Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” firmware or later. . firmware or later.

Firmware 122

Firmware VPN Accountability Advertising 122

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password.

Firmware 123

Firmware Passwords Accountability VPN 123

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 95

Firmware VPN Firewall Accountability 95

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 116

Firmware Ransomware Passwords Mobile 116

Security Affairs

APRIL 28, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.50

Firewall 98

Firewall Firmware VPN Authentication 98

Security Boulevard

MARCH 31, 2025

Privacy Without Compromise: Proton VPN is Now Built Into Vivaldi Vivaldi Vivaldi integrates ProtonVPN natively into its desktop version of its browser. Proton Drive and Docs now support collaboration with users without Proton accounts Proton Proton users can now collaborate on documents with anyone -- including those without Proton accounts.

VPN 59

VPN Surveillance Malware Data breaches 59

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. Specifically, it was fetching account icons and defaulted to opening password reset pages over HTTP.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN 117

VPN Accountability Authentication Passwords 117

Security Boulevard

FEBRUARY 17, 2025

The more accounts you have, the bigger your attack surface and potential exposure to data breaches. Tips for finding old accounts. Kagi also introduces Privacy Pass, which allows users to authenticate to servers (like Kagi's) without revealing their identity; this should ensure searches are unlinkable to accounts.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35. ” concludes the analysis.

Firewall 133

Firewall Firmware Cyber Attacks VPN 133

Security Affairs

APRIL 4, 2019

Firmware updates that address this vulnerability are not currently available. Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root. through 1.4.2.20.

Small Business 103

Small Business Firmware Advertising VPN 103

Adam Levin

FEBRUARY 10, 2020

If you have doubts, check it out–go directly to your account or to the source, which you should always independently verify, if the communication refers to anything service or finance related. You go online and you can’t access your cloud account, or you can’t find data stored on a device or in a specific service.

Passwords 245

Passwords Phishing Password Management Accountability 245

Security Affairs

APRIL 25, 2022

Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a virtual private network (VPN).

Ransomware 132

Ransomware Antivirus Passwords Malware 132

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware 117

Ransomware Passwords Backups Firmware 117

Security Affairs

FEBRUARY 23, 2020

FC Barcelona and the International Olympic Committee Twitter accounts hacked. Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks. Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack. US administration requests $9.8B for cyber 2021 budget for the Department of Defense.

Artificial Intelligence 98

Artificial Intelligence eCommerce Hacking Advertising 98

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware 117

Ransomware DDOS Passwords Backups 117

Security Affairs

FEBRUARY 11, 2019

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 “Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!”

Antivirus 111

Antivirus Advertising Firmware VPN 111

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware 79

Ransomware VPN Cybercrime Accountability 79

SecureWorld News

OCTOBER 8, 2023

Periodically, at least once a quarter, review the security settings of your social media accounts and the apps linked to them. Be vigilant about duplicate accounts of people you know. Some people register several accounts, for example, to avoid losing contact with the network in case of temporary blocking.

Firmware 111

Firmware IoT Accountability Passwords 111

Security Affairs

MARCH 26, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. • Regularly, change passwords to network systems and accounts, and avoid reusing passwords for different accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware 145

Ransomware Encryption Passwords Malware 145

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability 98

Accountability Passwords Authentication Firmware 98

IT Security Guru

JUNE 22, 2021

Check that your OS, applications and firmware are updated with appropriate patches. Any systems you have in place to allow staff to connect into your organisation remotely, including VPN. Stopping password/account sharing. Ensuring that high-privilege users such as administrators use different passwords across accounts.

Passwords 108

Passwords Authentication Wireless Government 108

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware 108

Ransomware Encryption Passwords Internet 108

Malwarebytes

SEPTEMBER 21, 2021

Whether you’re looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. Keep your online accounts secure. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable.

Internet 127

Internet Internet Passwords Password Management 127

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes. Consider installing and using a VPN. Use multi-factor authentication wherever possible.

Education 111

Education Ransomware Phishing Passwords 111

Malwarebytes

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.

Ransomware 143

Ransomware Manufacturing Passwords Internet 143

eSecurity Planet

JANUARY 16, 2024

The problem: WordPress plugin Popup Builder is vulnerable to exploitation through a flaw that allows attackers to perform administrator-level actions like installing new rogue plugins or creating new admin accounts. The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products.

Firewall 109

Firewall Firmware IoT Authentication 109

SiteLock

AUGUST 27, 2021

To help avoid these online risks, it is highly recommended to use a Virtual Private Network (VPN). VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. A VPN provides a secure internet connection, ensuring your browsing data is encrypted for maximum privacy and security.

IoT 98

IoT Spyware VPN Passwords 98

eSecurity Planet

MAY 28, 2021

From BIOS and firmware to UEFI code, VBOS is an attack vector that requires more attention. While the design of a unified extensible firmware interface (UEFI) overcame BIOS limitations, both components critical to computer operation are an increasing target. Current Target: VBOS. Also Read: Cybersecurity Becomes A Government Priority.

Software 119

Software DNS Firmware VPN 119

Security Affairs

APRIL 2, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Government 102

Government Passwords Accountability Firmware 102

DoublePulsar

JANUARY 15, 2025

Each folder then contains an IP address, and each IP address contains config.confa full Fortigate config dumpand vpn-users.txt, a plaintext list of credentials. The outlier device appears to have a pre-production version of firmware 7.2.2, operating as a FortiWiFi devicemy guess would be it was also vulnerable.

Firewall 80

Firewall VPN Passwords Firmware 80

eSecurity Planet

APRIL 28, 2022

Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities. “U.S.,

Cybersecurity 113

Cybersecurity Software Firmware Internet 113

Approachable Cyber Threats

JANUARY 17, 2023

A publicly available network may not always have the latest firmware, patch updates on its hardware, or have proper encryption enabled; therefore, if you connect to the network you may be exposing yourself to potential risks. This means don’t log into your bank account on your favorite coffee shop’s Wi-Fi. What are the potential risks?”

Encryption 97

Encryption Internet Internet VPN 97

Malwarebytes

MARCH 10, 2022

Observed since: September 2019 Ransomware note: Restore-My-Files.txt Ransomware extension: lockbit Kill Chain: Brute force attack on a web server containing an outdated VPN service > LockBit Sample hash: 9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af. Use double authentication when logging into accounts or services.

Ransomware 86

Ransomware Phishing Accountability Technology 86

Digital Shadows

JANUARY 14, 2025

To gain access to internal networks, Akira targeted local accounts with disabled multifactor authentication (MFA) and SonicOS firmware versions vulnerable to exploitation, often exposed to the internet for virtual private network (VPN) access. In addition, aligning PowerShell policies with user roles further minimizes abuse.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

eSecurity Planet

JANUARY 22, 2024

The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities. The authenticated user must also be logged into an account on an instance of GHES. GitHub has already rotated the credentials for these issues. and later releases of 13.1

Authentication 113

Authentication Malware VPN Mobile 113

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4%

Cyber Attacks 66

Cyber Attacks Firmware Malware Hacking 66