2023, Information Security and VPN - Cyber Security Informer

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The company is providing mitigation and confirmed it is working on the development of a security patch.

VPN

VPN Authentication Small Business Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. The company is providing mitigation and confirmed it is working on the development of a security patch.

VPN

VPN Malware Authentication Small Business

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN

VPN Authentication Cyber Attacks Passwords

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication

Authentication VPN Hacking Government

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

VPN

VPN Authentication Software Malware

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. through 6.2.13

Firewall

Firewall VPN Firmware Manufacturing

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical vulnerability affecting its network-attached storage (NAS) devices. Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. in its firewall devices.

Firmware

Firmware Firewall Authentication VPN

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. The client update process is executed after a successful VPN connection is established.” ” reads the advisory published by the company.

VPN

VPN Mobile Software Authentication

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. “This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features.

Ransomware

Ransomware VPN Authentication Hacking

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication

Authentication VPN Hacking Government

Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

VPN

VPN Hacking Cyber Attacks Software

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. The company added that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

VPN

VPN Cyber Attacks Software Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN

VPN Government Malware Manufacturing

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware Backups VPN Authentication

Zyxel fixed four bugs in firewalls and access points

Security Affairs

FEBRUARY 27, 2024

Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16 Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall

Firewall VPN Authentication Hacking

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8)

VPN

VPN Encryption Hacking Risk

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups Ransomware VPN Accountability

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60

Firmware

Firmware VPN Firewall Hacking

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware Backups VPN Authentication

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

A vulnerability impacting Zyxel firewalls, tracked as CVE-2023-28771, can be exploited to execute arbitary code on vulnerable devices. Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. through 5.35. through 5.35.

Firewall

Firewall Firmware VPN Authentication

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN

VPN Cybercrime Ransomware Hacking

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

VPN

VPN Government Malware Manufacturing

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Security Affairs

JANUARY 17, 2024

Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. The vulnerability CVE-2023-6548 is an authenticated (low privileged) remote code execution affecting Management Interface.

VPN

VPN Software Authentication Internet

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN DDOS

Hacktivist group Twelve is back and targets Russian entities

Security Affairs

SEPTEMBER 22, 2024

The hacktivist group Twelve has been active since at least April 2023, it was formed in the wake of the conflict between Russia and Ukraine. The threat actor gains initial access by abusing valid local or domain accounts, VPN or SSH certificates.

VPN

VPN Encryption Hacking Accountability

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

Security Affairs

JUNE 12, 2023

Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. Patch your #Fortigate. Patch your #Fortigate.

Firewall

Firewall VPN Authentication Media

FIN8-linked actor targets Citrix NetScaler systems

Security Affairs

AUGUST 29, 2023

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519 , in a large-scale campaign. The flaw CVE-2023-3519 (CVSS score: 9.8) php) on victim machines.

VPN

VPN Ransomware DNS Malware

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities.

Passwords

Passwords Wireless VPN Accountability

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Security Affairs

DECEMBER 3, 2023

The addressed issues are tracked as CVE-2023-35136 , CVE-2023-35139 , CVE-2023-37925 , CVE-2023-37926 , CVE-2023-4397 , CVE-2023-4398 , CVE-2023-5650 , CVE-2023-5797 , CVE-2023-5960. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall

Firewall Authentication VPN Cyber Attacks

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Security Affairs

OCTOBER 6, 2023

Cisco addressed a critical Static Credentials Vulnerability, tracked as CVE-2023-20101, impacting Emergency Responder. Cisco released security updates to address a critical vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), impacting Emergency Responder.

Accountability

Accountability VPN Hacking Software

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Firewall

Firewall Government VPN Authentication

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 18, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability. CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability.

Authentication

Authentication VPN Software Engineering

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware

Ransomware VPN Government Retail

Two zero-day bugs in Ivanti Connect Secure actively exploited

Security Affairs

JANUARY 11, 2024

Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. According to KB Article , customers can mitigate CVE-2023-46805 and CVE-2024-21887 by importing mitigation.release.20240107.1.xml

Authentication

Authentication VPN Mobile Hacking

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

“The Ministry of Defence (MOD) of the Netherlands was impacted in 2023 by an intrusion into one of its networks. reads the advisory published by the security vendor. The effects of the attack were limited because of the network segmentation implemented in the government infrastructure.

Malware

Malware Firmware VPN Backups

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Trending Sources

Zyxel firewall and VPN devices affected by critical flaws

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Multiple malware used in attacks exploiting Ivanti VPN flaws

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

China’s Volt Typhoon botnet has re-emerged

Akira ransomware targets Finnish organizations

Zyxel fixed four bugs in firewalls and access points

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Zyxel published guidance for protecting devices from ongoing attacks

Akira ransomware targets Finnish organizations

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

China’s Volt Typhoon botnet has re-emerged

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Widespread exploitation by botnet operators of Zyxel firewall flaw

Hacktivist group Twelve is back and targets Russian entities

Fortinet urges to patch a critical RCE flaw in Fortigate firewalls

FIN8-linked actor targets Citrix NetScaler systems

Chinese threat actors use Quad7 botnet in password-spray attacks

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Two zero-day bugs in Ivanti Connect Secure actively exploited

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Stay Connected