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. The client update process is executed after a successful VPN connection is established.” ” reads the advisory published by the company.

VPN

VPN Mobile Software Authentication

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware

Ransomware Backups VPN Authentication

Best Practices to Strengthen VPN Security

Security Boulevard

APRIL 24, 2024

VPNs provide an essential layer of protection for employees working remotely or across multiple office locations, encrypting data traffic to stop hackers from intercepting and stealing information. The post Best Practices to Strengthen VPN Security appeared first on Security Boulevard.

VPN

VPN Encryption Risk Authentication

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Cisco Security

AUGUST 24, 2023

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

Authentication

Authentication Ransomware VPN Passwords

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Malwarebytes

JANUARY 11, 2023

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. ended January 10, 2023. The actively exploited vulnerability is listed as CVE-2023-21674. In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection. SharePoint Server.

B2B

B2B Encryption VPN Software

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT

IoT DDOS Passwords Malware

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Malwarebytes

JULY 21, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by August 9, 2023 to protect their networks against active threats. The actively exploited CVE patched in this update is CVE-2023-3519 a Citrix NetScaler ADC and NetScaler Gateway code injection vulnerability with a CVSS score of 9.8

Authentication

Authentication VPN Cybercrime Cybersecurity

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Act now! Ivanti vulnerabilities are being actively exploited

Malwarebytes

JANUARY 11, 2024

Successful exploitation would give an attacker the ability to run arbitrary code on Ivanti’s Virtual Private Network (VPN) system. Ivanti Connect Secure is a widely used VPN solution that allows users to connect to their organization’s network. The CVEs mentioned in these reports are: CVE-2023-46805 ( CVSS score 8.2

VPN

VPN Authentication Software Risk

Two zero-day bugs in Ivanti Connect Secure actively exploited

Security Affairs

JANUARY 11, 2024

Software firm Ivanti reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

Authentication

Authentication VPN Mobile Hacking

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

The Hacker News

JUNE 11, 2023

The vulnerability, tracked as CVE-2023-27997, is "reachable pre-authentication, on every SSL VPN appliance," Lexfo Security researcher Charles Fol, who discovered and reported the flaw, said in a tweet over the weekend.

Firewall

Firewall VPN Authentication

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Security Affairs

JANUARY 17, 2024

Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

VPN

VPN Software Authentication Internet

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 18, 2024

CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability. CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

Authentication

Authentication VPN Software Engineering

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Top 15 Exploited Vulnerabilities of 2023

Trending Sources

Feds Charge Five Men in ‘Scattered Spider’ Roundup

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

CISA Order Highlights Persistent Risk at Network Edge

Multiple malware used in attacks exploiting Ivanti VPN flaws

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Zyxel firewall and VPN devices affected by critical flaws

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

The four cybersecurity trends to watch in 2023

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Akira ransomware targets Finnish organizations

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel fixed four bugs in firewalls and access points

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Akira ransomware targets Finnish organizations

Best Practices to Strengthen VPN Security

Akira Ransomware Targeting VPNs without Multi-Factor Authentication

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Overview of IoT threats in 2023

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Act now! Ivanti vulnerabilities are being actively exploited

Two zero-day bugs in Ivanti Connect Secure actively exploited

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected