Accountability, Information Security and VPN

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN

VPN Passwords Authentication Accountability

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN

VPN Ransomware Firewall Internet

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. ” The three VPN bulletproof services were hosted at insorg.org , safe-inet.com , and safe-inet.net, their home page currently displays a law enforcement banner. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60 patch 0).

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” reads the post published by Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

OCTOBER 9, 2019

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN

VPN Advertising Accountability Healthcare

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

7 VPN services left data of millions of users exposed online

Security Affairs

JULY 21, 2020

vpnMentor experts reported that seven Virtual Private Network (VPN) recently left 1.2 Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see. . The server was secured on July 15 th.

VPN

VPN Advertising Passwords Internet

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The experts published the Yara rule for the detection of similar KrustyLoader samples. KrustyLoader – as I dubbed it – performs specific checks in order to run only if conditions are met.”

VPN

VPN Malware Authentication Small Business

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Phishing

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Below are the job descriptions used to recruit the hackers. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack. ” continues the company.

Accountability

Accountability Social Engineering Authentication VPN

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime VPN Malware Ransomware

Attackers impersonate CircleCI platform to compromise GitHub accounts

Security Affairs

SEPTEMBER 25, 2022

For users with TOTP-based two-factor authentication (2FA) enabled, the phishing site also relays any TOTP codes to the threat actor and GitHub in real time, allowing the threat actor to break into accounts protected by TOTP-based 2FA. Accounts protected by hardware security keys are not vulnerable to this attack.”

Accountability

Accountability Phishing Authentication Passwords

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

OCTOBER 6, 2019

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to breach into the target networks. Pierluigi Paganini.

VPN

VPN Advertising Healthcare Data breaches

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. Users have also to change passwords for any account accessed through the infected machine.

Accountability

Accountability Malware Data breaches Passwords

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

CISA also warned to continue to audit privilege-level access accounts. Mandiant researchers recently discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. Complete a factory reset per Ivanti’s instructions.

VPN

VPN Authentication Software Malware

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall

Firewall Passwords VPN Authentication

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

Microsoft has now confirmed that the attackers have compromised the account of one of its employees gaining limited access to source code repositories. Our investigation has found a single account had been compromised, granting limited access. No customer code or data was involved in the observed activities. Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Hacking

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN

VPN Accountability Firewall Data breaches

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. CISA and MS-ISAC assessed that the threat actor connected to the VM through the victim’s VPN with the intent to blend in with legitimate traffic to evade detection.”

Government

Government VPN Accountability Authentication

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. Deny Remote Access VPN Using the Default Group Policy ( DfltGrpPolicy ).

Ransomware

Ransomware VPN Authentication Hacking

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised. Microsoft Corp.

Malware

Malware Software Technology Accountability

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software.

Backups

Backups Ransomware VPN Accountability

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords

Passwords Wireless VPN Accountability

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

. “While during routine monitoring, researchers at Cyble observed a Threat Actor (TA) distributing multiple unauthorized Fortinet VPN access over one of the Russian cybercrime forums,” reads the analysis published by Cyble. As per intelligence gathered from sources, the victim organizations were using outdated FortiOS. .”

VPN

VPN Firewall Authentication Internet

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software.

Backups

Backups VPN Ransomware Authentication

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

One of the campaigns monitored by the experts and conducted by PHOSPHORUS APT group leveraged known vulnerabilities in Fortinet FortiOS SSL VPN and Microsoft Exchange Servers to deploy ransomware on vulnerable networks. . The CURIUM group leverage a network of fake social media accounts to trick the victims into installing malware.

VPN

VPN Social Engineering Accountability Media

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

It also ensures that your account credentials won’t be used for as long. This includes accounting, sales, and other teams. Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. Changing passwords regularly will make the lives of cyberbullies much harder.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Most often, communication between the service provider and the client takes place via VPN connections and Remote Desktop Protocol (RDP) services.

VPN

VPN Accountability Passwords Antivirus

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” continues the analysis.

Ransomware

Ransomware Hacking VPN Phishing

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Security Affairs

NOVEMBER 2, 2022

The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The attackers set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed graphic materials in order to trick victims into downloading the tainted VPN app. í religion that are banned in Iran.

Spyware

Spyware Malware VPN Accountability

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Security Affairs

SEPTEMBER 8, 2021

The threat actor leaked a list containing approximately 500,000 Fortinet VPN credentials that can allow threat actors to breach the networks of the organizations that use the compromised VPN appliances and perform malicious activities such as dropping a ransomware or stealing sensitive data.

VPN

VPN Ransomware Hacking Accountability

Check Point released hotfix for actively exploited VPN zero-day

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Trending Sources

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Bulletproof VPN services took down in a global police operation

APT hacked a US municipal government via an unpatched Fortinet VPN

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

China-linked APT groups targets orgs via Pulse Secure VPN devices

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

7 VPN services left data of millions of users exposed online

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Vishing attacks conducted to steal corporate accounts, FBI warns

YouTube creators’ accounts hijacked with cookie-stealing malware

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Attackers impersonate CircleCI platform to compromise GitHub accounts

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Cisco warns of password-spraying attacks targeting Secure Firewall devices

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Okta warns of unprecedented scale in credential stuffing attacks on online services

U.S. CISA: hackers breached a state government organization

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

3CX Breach Was a Double Supply Chain Compromise

Interview With a Crypto Scam Investment Spammer

Veeam Backup & Replication exploit reused in new Frag ransomware attack

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Chinese threat actors use Quad7 botnet in password-spray attacks

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security firm SonicWall was victim of a coordinated attack

Iran-linked APT groups continue to evolve

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Trusted relationship attacks: trust, but verify

Cisco was hacked by the Yanluowang ransomware gang

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Groove gang leaks list of 500k credentials of compromised Fortinet appliances

Stay Connected