Cybercrime, Firmware and VPN - Cyber Security Informer

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “The data includes: IPs.

VPN

VPN Passwords Firewall Firmware

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14

Firewall

Firewall VPN Accountability Firmware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. WHO’S BEHIND SOCKSESCORT? com, super-socks[.]com,

Malware

Malware VPN Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “The data includes: IPs.

VPN

VPN Passwords Firewall Firmware

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

DeadBolt ransomware gang tricked into giving victims free decryption keys

Malwarebytes

OCTOBER 19, 2022

As a countermeasure, QNAP pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers' DeadBolt ransomware, which annoyed part of its userbase. It is important to file a complaint if you are a victim of a cybercrime. Or you can use another VPN of your choice.

Ransomware

Ransomware Firmware VPN Cybercrime

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a virtual private network (VPN).

Ransomware

Ransomware Antivirus Passwords Malware

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware

Ransomware VPN Cybercrime Accountability

What does WiFi stand for?

Malwarebytes

MAY 13, 2021

If you have to use public WiFi hotspots, it’s wise to also use a VPN to keep your activity private while you use that connection. A VPN wraps your network traffic (including web browsing, email, and other things) in a protective tunnel and makes up for any weaknesses in their encryption.

Wireless

Wireless VPN Internet Internet

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

The consequences of which are not only born by companies who are the primary targets of cybercrime. To help avoid these online risks, it is highly recommended to use a Virtual Private Network (VPN). VPNs are the baseline cybersecurity tool to safeguard internet-enabled devices and a home network. Update, Update, Update.

IoT

IoT Spyware VPN Passwords

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches. Use least privileges access: Use a secure virtual private network (VPN) service for remote access and restrict remote access to the device.

IoT

IoT DDOS Malware Firmware

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. While OS updates are now commonly practiced, router firmware updates remain an overlooked aspect. Opt for strong, hard-to-crack passwords.

Firmware

Firmware IoT Accountability Passwords

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company.

Firmware

Firmware Surveillance Mobile Telecommunications

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a VPN. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. This is to enhance the security of your QNAP NAS.

Ransomware

Ransomware Internet Internet Encryption

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

……… “ The vendor recommends not exposing the SMB service to the internet and using VPN to access the NAS and reduce the attack surface. Go to Control Panel > System > Firmware Update. Bitcoin wallet is unique for you, so we can find out what you paid. Next to Lowest SMB version , select SMB 2 or higher.

Ransomware

Ransomware Encryption Passwords Internet

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Wizard Spider is a cybercrime group affiliated with a what is sometimes called the Ransomware Cartel , a collective of underground groups identified by threat intelligence company Analyst1. Install updates/patch operating systems, software, and firmware as soon as they are released. Consider installing and using a VPN.

Healthcare

Healthcare Ransomware Encryption Passwords

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.” Patch 0 through ZLD V4.35 Patch 0 through ZLD V4.35

Firewall

Firewall Firmware VPN IoT

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

Historically, Lazarus used MATA to attack various industries for cybercrime-like intentions: stealing customer databases and spreading ransomware. The samples we analyzed mimicked various applications such as private messaging, VPN, and media services. Southeast Asia and Korean Peninsula.

Malware

Malware Government Surveillance Spyware

DDoS attacks in Q1 2021

SecureList

MAY 10, 2021

To prevent attacks via RDP, it is recommended to hide RDP servers behind a VPN or disable UDP port 3389. That said, a VPN is no panacea if it too is vulnerable to amplification attacks. In Q1 2021, for instance, attackers went after Powerhouse VPN servers.

DDOS

DDOS Cryptocurrency Media Marketing

Reassessing cyberwarfare. Lessons learned in 2022

SecureList

DECEMBER 14, 2022

While the impact of these destructive cyber-attacks paled in comparison to the effects of the kinetic attacks taking place at the same time, it should be noted that this capability could in theory be directed against any country outside of the context of an armed conflict and under the pretense of traditional cybercrime activity.

DDOS

DDOS Ransomware Government Energy and Utilities

Cyber Security Informer

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

HelloKitty ransomware gang targets vulnerable SonicWall devices

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Widespread exploitation by botnet operators of Zyxel firewall flaw

DeadBolt ransomware gang tricked into giving victims free decryption keys

BlackCat Ransomware gang breached over 60 orgs worldwide

Daixin Team targets health organizations with ransomware, US agencies warn

What does WiFi stand for?

Spyware in the IoT – the Biggest Privacy Threat This Year

A new Zerobot variant spreads by exploiting Apache flaws

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

Advanced threat predictions for 2023

Avoslocker ransomware gang targets US critical infrastructure

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

New Checkmate ransomware target QNAP NAS devices

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Zyxel 0day Affects its Firewall Products, Too

Interview With a Crypto Scam Investment Spammer

APT trends report Q3 2021

DDoS attacks in Q1 2021

Reassessing cyberwarfare. Lessons learned in 2022

Stay Connected