Security Affairs

NOVEMBER 7, 2024

CVE-2024-51567 – is an incorrect default permissions vulnerability in CyberPanel (prior to patch 5b08cd6) that allows remote attackers to bypass authentication and execute arbitrary commands through /dataBases/upgrademysqlstatus by manipulating the statusfile property with shell metacharacters, bypassing secMiddleware.

Firewall 123

Firewall Authentication Accountability Risk 123

The Hacker News

JANUARY 14, 2025

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.

Firewall 141

Firewall VPN Accountability Authentication 141

Security Affairs

MAY 26, 2022

Zyxel addressed multiple vulnerabilities impacting many of its products, including APs, AP controllers, and firewalls. Zyxel has released security updates to address multiple vulnerabilities affecting multiple products, including firewall, AP, and AP controller products. Follow me on Twitter: @securityaffairs and Facebook.

Firewall 139

Firewall VPN Authentication Cyber Attacks 139

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. On March 25, Sophos announced to have fixed the authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall.

Firewall 144

Firewall DNS Authentication Malware 144

Security Affairs

DECEMBER 3, 2023

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points.

Firewall 128

Firewall Authentication VPN Cyber Attacks 128

The Last Watchdog

MARCH 19, 2025

” Knocknoc orchestrates network infrastructure to remove risk exposure by tying users’ network access to their SSO authentication status. Customers use Knocknoc to protect VPNs and firewalls, IP cameras, payroll systems, file transfer appliances, bastion hosts and other applications and network services.

Technology 130

Technology Media Telecommunications Authentication 130

Security Affairs

FEBRUARY 27, 2024

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397 , CVE-2023-6398 , CVE-2023-6399 , and CVE-2023-6764 , in its firewalls and access points.

Firewall 135

Firewall VPN Authentication Hacking 135

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Repeated attacks can eventually trigger a DoS condition by forcing the firewall into maintenance mode, requiring manual intervention to restore online functionality.

Firewall 136

Firewall Software Engineering Authentication 136

Security Affairs

DECEMBER 15, 2023

Security flaws in Netgate pfSense firewall solution can potentially lead to arbitrary code execution on vulnerable devices. pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. ” reads the analysis published by SonarSource. and pfSense Plus 23.09.

Firewall 139

Firewall Phishing Authentication Hacking 139

Security Affairs

SEPTEMBER 19, 2023

Researchers discovered approximately 12,000 Juniper SRX firewalls and EX switches vulnerable to a recently disclosed CVE-2023-36845 RCE flaw. VulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845.

Firewall 140

Firewall Internet Internet Authentication 140

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall 129

Firewall Passwords VPN Authentication 129

Security Affairs

OCTOBER 9, 2024

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. ” reads the advisory. ” reads the advisory.

Firewall 126

Firewall Passwords Authentication Phishing 126

Security Affairs

MARCH 18, 2025

The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests. The vulnerability is an authentication bypass issue that could allow a remote attacker to gain super-admin privileges by making maliciously crafted CSF proxy requests.

Authentication 113

Authentication Ransomware Firewall Hacking 113

eSecurity Planet

NOVEMBER 6, 2024

They could even conceal dangerous malware in photos or links on secure websites you visit, and a single click can activate the code, even overcoming multifactor authentication. Deploy a Firewall Install a reliable firewall to monitor incoming traffic, flag suspicious requests, and prevent session hijacking attempts.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Security Affairs

FEBRUARY 18, 2025

The two vulnerabilities are: CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability Researchers recently warned that threat actors exploit a recently disclosed vulnerability, CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls.

Firewall 63

Firewall Firmware Authentication VPN 63

Krebs on Security

AUGUST 27, 2019

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based

Cybersecurity 273

Cybersecurity Firewall Passwords Data breaches 273

Security Affairs

JULY 1, 2024

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers. The flaw in Juniper Networks Session Smart Router or Conductor with a redundant peer allows a network-based attacker to bypass authentication and gain full control of the device.

Authentication 126

Authentication Firewall Hacking 126

eSecurity Planet

JANUARY 5, 2024

A firewall policy is a set of rules and standards designed to control network traffic between an organization’s internal network and the internet. Featured Partners: Next-Gen Firewall (NGFW) Software Learn more Table of Contents Toggle Free Firewall Policy Template What Are the Components of Firewall Policies?

Firewall 108

Firewall Penetration Testing DNS Network Security 108

SecureWorld News

JANUARY 22, 2025

Limitations of traditional security measures While organizations typically rely on email filters, firewalls, and antivirus software, these solutions often fall short against AI-powered phishing attacks. Multi-factor authentication (MFA) : Enforce robust MFA protocols to add an extra layer of security.

Phishing 114

Phishing Threat Detection Social Engineering DNS 114

eSecurity Planet

OCTOBER 15, 2024

Strengthen Perimeter Defenses Firewalls and intrusion detection systems (IDS): Firewalls are the first line of defense, blocking unauthorized access to the network, while IDS helps monitor network traffic for suspicious activity. Here are key strategies to prevent cyberattacks like the American Water cyber breach.

Cybersecurity 133

Cybersecurity Penetration Testing Cyber threats Firewall 133

eSecurity Planet

JANUARY 16, 2024

Keep an eye out for security announcements from your firewall vendors; it’s possible additional similar vulnerabilities will come to light. The problem: Juniper Networks released a bulletin about a remote code execution vulnerability in its SRX firewalls and EX switches. This vulnerability is tracked as CVE-2024-21591.

Firewall 109

Firewall Firmware IoT Authentication 109

eSecurity Planet

FEBRUARY 21, 2024

A firewall audit is a procedure for reviewing and reconfiguring firewalls as needed so they still suit your organization’s security goals. Auditing your firewall is one of the most important steps to ensuring it’s still equipped to protect the perimeter of your business’ network.

Firewall 113

Firewall Firmware Software Risk 113

eSecurity Planet

FEBRUARY 6, 2024

A host-based firewall is installed directly on individual networked devices to filter network traffic on a single device by inspecting both incoming and outgoing data. How Host-Based Firewalls Work Organizations often adopt host-based firewalls for device-specific security control.

Firewall 109

Firewall Mobile Network Security Software 109

IT Security Guru

JANUARY 22, 2025

If you are looking to improve your cybersecurity, consider these plugins to build a more robust defence: Wordfence: A comprehensive security solution with a firewall, malware scanner, and login security features like two-factor authentication.

Artificial Intelligence 117

Artificial Intelligence Backups Mobile Firewall 117

IT Security Guru

MARCH 14, 2025

It provides a firewall that blocks malicious traffic before it reaches your website. It offers a website firewall, which blocks attacks before they can do any harm. Another feature is two-factor authentication, which adds an extra layer of protection when logging in.

Cybersecurity 75

Cybersecurity Firewall Cyber Attacks Passwords 75

Security Affairs

SEPTEMBER 8, 2022

The vulnerability affects: Cisco Catalyst 8000V Edge Software Adaptive Security Virtual Appliance (ASAv) Secure Firewall Threat Defense Virtual (formerly FTDv). ” The fourth issue fixed by the vendor is an authentication bypass flaw, tracked CVE-2022-20923 (CVSS score: 4.0) ” reads the advisory published by Cisco.

Authentication 142

Authentication Small Business Software Firewall 142

Security Boulevard

APRIL 17, 2025

The Old Guard: Firewalls, VPNs and Exposed Control Planes Cyberattacks have evolved beyond the perimeter. No longer limited to opportunistic breaches, attackers are now executing coordinated campaigns that target the very foundations of enterprise network infrastructure firewalls, VPNs, and control planes. The takeaway?

Firewall 64

Firewall VPN Encryption Architecture 64

eSecurity Planet

NOVEMBER 6, 2024

Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds. Here are some essential steps every business can consider to safeguard against cyberthreats: 1.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Security Affairs

DECEMBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The vulnerability is an improper authentication issue that impacts ProjectSend versions before r1720. appears to have been exploited by attackers in the wild.

Firewall 111

Firewall Authentication Accountability Firmware 111

The Last Watchdog

APRIL 21, 2021

This surge in TLS abuse has shifted the security community’s focus back to a venerable network security tool, the firewall. TLS is a component of the Public Key Infrastructure, or PKI , the system used to encrypt data, as well as to authenticate individual users and the web servers they log onto. Decryption bottleneck.

Malware 214

Malware Firewall Encryption Digital transformation 214

The Hacker News

NOVEMBER 30, 2023

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection.

Firewall 98

Firewall Authentication 98

Penetration Testing

FEBRUARY 13, 2025

Palo Alto Networks has addressed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its The post Palo Alto Firewall Flaw (CVE-2025-0108): Active Exploits in the Wild, PoC Released appeared first on Cybersecurity News.

Firewall 89

Firewall Authentication Cybersecurity 89

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall 130

Firewall Government VPN Authentication 130

Krebs on Security

APRIL 26, 2019

iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

IoT 278

IoT Firewall Manufacturing Computers and Electronics 278

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities. Report stolen data : Notify relevant parties if sensitive details (e.g.,

Identity Theft 123

Identity Theft Passwords Malware Banking 123

Security Affairs

OCTOBER 25, 2024

An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The vulnerability CVE-2024-20481 (CVSS score of 5.8)

VPN 111

VPN Firewall Technology Passwords 111

Malwarebytes

OCTOBER 31, 2023

Tech company F5 has warned customers about a critical authentication bypass vulnerability impacting its BIG-IP product line that could result in unauthenticated remote code execution. F5 provides services focused on security, reliability, and performance. Fixed in 17.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG) ENG) 16.1.0 – 16.1.4

Authentication 105

Authentication DDOS Software Firewall 105