Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

VPN 131

VPN Internet Internet Hacking 131

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) is a command injection vulnerability in web components of Ivanti Connect Secure (9.x,

VPN 128

VPN Authentication Small Business Telecommunications 128

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The security firm did not provide details about the attacks exploiting this vulnerability. The vendor recommends to disable SSL VPN as a workaround. through 7.4.2

VPN 132

VPN Firmware Malware Government 132

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) is a command injection vulnerability in web components of Ivanti Connect Secure (9.x,

VPN 127

VPN Malware Authentication Small Business 127

Security Affairs

FEBRUARY 1, 2024

For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. x) and Policy Secure (9.x,

VPN 130

VPN Authentication Software Malware 130

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software.

Backups 130

Backups Ransomware VPN Authentication 130

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security. million per incident.

Social Engineering 141

Social Engineering Cyber Attacks Cyber Insurance IoT 141

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 132

Backups Ransomware VPN Accountability 132

Security Affairs

OCTOBER 24, 2024

Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-20481 (CVSS score of 5.8) ” reads the advisory.

VPN 122

VPN Firewall Passwords Software 122

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

VPN 133

VPN Authentication Hacking Information Security 133

Security Affairs

FEBRUARY 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. The security firm did not provide details about the attacks exploiting this vulnerability. reads the advisory.

VPN 144

VPN Hacking Cybersecurity Risk 144

Security Affairs

APRIL 6, 2024

The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw.

Small Business 144

Small Business VPN Wireless Software 144

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 130

Backups VPN Ransomware Authentication 130

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 139

VPN Accountability Firewall Data breaches 139

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. This vulnerability is due to resource exhaustion.

VPN 112

VPN Firewall Technology Passwords 112

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks.

Ransomware 126

Ransomware Authentication Encryption VPN 126

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 131

VPN Cybercrime Ransomware Hacking 131

Security Affairs

MAY 30, 2024

Early this week, the security firm warned of a surge in attacks aimed at VPN solutions. The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that resides in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. Impacted versions are R80.20.x, x, and R81.20.

VPN 128

VPN Firewall Hacking Risk 128

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels. PSIRT and Talos launched an investigation to support the customer.

VPN 133

VPN Software Firewall Authentication 133

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Cyber Attacks 142

Cyber Attacks VPN Authentication Hacking 142

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication.

VPN 111

VPN Authentication Hacking Cybersecurity 111

Security Affairs

FEBRUARY 27, 2024

CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. Patch 2 USG FLEX 50(W)/USG20(W)-VPN Not affected ZLD V4.16

Firewall 136

Firewall VPN Authentication Hacking 136

Security Affairs

APRIL 24, 2024

Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Firewall 132

Firewall Government VPN Authentication 132

Security Affairs

AUGUST 12, 2024

During the Black Hat USA 2024 conference, Microsoft researchers disclosed multiple medium-severity bugs in the open-source project OpenVPN that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). ” concludes the post.

Data breaches 135

Data breaches Authentication VPN Hacking 135

Security Affairs

AUGUST 6, 2024

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. In January 2024, the Kimsuky APT group was spotted distributing malware through the website of a construction industry association in South Korea.

VPN 129

VPN Malware Software Hacking 129

Security Affairs

NOVEMBER 21, 2024

Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities ( CVE-2024-0012 and CVE-2024-9474 ) in PAN-OS. This access enables administrative actions, configuration tampering, or exploitation of other vulnerabilities like CVE-2024-9474.

Firewall 112

Firewall Hacking VPN Cybersecurity 112

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances.

Authentication 136

Authentication VPN Software Engineering 136

Security Affairs

SEPTEMBER 22, 2024

In spring 2024, the Telegram channel -=TWELVE=- was blocked for posting personal data in violation of Telegram’s terms. The threat actor gains initial access by abusing valid local or domain accounts, VPN or SSH certificates. Then the threat actor relies on the Remote Desktop Protocol (RDP) to facilitate lateral movement.

VPN 131

VPN Encryption Hacking Accountability 131

Security Affairs

JANUARY 21, 2024

Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence 128

Artificial Intelligence VPN Hacking Firewall 128

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. In September 2024, the Sekoia TDR team reported it had identified additional implants associated with the Quad7 botnet operation.

Passwords 133

Passwords Wireless VPN Accountability 133

Security Affairs

MARCH 11, 2024

The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN. A financially motivated threat actor named Magnet Goblin made the headlines for rapidly adopting and exploiting 1-day vulnerabilities, CheckPoint warned.

Malware 132

Malware VPN Encryption Hacking 132

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”

Malware 321

Malware Software Technology Accountability 321

Security Affairs

MARCH 1, 2024

The Five Eyes intelligence alliance issued a joint cybersecurity advisory warning of threat actors exploiting known vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. x and Ivanti Policy Secure. The second vulnerability, tracked as CVE-2024-21887 (CVSS score 9.1) x) and Ivanti Policy Secure.

Authentication 121

Authentication Cyber threats VPN Government 121

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 125

Spyware Surveillance DDOS Identity Theft 125

Security Affairs

JUNE 2, 2024

Ticketmaster confirms data breach impacting 560 million customers Critical Apache Log4j2 flaw still threatens global finance Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin ShinyHunters is selling data of 30 million Santander customers Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours LilacSquid APT (..)

Data breaches 123

Data breaches VPN Cloud Migration Cybercrime 123

Security Affairs

JULY 14, 2024

roads, collecting detailed data with cameras and lasers Shopify denies it was hacked, links stolen data to third-party app The July 2024 Security Update Review Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? Patch it now! million miles on U.S.

Data breaches 117

Data breaches VPN Malware Banking 117

Security Affairs

JANUARY 11, 2024

Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure. x and Ivanti Policy Secure. x and Ivanti Policy Secure. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1) x) and Ivanti Policy Secure. ” continues the advisory.

Authentication 125

Authentication VPN Mobile Hacking 125