Security Affairs

NOVEMBER 21, 2024

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities ( CVE-2024-0012 and CVE-2024-9474 ) in PAN-OS.

Firewall 112

Firewall Hacking VPN Cybersecurity 112

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Firewall 132

Firewall Government VPN Authentication 132

Security Affairs

OCTOBER 24, 2024

Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-20481 (CVSS score of 5.8) ” reads the advisory.

VPN 122

VPN Firewall Passwords Software 122

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise.

Firewall 74

Firewall Ransomware VPN Firmware 74

eSecurity Planet

NOVEMBER 1, 2021

Firewalls are as central to IT security as antivirus programs are to PCs, and the multi-billion-dollar market remains large and growing. But the term “firewall” is far too broad to be of much use to IT security buyers. Types of Firewalls. What is a Firewall? Firewalls protect both on-premises and cloud environments.

Firewall 107

Firewall Small Business Marketing Software 107

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. Versions 9.x

Firewall 101

Firewall Firmware IoT Authentication 101

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 139

VPN Accountability Firewall Data breaches 139

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. This vulnerability is due to resource exhaustion.

VPN 112

VPN Firewall Technology Passwords 112

Security Affairs

NOVEMBER 16, 2024

Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs). Last week, Palo Alto Networks warned customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability (CVSSv4.0 Base Score: 9.3)

Firewall 126

Firewall Internet Internet VPN 126

Security Affairs

MAY 30, 2024

Threat actors exploited the flaw to gain remote firewall access and breach corporate networks. Early this week, the security firm warned of a surge in attacks aimed at VPN solutions. CISA orders federal agencies to fix this vulnerability by June 20, 2024. Impacted versions are R80.20.x, x, and R81.20.

VPN 128

VPN Firewall Hacking Risk 128

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 131

VPN Cybercrime Ransomware Hacking 131

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. CISA orders federal agencies to fix this vulnerability by May 1st, 2024.

VPN 133

VPN Software Firewall Authentication 133

Security Boulevard

JULY 18, 2024

Welcome to the Summer 2024 edition of the Below the Surface Threat Report. As the heat of summer continues, we continue to see increased attacks against VPN and firewall appliances and IoT devices. The post Below The Surface Summer 2024 appeared first on Security Boulevard.

Threat Reports 64

Threat Reports VPN IoT Firewall 64

Security Affairs

JANUARY 21, 2024

Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence 128

Artificial Intelligence VPN Hacking Firewall 128

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. You can strengthen your cybersecurity defenses by using reliable antivirus software, firewalls, intrusion detection systems, and virtual private networks (VPNs).

Firewall 102

Firewall VPN Software Risk 102

Pen Test Partners

JULY 1, 2024

TL;DR The Qualys Threat Research Unit has found a high-severity vulnerability, filed under CVE-2024-6387, affects OpenSSH (Open Secure Shell), a networking utility often used for remote server management and secure communication over insecure networks. CVE-2024-6387 affects the OpenSSH server on glibc-based Linux systems.

InfoSec 83

InfoSec Authentication VPN Firewall 83

SecureList

JUNE 3, 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024.

Banking 103

Banking Malware Computers and Electronics Mobile 103

Centraleyes

APRIL 18, 2024

Cisco has sounded the alarm on a widespread increase in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since March 18, 2024. The attacks appear to originate from TOR exit nodes and other anonymizing tunnels and proxies.

VPN 52

VPN Firewall Authentication Passwords 52

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Deny-lists (aka: blacklist) : Blocks specific websites or IP addresses by adding them to a list for firewalls to ignore; very difficult to manage at scale. globally, +19.8%

Cybersecurity 103

Cybersecurity DDOS Penetration Testing Passwords 103

Security Affairs

AUGUST 27, 2024

China-linked APT Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717 , in Versa Director, to deploy a custom webshell on breached networks. Although details are limited, Versa Networks confirmed one case where the vulnerability was exploited due to a customer’s failure to implement recommended firewall guidelines.

Energy and Utilities 130

Energy and Utilities Firewall Technology Malware 130

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN 122

VPN Government Malware Manufacturing 122

SecureList

SEPTEMBER 3, 2024

The code was inserted in February and March 2024, mostly by Jia Cheong Tan – probably a fictitious identity. The XZ compromise was assigned the identifier CVE-2024-3094 and the maximum severity level of 10. The threat actor also made use of the server utility (VPN Server) from the SoftEther VPN package for tunneling.

Malware 94

Malware Passwords Ransomware Encryption 94

eSecurity Planet

FEBRUARY 12, 2024

February 5, 2024 JetBrains TeamCity Saga Continues with Another Server Vulnerability Type of vulnerability: Authentication bypass by an unauthenticated attacker. The vulnerability is tracked as CVE-2024-23917. The vulnerability is tracked as CVE-2024-21762 and has a critical severity rating. through 2023.11.2.

VPN 106

VPN Authentication Software Firewall 106

Security Boulevard

FEBRUARY 2, 2024

Introduction Ivanti, an IT management and security company, has issued a warning about multiple zero-day vulnerabilities in its VPN products exploited by Chinese state-backed hackers since December 2023. and CVE-2024-21887(a command-injection vulnerability found into multiple web components with a CVSS score of 9.1)

VPN 64

VPN Risk Architecture Firewall 64

SecureWorld News

AUGUST 28, 2024

The vulnerability, CVE-2024-39717 , affects Versa Director versions 21.2.3, Researchers at Lumen's Black Lotus Labs discovered the exploit on June 17, 2024, after analyzing a suspicious file uploaded to VirusTotal. Further investigation revealed that Volt Typhoon had exploited this vulnerability since June 12, 2024. and 22.1.3.

VPN 84

VPN Firewall Accountability Internet 84

The Last Watchdog

MAY 14, 2021

Early SD-WAN solutions “were built only to replace an MPLS-VPN with an Internet-based VPN,” Ahuja says. The firewall emerged as the cornerstone around which companies were encouraged to pursue a so-called defense-in-depth strategy. Anti-virus suites morphed into endpoint detection systems. SASE fundamentals.

Firewall 138

Firewall Mobile VPN Digital transformation 138

NopSec

MAY 1, 2024

Let’s drop to a command line, clone some Git repos and demystify the trending CVEs of April 2024. Palo Alto PanOS RCE CVE-2024-3400 It feels like the first quarter of 2024 has been defined by a string of SSL VPN command execution vulnerabilities and Palo Alto has jumped on the wagon. h3, < 11.1.1-h1,

Firewall 59

Firewall VPN Software Authentication 59

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 105

Authentication VPN Software DDOS 105

Security Affairs

DECEMBER 18, 2024

In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. .

Phishing 107

Phishing Government VPN Firewall 107

eSecurity Planet

OCTOBER 28, 2024

October 21, 2024 VMware Re-Patches September Vulnerability Type of vulnerability: Heap overflow and privilege escalation. This vulnerability is tracked as CVE-2024-38812 and has a base score of 9.8. October 22, 2024 Samsung Zero-Day Could Allow Privilege Escalation Type of vulnerability: Use-after-free. base score.

Phishing 81

Phishing Authentication VPN Software 81

Digital Shadows

OCTOBER 23, 2024

Key Points In October 2024, ReliaQuest responded to an intrusion affecting a manufacturing sector customer. In October 2024, ReliaQuest investigated an intrusion for a customer in the manufacturing sector. In February 2024, ALPHV conducted an exit scam against its affiliates and disbanded, leaving them searching for new partners.

Social Engineering 122

Social Engineering Engineering Accountability Backups 122

eSecurity Planet

JANUARY 22, 2024

January 16, 2024 Open-Source UEFI Implementation Sees 9 Vulnerabilities Type of vulnerability: Weaknesses in the network boot process of UEFI’s network implementation. Ivanti received a mention in last week’s recap , too, for its Connect Secure VPN and Policy Secure zero-days. and later releases of 13.1 NetScaler ADC 13.1-FIPS

Authentication 106

Authentication Malware VPN Mobile 106

SecureWorld News

JULY 15, 2024

Commerce Department has announced a full ban on the sale of Kaspersky products in the United States, effective July 20, 2024. Immediate compliance requirements Organizations using Kaspersky products must ensure compliance with the ban by July 20 of this year; and current Kaspersky customers have until September 29, 2024, to find alternatives.

Cybersecurity 107

Cybersecurity Antivirus Government Software 107

Security Affairs

NOVEMBER 24, 2024

A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane Microsoft seized 240 sites used by the ONNX phishing service U.S.

Cybercrime 71

Cybercrime Artificial Intelligence VPN Hacking 71

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime 71

Cybercrime Firewall Social Engineering Ransomware 71

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN 77

VPN Government Malware Manufacturing 77

eSecurity Planet

OCTOBER 15, 2024

October 1, 2024 CISA Releases Notice About Optigo Switch Vulnerability Type of vulnerability: Improper filename control and weak authentication. Set up a router firewall with a white list for the devices permitted to access OneView. Connect to OneView via secure VPN.” Only two had a CVSS score of 9.0

VPN 63

VPN Backups Authentication Software 63