Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

VPN 112

VPN Firewall Technology Passwords 112

Security Affairs

OCTOBER 9, 2024

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. ” reads the advisory. ” reads the advisory.

Firewall 127

Firewall Passwords Authentication Phishing 127

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Repeated attacks can eventually trigger a DoS condition by forcing the firewall into maintenance mode, requiring manual intervention to restore online functionality.

Firewall 137

Firewall Software Engineering Authentication 137

Security Affairs

MARCH 18, 2025

The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests. The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests.

Authentication 115

Authentication Ransomware Firewall Hacking 115

Security Affairs

FEBRUARY 27, 2024

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points.

Firewall 136

Firewall VPN Authentication Hacking 136

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 64

Firewall Firmware Authentication VPN 64

Security Affairs

JULY 1, 2024

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. The flaw in Juniper Networks Session Smart Router or Conductor with a redundant peer allows a network-based attacker to bypass authentication and gain full control of the device.

Authentication 127

Authentication Firewall Hacking 127

eSecurity Planet

OCTOBER 28, 2024

October 21, 2024 VMware Re-Patches September Vulnerability Type of vulnerability: Heap overflow and privilege escalation. This vulnerability is tracked as CVE-2024-38812 and has a base score of 9.8. October 22, 2024 Samsung Zero-Day Could Allow Privilege Escalation Type of vulnerability: Use-after-free. base score.

Phishing 103

Phishing Authentication Software VPN 103

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. Check out our links below for more info.

Identity Theft 110

Identity Theft Passwords Phishing Accountability 110

Security Affairs

FEBRUARY 21, 2025

An authenticated attacker with network access to the management web interface could exploit the flaw to read files that are readable by the nobody user. Attackers are chaining them with the CVE-2025-0108 with CVE-2024-9474 issues. Palo Alto Networks addressed the flaw CVE-2025-0111 on February 12, 2025.

Authentication 78

Authentication Firewall Cybersecurity Hacking 78

Security Affairs

DECEMBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. Last week, VulnCheck researchers warned that ProjectSend vulnerability CVE-2024-11680 (CVSS score: 9.8) appears to have been exploited by attackers in the wild.

Firewall 112

Firewall Authentication Accountability Firmware 112

eSecurity Planet

OCTOBER 7, 2021

The network firewall is the first line of defense for traffic that passes in and out of a network. The firewall examines traffic to ensure it meets the security requirements set by the organization, and unauthorized access attempts are blocked. Firewall protection has come a long way in recent years. Next-generation firewalls.

Firewall 105

Firewall Marketing Technology Social Engineering 105

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. Versions 9.x

Firewall 110

Firewall Firmware IoT Authentication 110

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Firewall 132

Firewall Government VPN Authentication 132

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! The Polyfill.io

Internet 113

Internet Internet Risk Social Engineering 113

Security Affairs

JULY 12, 2024

Palo Alto Networks addressed five vulnerabilities impacting its products, including a critical authentication bypass issue. Palo Alto Networks Expedition is a tool designed to help users transition to and optimize Palo Alto Networks’ next-generation firewalls. >= 7.9.102-CE 2024-07-10 2024-07-10 5.4

Authentication 131

Authentication Firewall Accountability Hacking 131

Security Boulevard

APRIL 17, 2025

The Old Guard: Firewalls, VPNs and Exposed Control Planes Cyberattacks have evolved beyond the perimeter. No longer limited to opportunistic breaches, attackers are now executing coordinated campaigns that target the very foundations of enterprise network infrastructure firewalls, VPNs, and control planes. The takeaway?

Firewall 64

Firewall VPN Encryption Architecture 64

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

SecureWorld News

JANUARY 16, 2025

Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk. Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Affairs

AUGUST 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added Versa Director Dangerous File Type Upload Vulnerability CVE-2024-39717 (CVSS score: 6.6) Exploitation requires successful authentication by a user with the necessary privileges. CISA orders federal agencies to fix this vulnerability by September 13, 2024.

Firewall 126

Firewall Authentication Hacking Cybersecurity 126

Security Affairs

JANUARY 29, 2025

The bot targets the command injection vulnerability CVE-2024-41710 that impacts Mitel models. ” The malware targets the flaw CVE-2024-41710 that affects Mitel 6800, 6900, and 6900w series SIP phones, including the 6970 Conference Unit through R6.4.0.HF1 Named after the Aqua filename, it was first reported in November 2023.

DDOS 67

DDOS Firmware Malware Firewall 67

SecureList

MAY 7, 2024

Additionally, we take a close look at several noteworthy vulnerabilities discovered in Q1 2024. The number of newly registered CVEs, 2019 — 2024. The decline in 2024 is due to data being available for Q1 only ( download ) As the chart illustrates, the number of new vulnerabilities has been steadily increasing year over year.

Software 121

Software Internet Internet Social Engineering 121

Security Affairs

FEBRUARY 15, 2025

CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug U.S. custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware 69

Spyware Firewall Artificial Intelligence Malware 69

Security Affairs

APRIL 28, 2024

Another severe issue is related to the presence of Hardcoded Docker Keys tracked as CVE-2024-29963 (CVSS score of 8.6). The patches were released in April 2024, 19 months after Brocade firstly rejected the vulnerabilities and 11 months after Brocade acknowledged the vulnerabilities. Brocade SANnav OVA before v2.3.1,

Firewall 123

Firewall Authentication Backups Architecture 123

Digital Shadows

MARCH 17, 2025

Implement Network Segmentation Behind VPN Access: Since attackers target the sslvpn_websession file to harvest credentials, segment your network so that VPN users land in an isolated environment that requires extra authentication to access critical systems. CVE-2022-40684: Admin Control over VPN Infrastructure What is CVE-2022-40684?

VPN 133

VPN Authentication Ransomware Risk 133

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Multi-factor authentication : Protects stolen credentials against use by requiring more than a simple username and password combination for access to resources. globally, +19.8%

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild. Impacted versions are R80.20.x,

VPN 125

VPN Passwords Authentication Accountability 125

Security Affairs

APRIL 15, 2024

Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024. This flaw impacts PAN-OS 10.2,

Firewall 136

Firewall Hacking Authentication Software 136

Security Affairs

DECEMBER 11, 2024

Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ “The attack campaign, which we have dubbed Operation Digital Eye, took place from late June to mid-July 2024, lasting approximately three weeks.”

Firewall 74

Firewall Malware Accountability Technology 74

The Last Watchdog

NOVEMBER 12, 2023

Here are my takeaways: Matter picks up steam Frustration with smart home devices should be much reduced in 2024. Matter works much the way website authentication and website traffic encryption gets executed. DMARC is a robust email authentication protocol that has been around for more than a decade.

Manufacturing 276

Manufacturing Authentication Marketing Encryption 276

Security Boulevard

JANUARY 14, 2025

Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability 9.6 websocket module.

Authentication 59

Authentication VPN Firewall 59

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 140

VPN Firewall Authentication Hacking 140

Security Affairs

NOVEMBER 8, 2024

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS.

Firewall 102

Firewall Authentication Internet Internet 102

Security Affairs

MARCH 16, 2025

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks U.S. New MassJacker clipper targets pirated software seekers Cisco IOS XR flaw allows attackers to crash BGP process on routers LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

Spyware 72

Spyware Cybercrime Ransomware IoT 72

eSecurity Planet

MARCH 28, 2025

Fortinet and Palo Alto Networks are two of the best network security providers, offering excellent next-generation firewalls (NGFWs) with strong, independently verified security. Fortinet excels in usability and administration, while Palo Alto has an edge in advanced features and firewall capabilities. 5 Ease of us: 4.7/5

Firewall 58

Firewall Small Business Architecture Spyware 58

Security Boulevard

JANUARY 2, 2024

Let's delve into the rewind of 2023, exploring five influential trends and threats that molded the cyberthreat landscape and are poised to resonate throughout enterprises in 2024. GenAI and large language mode (LLM) tools will be the great enablers of 2024, continuing to lower the barrier to entry for threat actors. The solution?

CISO 104

CISO Social Engineering Architecture Ransomware 104