Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime 110

Cybercrime Identity Theft Cryptocurrency Phishing 110

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall 82

Firewall VPN Accountability Firmware 82

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN 98

VPN Ransomware Hacking Education 98

CyberSecurity Insiders

MARCH 21, 2023

However, with so many VPN providers available, it can be challenging to choose the best VPN for your needs. In this article, we will guide you through the process of choosing the best VPN for your needs. The first step in choosing the best VPN is to determine your needs. Or do you need a VPN for general internet use?

VPN 116

VPN Internet Internet Encryption 116

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN 134

VPN Software Encryption Authentication 134

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 141

VPN Firewall Accountability Cybersecurity 141

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) In December 2023, Volexity investigated an attack where an attacker was placing webshells on multiple internal and external-facing web servers.

VPN 128

VPN Authentication Small Business Telecommunications 128

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The flaw CVE-2023-46805 (CVSS score 8.2) In December 2023, Volexity investigated an attack where an attacker was placing webshells on multiple internal and external-facing web servers.

VPN 128

VPN Malware Authentication Small Business 128

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN 134

VPN Authentication Cyber Attacks Passwords 134

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN 136

VPN Malware Authentication Hacking 136

Krebs on Security

JUNE 15, 2023

” When security experts began raising the alarm about a possible zero-day in Barracuda’s products, the Chinese hacking group altered their tactics, techniques and procedures (TTPs) in response to Barracuda’s efforts to contain and remediate the incident, Mandiant found. “Patch your #Fortigate.”

Risk 263

Risk VPN Internet Internet 263

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 132

VPN Firmware Malware Government 132

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware 145

Ransomware VPN Authentication Hacking 145

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023.

Ransomware 142

Ransomware Hacking Engineering Manufacturing 142

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication 135

Authentication VPN Hacking Government 135

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. The Rhysida ransomware group has been active since May 2023.

Ransomware 139

Ransomware Hacking Manufacturing Healthcare 139

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall 98

Firewall VPN Authentication Hacking 98

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware 140

Ransomware Hacking Manufacturing Healthcare 140

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication 132

Authentication VPN Hacking Government 132

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

FEBRUARY 1, 2024

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. 20240126.5.xml”

VPN 130

VPN Authentication Software Malware 130

Security Affairs

AUGUST 31, 2023

. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.”

Authentication 137

Authentication Ransomware VPN Hacking 137

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost.

Ransomware 136

Ransomware Backups VPN Authentication 136

CyberSecurity Insiders

DECEMBER 6, 2022

When employees aren’t in the office, they’re liable to engage in risky behaviors such as using unsecured WiFi without a VPN, leaving work devices unlocked in public places, and clicking on malicious emails. While there are plenty of unknowns as we head into 2023, one thing isn’t in doubt: cybersecurity will be more important than ever.

Cybersecurity 129

Cybersecurity VPN Digital transformation Education 129

Security Affairs

AUGUST 15, 2023

Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hack. Researchers from the Synack Red Team found multi flaws ( CVE-2023-33871, CVE-2023-38257, CVE-2023-35763 and CVE-2023-35189 ) in the ScrutisWeb ATM fleet monitoring software that can be exploited to remotely hack ATMs.

Software 98

Software Hacking VPN Firewall 98

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. One glaring example is Iran, which faced a series of spectacular hacks and sabotages. One of the major cyber-incidents of 2022 took place early this year: the Okta hack.

Firmware 128

Firmware Surveillance Mobile Telecommunications 128

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall 98

Firewall VPN Firmware Manufacturing 98

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8) in Adobe Acrobat Reader.

VPN 138

VPN Encryption Hacking Risk 138

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. Threat actors are actively attempting to exploit the command injection vulnerability CVE-2023-28771 impacting Zyxel firewalls. in its firewall devices.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware 63

Malware Spyware Antivirus VPN 63

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH. per day, or $1350 per month.

IoT 137

IoT DDOS Passwords Malware 137

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost.

Ransomware 122

Ransomware Backups VPN Authentication 122

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. The client update process is executed after a successful VPN connection is established.” ” reads the advisory published by the company.

VPN 98

VPN Mobile Software Authentication 98

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 131

VPN Cybercrime Ransomware Hacking 131

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

VPN 98

VPN Hacking Cyber Attacks Software 98

Security Affairs

JANUARY 21, 2023

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability , tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers.

Hacking 98

Hacking Small Business VPN Internet 98

Security Affairs

FEBRUARY 27, 2024

Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16 Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall 137

Firewall VPN Authentication Hacking 137