Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk 267

Risk VPN Internet Internet 267

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware 138

Ransomware Firmware Mobile InfoSec 138

The Last Watchdog

MAY 23, 2022

This challenge has not escaped the global cybersecurity community. Long gone are the days when a security team mainly had to be concerned about network connections getting made internally, on company-owned equipment, or externally, across a VPN connection or a public-facing webpage.

Cybersecurity 214

Cybersecurity Digital transformation Computers and Electronics Encryption 214

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The foundation of Silicon Valley was set, and today comparable technology development pieces are being laid in Maryland on the cybersecurity front.

Cybersecurity 193

Cybersecurity Computers and Electronics Technology Marketing 193

Security Boulevard

MARCH 31, 2025

Privacy Without Compromise: Proton VPN is Now Built Into Vivaldi Vivaldi Vivaldi integrates ProtonVPN natively into its desktop version of its browser. Version 2 reduces traffic overhead and introduces dynamic configurations varying VPN tunnel characteristics. Information and summaries provided here are as-is for warranty purposes.

VPN 59

VPN Surveillance Malware Data breaches 59

Security Affairs

DECEMBER 11, 2024

Sophos) an information technology company that develops and markets cybersecurity products.” ” At the end of April 2020, cybersecurity firm Sophos released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. based Sophos Ltd.

Firewall 75

Firewall Hacking Malware Passwords 75

Malwarebytes

MAY 26, 2023

The CVEs patched in these updates are: CVE-2023-33009 : A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 Patch 1, USG FLEX series firmware versions 4.50 Patch 1, USG FLEX 50(W) firmware versions 4.25 Patch 1, USG20(W)-VPN firmware versions 4.25

Firmware 94

Firmware VPN Firewall Accountability 94

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware 117

Firmware Ransomware Passwords Mobile 117

eSecurity Planet

APRIL 28, 2022

cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.

Cybersecurity 115

Cybersecurity Software Firmware Internet 115

Security Affairs

OCTOBER 13, 2020

IoT devices are exposed to cybersecurity vulnerabilities. However, if you know where the dangers lurk, there is a way to minimize the cybersecurity risks. Here are five significant cybersecurity vulnerabilities with IoT in 2020. The cybersecurity issues related to IoT are a brand-new topic in the niche. Poor credentials.

IoT 142

IoT Cybersecurity Manufacturing Internet 142

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN 128

VPN Firewall Firmware Authentication 128

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. version of Superset.

VPN 115

VPN Authentication Firmware Phishing 115

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. This sparked widespread concern and discussions on cybersecurity measures within nonprofit organizations.

Malware 108

Malware Ransomware Passwords Healthcare 108

Bleeping Computer

MAY 17, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [.].

Firmware 78

Firmware VPN Firewall Cybersecurity 78

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN 110

VPN Authentication Passwords Software 110

Security Affairs

SEPTEMBER 22, 2021

The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. “For many organizations, SOHO devices typically fly under the radar when it comes to cybersecurity risk management. ” concludes the report.

DNS 141

DNS Firmware VPN Risk 141

Security Affairs

NOVEMBER 29, 2020

. “Successful exploitation of this vulnerability could cause a denial-of-service condition, and a buffer overflow may allow remote code execution,” reads the advisory published by the US cybersecurity and infrastructure agency (CISA). Also recognize that VPN is only as secure as the connected devices. Pierluigi Paganini.

Hacking 141

Hacking Firmware Internet Internet 141

Malwarebytes

JUNE 19, 2023

ASUS has released firmware updates for several router models fixing two critical and several other security issues. You will find the latest firmware available for download from the ASUS support page or the appropriate product page. The Asuswrt-Merlin New Gen is an open source firmware alternative for Asus routers.

Firmware 98

Firmware VPN Risk Cybersecurity 98

Penetration Testing

OCTOBER 10, 2024

Attackers are exploiting previously known vulnerabilities in the... The post Zyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required appeared first on Cybersecurity News.

Firmware 52

Firmware Cybersecurity VPN 52

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall 98

Firewall Firmware VPN Wireless 98

Security Affairs

MAY 17, 2022

Cybersecurity and Infrastructure Security Agency added the recently disclosed remote code execution bug, tracked as CVE-2022-30525 , affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog. USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates.

Firewall 98

Firewall VPN Firmware Internet 98

Security Affairs

SEPTEMBER 15, 2020

“The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S.

Government 105

Government VPN Firmware Energy and Utilities 105

eSecurity Planet

MAY 2, 2024

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. This article details two major findings from the report: five major cybersecurity threats and prioritization problems.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

Malwarebytes

AUGUST 23, 2022

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. The Cybersecurity & Infrastructure Security Agency (CISA) added the vulnerability to its list of known exploited vulnerabilities that should be patched by January 24, 2022. The critical bug received a 9.8 Unpatched.

Firmware 93

Firmware Internet Internet VPN 93

Security Boulevard

MARCH 24, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Additionally, Arcane steals a wide range of user data, including VPN account credentials, gaming client information, messaging apps, and information stored in various web browsers.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

Security Affairs

MAY 1, 2021

If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” In September, while the AgeLocker ransomware was continuing to target QNAP NAS systems, the Taiwanese vendor urged customers to update the firmware and apps. .” continues the advisory.

Ransomware 144

Ransomware Cryptocurrency Malware Internet 144

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A RedTeam Pentesting reported the issues to Auerswald on September 10, 2021, and the German manufacturer addressed the issue with the release of a firmware update in November 2021. “Firmware Update 8.2B Pierluigi Paganini.

Firmware 112

Firmware Manufacturing Passwords Penetration Testing 112

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. Information and summaries provided here are as-is for warranty purposes.

Surveillance 52

Surveillance Data breaches VPN Malware 52

eSecurity Planet

MAY 28, 2021

The general message on vulnerabilities at the conference is that cybersecurity is a constant game of preparing for the latest and most dangerous tactics, techniques, and procedures (TTP). Sadly, advancements in cybersecurity extend to malicious actors as much as they do to industry professionals. The newest agency in the U.S.

Software 120

Software DNS Firmware VPN 120

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Consider installing and using a VPN. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Ransomware 119

Ransomware Passwords Backups Firmware 119

Security Boulevard

MARCH 3, 2025

Privacy Services Brave iOS update brings Smart Proxy and Kill Switch AlternativeTo This has more to do with Brave's VPN service rather than its browser. An update (version 1.75) on iOS introduces Smart Proxy and Kill Switch for Brave's VPN service. Information and summaries provided here are as-is for warranty purposes.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. The problem: The United States Cybersecurity and Infrastructure Security Agency (CISA) has announced a vulnerability in Microsoft SharePoint that allows a threat actor to escalate their privileges on the network.

Firewall 110

Firewall Firmware IoT Authentication 110

Security Affairs

MARCH 23, 2021

Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker to conduct multiple malicious activities on vulnerable systems. Also recognize VPN is only as secure as the connected devices. ” continues the alert.

Firmware 102

Firmware VPN Firewall Risk 102

Security Affairs

MARCH 19, 2022

The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a VPN.

Ransomware 119

Ransomware DDOS Passwords Backups 119

Adam Levin

FEBRUARY 10, 2020

As if cybersecurity weren’t already a red-letter issue, the United States and, most likely, its allies–in other words, the global economic community–are in Iran’s cyber sites, a major player in cyber warfare and politically divisive disinformation campaigns. Cybersecurity is a team sport. Update Everything.

Passwords 245

Passwords Phishing Password Management Accountability 245

Security Affairs

APRIL 25, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a virtual private network (VPN). Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g.,

Ransomware 134

Ransomware Antivirus Passwords Malware 134

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week. Network Best Practices.

VPN 118

VPN Accountability Authentication Passwords 118