Security Affairs

DECEMBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. Last week, VulnCheck researchers warned that ProjectSend vulnerability CVE-2024-11680 (CVSS score: 9.8) appears to have been exploited by attackers in the wild.

Firewall 113

Firewall Authentication Accountability Firmware 113

Security Affairs

JANUARY 29, 2025

The bot targets the command injection vulnerability CVE-2024-41710 that impacts Mitel models. ” The malware targets the flaw CVE-2024-41710 that affects Mitel 6800, 6900, and 6900w series SIP phones, including the 6970 Conference Unit through R6.4.0.HF1 Named after the Aqua filename, it was first reported in November 2023.

DDOS 68

DDOS Firmware Malware Firewall 68

Security Boulevard

APRIL 17, 2025

The Old Guard: Firewalls, VPNs and Exposed Control Planes Cyberattacks have evolved beyond the perimeter. No longer limited to opportunistic breaches, attackers are now executing coordinated campaigns that target the very foundations of enterprise network infrastructure firewalls, VPNs, and control planes. The takeaway?

Firewall 64

Firewall VPN Encryption Architecture 64

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

Security Affairs

SEPTEMBER 6, 2024

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. 5035 and older versions. .

Firewall 127

Firewall Passwords Internet Internet 127

SecureList

JUNE 3, 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Since it is not used by the firmware, we have no idea how the attackers learned to use it. There is no shortage of utilities that can be used to create a network tunnel between two systems.

Banking 119

Banking Malware Computers and Electronics Mobile 119

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Deny-lists (aka: blacklist) : Blocks specific websites or IP addresses by adding them to a list for firewalls to ignore; very difficult to manage at scale. globally, +19.8%

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

eSecurity Planet

SEPTEMBER 9, 2024

September 2, 2024 RansomHub Exploits Multiple Vulnerabilities to Attack Critical Sectors Type of vulnerability: Multiple security flaws from major organizations. September 3, 2024 D-Link Vulnerability Enables Remote Code Execution Type of vulnerability: Stack-based buffer overflow. All impacted models must be updated to version 7.00

Firmware 109

Firmware Backups Firewall Risk 109

Security Affairs

FEBRUARY 28, 2024

” In February 2024, a court order allowed US authorities to neutralize the Moobot botnet, a network of hundreds of small office/home office (SOHO) routers under the control of the Russia-linked group APT28. The operation reversibly modified the routers’ firewall rules to block remote management access to the devices.

Energy and Utilities 133

Energy and Utilities Government Firewall Malware 133

eSecurity Planet

SEPTEMBER 2, 2024

SonicWall dealt with a serious access control vulnerability that affected its firewall systems. August 26, 2024 SonicWall Identifies Access Control Vulnerability Type of vulnerability: Improper access control. The problem: CVE-2024-40766 , a critical access control vulnerability with a 9.3

Risk 57

Risk Firewall Firmware Engineering 57

eSecurity Planet

MARCH 4, 2024

February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect. February 27, 2024 Ransomware Gangs Target Unpatched ScreenConnect Servers Type of vulnerability: Authentication bypass and path traversal. The fix: Apply Windows patches ASAP.

IoT 117

IoT Internet Internet Ransomware 117

SecureList

NOVEMBER 25, 2024

In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024 , and offer insights into what we can expect in 2025. As expected, we continued to observe attacks in 2024 involving exploits for Apple devices. For instance, in Q2 2024, we saw a 23% increase in BYOVD usage.

IoT 120

IoT Energy and Utilities Phishing Cryptocurrency 120

eSecurity Planet

JULY 1, 2024

June 24, 2024 Ollama AI’s Probllama Vulnerability Enables RCE Type of vulnerability: Multiple, including remote code execution (RCE), path traversal, and insufficient input validation. The problem: A security flaw in the Ollama AI infrastructure platform, identified as CVE-2024-37032 , enabled attackers to do RCE.

Risk 62

Risk Authentication Firmware Software 62

eSecurity Planet

JANUARY 22, 2024

January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

AUGUST 20, 2024

District Court claims that NPD experienced a data breach around April 2024, alleging the following: Sensitive data , such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

eSecurity Planet

JULY 8, 2024

July 1, 2024 OpenSSH Releases Security Updates to Address RCE Type of vulnerability: Signal handler race condition in OpenSSH server. The problem: CVE-2024-6387 is a signal handler race issue within OpenSSH’s server (sshd) that affects glibc-based Linux systems. The fix: OpenSSH issued updates to address CVE-2024-6387.

Risk 62

Risk Authentication Firmware Surveillance 62

Security Boulevard

NOVEMBER 19, 2024

0x110000Retrieves the firmware table using the Windows information class SystemFirmwareTableInformation, iterates the table, and checks if any of its values are present in an embedded blocklist.Uses the Windows information class SystemVhdBootInformation and reads the structure member OsDiskIsVhd to verify if the disk is virtual.0x120000Checks

Antivirus 52

Antivirus Encryption Firewall Malware 52

SecureWorld News

OCTOBER 31, 2024

Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns. Spooky fact : Sophos says the average ransom in 2024 is $2.73 Phishing phantoms: masters of disguise Phishing scams have become more sophisticated.

IoT 120

IoT Phishing DDOS Backups 120

Security Affairs

AUGUST 2, 2024

Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of a vulnerability, tracked as CVE-2024-7029 (CVSS base score of 8.8), in Avtech camera that has been exploited in the wild. ” The vulnerability impacts Avtech AVM1203 IP cameras running firmware versions FullImg-1023-1007-1011-1009 and prior. .”

Firmware 129

Firmware Firewall Risk Authentication 129

Security Affairs

FEBRUARY 11, 2025

Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to hijack Fortinet firewalls. through 7.0.16

Firewall 126

Firewall Firmware VPN Authentication 126

SecureList

JANUARY 17, 2025

Firmware The MMB runs on Linux, and its filesystems are located on the eMMC. Custom IPC Inside the head unit, firmware services use custom IPC protocols for communication between their own threads, other services and other ECUs. CVE-2024-37601 The process of decoding files with the *.ud2 SMR-F files, but uncompressed.

Backups 124

Backups Architecture Firmware Software 124

Security Affairs

DECEMBER 22, 2024

BadBox rapidly grows, 190,000 Android devices infected Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks Sophos fixed critical vulnerabilities in its Firewall product U.S.

Data breaches 61

Data breaches Cybercrime Spyware Firmware 61