Security Affairs

DECEMBER 15, 2023

Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Netgate addressed the vulnerabilities with the release of pfSense CE 2.7.1

Firewall 139

Firewall Phishing Authentication Hacking 139

SecureBlitz

AUGUST 10, 2023

Discover the features of next-generation firewalls in this 2023 guide. In 2023, the global average cost of a data breach due to cyber-attacks was USD 4.45 Understand how they contribute to stronger cybersecurity in the digital age. These numbers are expected to grow in the coming days.

Firewall 98

Firewall Cyber Attacks Data breaches Cybersecurity 98

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulnerabilities.

Firewall 143

Firewall Hacking Firmware Internet 143

Security Boulevard

JULY 9, 2023

Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel. Permalink The post BSides Knoxville 2023 – Reanna Schultz – Social Engineering: Training The Human Firewall appeared first on Security Boulevard.

Social Engineering 96

Social Engineering Firewall Engineering CISO 96

The Hacker News

JULY 3, 2023

No less than 330000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that have come under active exploitation in the wild. CVE-2023-27997

Firewall 103

Firewall VPN Internet Internet 103

Penetration Testing

MARCH 28, 2024

A newly discovered vulnerability in Imperva SecureSphere, a widely used on-premise Web Application Firewall (WAF), has the potential to expose organizations to devastating security breaches.

Penetration Testing 145

Penetration Testing Firewall 145

Security Affairs

AUGUST 26, 2024

SonicWall addressed a critical flaw in its firewalls that could allow attackers to achieve unauthorized access to the devices. SonicWall has released security updates to address a critical vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), in its firewalls. 13o Gen 6 Firewalls – 6.5.2.8-2n 5035 and older versions.”

Firewall 124

Firewall Firmware Malware Internet 124

Security Affairs

MAY 1, 2024

The experts noticed a spike in activity observed in September 2023. The threat actors appear to have the capability to control China’s Great Firewall and were observed utilizing a novel technique involving fake DNS MX records. However, the Infoblox researchers have yet to discover the motivation behind the attacks.

DNS 140

DNS Firewall DDOS Hacking 140

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. reads the advisory.

Firmware 129

Firmware Firewall Internet Internet 129

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. Bishop Fox’s Capability Development team built an exploit for the vulnerability CVE-2023-27997. ” states the analysis published by Bishop Fox.

Firewall 98

Firewall VPN Firmware Internet 98

Penetration Testing

DECEMBER 31, 2023

PingRAT PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.

Firewall 111

Firewall Penetration Testing 111

The Hacker News

APRIL 28, 2023

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 Improper error message handling in some firewall versions on the CVSS scoring system.

Firewall 113

Firewall 113

The Last Watchdog

OCTOBER 23, 2024

INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. The cost of ignoring such measures can be substantial, as noted in IBM’s 2023 Cost of a Data Breach Report, which found the average impact of a data breach on small businesses can exceed $3.31

Small Business 162

Small Business Data breaches Backups Passwords 162

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall 98

Firewall VPN Firmware Manufacturing 98

IT Security Guru

MARCH 14, 2025

Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023. It provides a firewall that blocks malicious traffic before it reaches your website. It offers a website firewall, which blocks attacks before they can do any harm. If your site ever gets hacked, Sucuri provides help to clean it up.

Cybersecurity 75

Cybersecurity Firewall Cyber Attacks Passwords 75

The Hacker News

JUNE 5, 2023

Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

Firewall 100

Firewall Cybersecurity 100

Tech Republic Security

JUNE 8, 2023

The post Cisco LIVE 2023: AI and security platforms innovations take center stage appeared first on TechRepublic. At its annual customer event in Las Vegas, Cisco introduced AI-powered, cloud-based products that are designed to snap into its new Security Cloud platform like LEGO.

Artificial Intelligence 176

Artificial Intelligence Firewall Cybersecurity 176

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 1 ZLD V5.36

Firewall 98

Firewall VPN Authentication Hacking 98

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks.

Firewall 131

Firewall Government VPN Authentication 131

SecureWorld News

OCTOBER 31, 2024

Spooky fact : According to research from Proofpoint , in 2023, 71% of organizations experienced at least one successful phishing attack, and they remain one of the most prevalent forms of cyber threats. million, almost an increase of $1 million from 2023 , proving that these "vampires" are more active—and greedier—than ever.

IoT 119

IoT Phishing DDOS Backups 119

Security Affairs

AUGUST 28, 2023

Researchers published a PoC exploit code for Juniper SRX firewall flaws that can be chained to gain RCE in Juniper’s JunOS. watchTowr Labs security researchers published a proof-of-concept exploit (PoC) exploit code for vulnerabilities in Juniper SRX firewalls. In mid-August, Juniper addressed four medium-severity (CVSS 5.3)

Firewall 98

Firewall Authentication Hacking Information Security 98

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. .

Firewall 98

Firewall Firmware VPN Authentication 98

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN 121

VPN Government Malware Manufacturing 121

The Hacker News

MAY 25, 2023

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8

Firewall 100

Firewall VPN Software 100

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. The vulnerability can be tracked as CVE-2023-29357.

Firewall 111

Firewall Firmware IoT Authentication 111

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. in its firewall devices. USG FLEX ZLD V4.60

Firewall 98

Firewall Firmware VPN DDOS 98

The Hacker News

NOVEMBER 30, 2023

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection.

Firewall 106

Firewall Authentication 106

IT Security Guru

JANUARY 22, 2025

As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. If you are looking to improve your cybersecurity, consider these plugins to build a more robust defence: Wordfence: A comprehensive security solution with a firewall, malware scanner, and login security features like two-factor authentication.

Artificial Intelligence 117

Artificial Intelligence Backups Mobile Firewall 117

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. Patch your #Fortigate. Details at a later time.

Firewall 98

Firewall VPN Authentication Media 98

The Hacker News

JUNE 11, 2023

Fortinet has released patches to address a critical security flaw in its FortiGate firewalls that could be abused by a threat actor to achieve remote code execution.

Firewall 99

Firewall VPN Authentication 99

eSecurity Planet

DECEMBER 18, 2023

December 11, 2023 Sonar Finds Three Vulnerabilities in Open-Source Firewall pfSense Type of vulnerability: Cross-site scripting and command injection. NIST has cataloged the three vulnerabilities as CVE-2023-42325 , CVE-2023-42327 , and CVE-2023-42326. pfSense CE 2.7.0 and below and pfSense Plus 23.05.1

Backups 116

Backups Firewall Engineering Software 116

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. Threat actors are actively attempting to exploit the command injection vulnerability CVE-2023-28771 impacting Zyxel firewalls. in its firewall devices.

Firmware 98

Firmware Firewall Authentication VPN 98

The Hacker News

AUGUST 30, 2023

Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild, according to multiple reports.

Firewall 97

Firewall 97

eSecurity Planet

AUGUST 29, 2023

Firewall-as-a-Service (FWaaS) offers firewall capabilities as a cloud-based service. Traditional firewalls protect the network perimeter, enforcing security standards by regulating incoming and outgoing traffic according to rules and traffic analysis.

Firewall 98

Firewall Architecture Data privacy Internet 98

Heimadal Security

FEBRUARY 10, 2023

Compared to network security systems that include appliances such as firewalls that monitor traffic as it flows through a scenario, threat hunting is a different approach to dealing with cyber-attacks.

Firewall 105

Firewall Cyber Attacks Network Security 105

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Set firewall filters to prevent access to unauthorized domains. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection.

Passwords 140

Passwords Authentication Architecture Risk 140

Penetration Testing

FEBRUARY 4, 2024

Recently, two security vulnerabilities have been identified in Malwarebytes Binisoft Windows Firewall Control, a widely-used tool that enhances the capabilities of the Windows Firewall.

Firewall 82

Firewall Penetration Testing Risk 82