Authentication, Information Security and VPN

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Passwords

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” 6n or newer Gen 6 / 6.5

Firewall

Firewall Firmware VPN Authentication

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ” reads the advisory.

VPN

VPN Authentication Hacking Cybersecurity

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN

VPN Passwords Authentication Accountability

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. It does not have ANY authentication.

VPN

VPN Education Authentication Engineering

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN

VPN Firewall Technology Passwords

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

VPN

VPN Government Authentication Advertising

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

The global impact of the Fortinet 50.000 VPN leak posted online

Security Affairs

NOVEMBER 27, 2020

The global impact of the Fortinet 50.000 VPN leak posted online, with many countries impacted, including Portugal. A compilation of one-line exploit tracked as CVE-2018-13379 and that could be used to steal VPN credentials from nearly 50.000 Fortinet VPN devices has posted online. Solutions Upgrade to FortiOS 5.4.13, 5.6.8,

VPN

VPN Banking Passwords Malware

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication

Authentication Firmware VPN Manufacturing

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Government Authentication Cybersecurity

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Security Affairs

AUGUST 6, 2021

Security firm Ivanti addressed a critical vulnerability in its Pulse Connect Secure VPN appliances that could be exploited to execute arbitrary code with root privileges. IT firm Ivanti released security updates to address multiple vulnerabilities in its Pulse Connect Secure VPN appliances.

VPN

VPN Authentication Hacking Information Security

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Security Affairs

MAY 25, 2021

A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated attacker to execute arbitrary code with elevated privileges.

VPN

VPN Authentication Hacking Software

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

Strong Authentication – Robust Identity and Access Management Is a Strategic Choice

Security Affairs

JULY 29, 2022

Therefore, strong authentication methods are needed. Therefore, strong authentication methods are needed to improve security without hindering user convenience. What is Strong Authentication? The IAM Security Boundary Strong authentication is a critical component of modern-day identity and access management.

Authentication

Authentication Passwords Data privacy Identity Theft

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The cybersecurity firm’s recommendations for malware victims are: Consult an expert : For thorough malware removal and system security, seek professional help if needed. Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication.

Identity Theft

Identity Theft Passwords Malware Banking

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The government experts also ordered to monitor the authentication or identity management services that could be exposed and urged to isolate the systems from any enterprise resources to the greatest degree possible. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure.

VPN

VPN Authentication Software Malware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Security Affairs

NOVEMBER 8, 2022

Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. Pierluigi Paganini.

Authentication

Authentication VPN Phishing Hacking

Sophos Firewall affected by a critical authentication bypass flaw

Security Affairs

MARCH 27, 2022

Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. “An authentication bypass vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall and responsibly disclosed to Sophos. .”

Firewall

Firewall Authentication VPN Hacking

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall

Firewall Passwords VPN Authentication

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts. Pierluigi Paganini.

VPN

VPN Encryption Advertising Authentication

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. ” concludes the post. Pierluigi Paganini.

VPN

VPN Firewall Authentication Internet

Cisco addressed severe flaws in its Secure Client

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338.

VPN

VPN Authentication Hacking Information Security

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Security Affairs

SEPTEMBER 18, 2023

The attackers deepfaked the actual voice of one of the IT staffers and tricked the employee into providing the multi-factor authentication (MFA) code. Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud. What we had originally implemented was multi-factor authentication.

Accountability

Accountability Social Engineering Authentication VPN

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

How to Evaluate the True Costs of Multi-Factor Authentication

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. For a two-factor authentication solution, that may include hidden costs, such as upfront, capital, licensing, support, maintenance, and operating costs. Estimate and plan for how much it will cost to deploy multi-factor authentication to all of your apps and users.

Authentication

Authentication Software Mobile Passwords

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The campaign is worrisome due to the ongoing COVID-19 pandemic that caused the spike in the number of employees working from home and the increase in the use of corporate VPN and elimination of in-person verification. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Social Engineering

Social Engineering VPN Phishing Authentication

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Accountability Firewall Data breaches

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

Security Affairs

OCTOBER 22, 2019

NordVPN and TorGuard VPN firms were hacked, threat actors leaked the private keys used to secure their web servers and VPN configuration files. . Hackers have breached the systems used by NordVPN and TorGuard VPN companies and leaked the private keys used to secure their web servers and VPN configuration files. .

VPN

VPN Hacking Advertising Passwords

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

The threat actor compromised network administrator credentials through the account of a former employee that was used to successfully authenticate to an internal virtual private network (VPN) access point. Neither of the two administrative accounts had multifactor authentication (MFA) enabled.

Government

Government VPN Accountability Authentication

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

CVE-2022-26531 : Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

Firewall

Firewall VPN Authentication Cyber Attacks

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

SonicWall warns of an exploitable SonicOS vulnerability

Trending Sources

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Cisco warns of large-scale brute-force attacks against VPN and SSH services

NSA, CISA release guidance on hardening remote access via VPN solutions

New TunnelVision technique can bypass the VPN encapsulation

Check Point released hotfix for actively exploited VPN zero-day

A zero-day in Atlas VPN Linux Client leaks users’ IP address

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

The global impact of the Fortinet 50.000 VPN leak posted online

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

ASUS fixed critical remote authentication bypass bug in several routers

Multiple malware used in attacks exploiting Ivanti VPN flaws

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Strong Authentication – Robust Identity and Access Management Is a Strategic Choice

Fortinet VPN with default certificate exposes 200,000 businesses to hack

International law enforcement operation dismantled RedLine and Meta infostealers

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Sophos Firewall affected by a critical authentication bypass flaw

Zyxel firewall and VPN devices affected by critical flaws

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Cisco warns of password-spraying attacks targeting Secure Firewall devices

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Cisco addressed severe flaws in its Secure Client

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

Security firm SonicWall was victim of a coordinated attack

How to Evaluate the True Costs of Multi-Factor Authentication

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Okta warns of unprecedented scale in credential stuffing attacks on online services

NordVPN, TorGuard, and VikingVPN VPN providers disclose security breaches

U.S. CISA: hackers breached a state government organization

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Stay Connected