2023, Information Security and VPN - Cyber Security Informer

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. ” reads the advisory.

VPN

VPN Authentication Hacking Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN

VPN Government Malware Manufacturing

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Earliest evidence dates to September 2023, but the experts have yet to determine the initial access method. Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway.

Malware

Malware VPN Encryption Hacking

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

Passwords

Passwords Wireless VPN Accountability

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall

Firewall VPN Accountability Firmware

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The company is providing mitigation and confirmed it is working on the development of a security patch.

VPN

VPN Authentication Small Business Telecommunications

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency.

Ransomware

Ransomware Hacking Social Engineering VPN

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN

VPN Authentication Cyber Attacks Passwords

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The company is providing mitigation and confirmed it is working on the development of a security patch.

VPN

VPN Malware Authentication Small Business

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication

Authentication VPN Hacking Government

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware

Ransomware VPN Authentication Hacking

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems. In January 2024, U.S.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication

Authentication VPN Hacking Government

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

VPN

VPN Authentication Software Malware

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. in its firewall devices.

Firmware

Firmware Firewall Authentication VPN

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. The client update process is executed after a successful VPN connection is established.” ” reads the advisory published by the company.

VPN

VPN Mobile Software Authentication

Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

VPN

VPN Hacking Cyber Attacks Software

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8)

VPN

VPN Encryption Hacking Risk

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware Backups VPN Authentication

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

VPN

VPN Cyber Attacks Software Cybersecurity

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16 Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall

Firewall VPN Authentication Hacking

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware Backups VPN Authentication

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60

Firmware

Firmware VPN Firewall Hacking

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Security Affairs

JANUARY 17, 2024

Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

VPN

VPN Software Authentication Internet

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519 , in a large-scale campaign. The flaw CVE-2023-3519 (CVSS score: 9.8) php) on victim machines.

VPN

VPN Ransomware DNS Malware

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Firewall

Firewall Government VPN Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Antivirus VPN

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Security Affairs

OCTOBER 6, 2023

Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder.

Accountability

Accountability VPN Hacking Software

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed.

Malware

Malware Software Technology Accountability

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Security Affairs

DECEMBER 3, 2023

The addressed issues are tracked as CVE-2023-35136 , CVE-2023-35139 , CVE-2023-37925 , CVE-2023-37926 , CVE-2023-4397 , CVE-2023-4398 , CVE-2023-5650 , CVE-2023-5797 , CVE-2023-5960. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall

Firewall Authentication VPN Cyber Attacks

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware VPN Government Retail

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 18, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability. CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability.

Authentication

Authentication VPN Software Engineering

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

China’s Volt Typhoon botnet has re-emerged

Trending Sources

J-magic malware campaign targets Juniper routers

Chinese threat actors use Quad7 botnet in password-spray attacks

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Cloak ransomware group hacked the Virginia Attorney General’s Office

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Multiple malware used in attacks exploiting Ivanti VPN flaws

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Zyxel firewall and VPN devices affected by critical flaws

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Akira ransomware targets Finnish organizations

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Zyxel fixed four bugs in firewalls and access points

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Akira ransomware targets Finnish organizations

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Zyxel published guidance for protecting devices from ongoing attacks

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

FIN8-linked actor targets Citrix NetScaler systems

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Akira ransomware received $42M in ransom payments from over 250 victims

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

3CX Breach Was a Double Supply Chain Compromise

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Stay Connected