Encryption, Hacking and VPN - Cyber Security Informer

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. ” The group uses an ARCrypter ransomware variant, derived from Babuks leaked code , to encrypt files after infiltrating a network.

Ransomware

Ransomware Hacking Social Engineering VPN

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection. Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks.

VPN

VPN Passwords Software Telecommunications

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

5 common VPN myths busted

Malwarebytes

MARCH 11, 2021

Virtual Private Networks ( VPN s) are popular but often misunderstood. VPNs are for illegal activity. Some people think that VPNs are only useful for doing things like torrenting, accessing geo-locked content, or getting around work/school/government firewalls. I don’t need a mobile VPN. My VPN won’t let me watch Netflix.

VPN

VPN Encryption Mobile Surveillance

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. An attacker can compromise these systems to gain remote access to the organizations.

Malware

Malware VPN Encryption Hacking

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 We see around 3.3M

Encryption

Encryption Passwords Internet Internet

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. The malware stole data and encrypted files to block remediation attempts.

Firewall

Firewall Hacking Malware Passwords

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

MARCH 10, 2025

The group typically employs double extortion, stealing and encrypting victims data, then threatening to expose it unless a ransom is paid. The attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA).

Ransomware

Ransomware VPN Healthcare Malware

9 Reasons Why Everyone Should Use a VPN

CyberSecurity Insiders

AUGUST 6, 2021

Most VPNs are user-friendly and are created with well-detailed guides which are navigable by nearly anyone, even a technology illiterate individual. Therefore, aside from ensuring your network is secured, a VPN is usually very easy to maneuver around, and unlike what most people assume, VPNs are not meant for tech-savvy individuals alone.

VPN

VPN Internet Internet Mobile

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. The ransomware appends the .

Healthcare

Healthcare Ransomware VPN Malware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN

VPN Ransomware Hacking Education

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

VPN

VPN Government Malware Hacking

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

How Does a VPN Work? A Comprehensive Beginner’s Overview

eSecurity Planet

AUGUST 27, 2024

A virtual private network (VPN) does more than just mask your identity—it fundamentally changes how your data moves across the internet. But what’s really going on under the hood when you browse the web using a VPN? This encrypted data is nearly impossible to intercept and read without the appropriate decryption key.

VPN

VPN Encryption Internet Internet

What is a VPN and How Does it Work?

Identity IQ

APRIL 22, 2021

If you want to help secure your digital identity, a virtual private network (VPN) is a great tool you can use for added online privacy. In this guide, we discuss VPNs in detail, including how they work, how they protect you and why you should use one when browsing the web. What is a VPN? How does a VPN Work?

VPN

VPN Encryption Internet Internet

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Encryption Risk

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. If you log in at the end website you’ve identified yourself to them, regardless of VPN. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. Super Hackers Trying to Hack You.

VPN

VPN Risk Hacking Encryption

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. It intercepts credentials by hooking into Versa’s “setUserPassword” method, encrypting and storing them on disk.

VPN

VPN Government Malware Manufacturing

Secure Your Online Privacy: How to Choose the Best VPN in 2023

CyberSecurity Insiders

MARCH 21, 2023

VPNs allow users to access the internet securely and privately by encrypting their internet traffic and hiding their IP addresses. However, with so many VPN providers available, it can be challenging to choose the best VPN for your needs. The first step in choosing the best VPN is to determine your needs.

VPN

VPN Internet Internet Encryption

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report. SuperBlack modifies LockBit 3.0s

Firewall

Firewall Ransomware VPN Encryption

VPN Android apps: What you should know

Malwarebytes

MAY 24, 2021

In just the past year, free VPN for Android apps have exposed the data of as many as 41 million users, revealing consumers’ email addresses, payment information, clear text passwords, device IDs, and more. All these people that work on [the VPN service], nobody is going to do it for free. There is no best free VPN for Android.

VPN

VPN Internet Internet Data breaches

VPN apps insecurely store session cookies in memory and log files

Security Affairs

APRIL 12, 2019

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC). Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. What if these VPNs are vulnerable to attackers? 8.3R6, and 9.0R2.

VPN

VPN Marketing Authentication Small Business

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. SecurityAffairs – hacking, VPNLab).

VPN

VPN Cybercrime Ransomware Advertising

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

NOVEMBER 10, 2018

Most people prefer using proxies over VPN services because they are easy to use and mostly available for free, but can it be relied on for anonymity? Most people prefer using proxies over VPNs because they are easy to use and mostly available for free, but can it be relied on for anonymity? VPN vs. Proxy. What is a VPN?

VPN

VPN Internet Internet Small Business

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. We condemn the blocking of Tutanota. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts.

VPN

VPN Encryption Advertising Authentication

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. ” reads the advisory.

VPN

VPN Ransomware Firewall Internet

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

If the attachment is opened, the malicious document proceeds to quietly download additional malware and hacking tools to the victim machine ( here’s one video example of a malicious Microsoft Office attachment from the malware sandbox service any.run ). Have a Coke and a Molotov cocktail.

Cybercrime

Cybercrime Malware VPN Ransomware

Russian-based DoubleVPN seized by law enforcement

Security Affairs

JUNE 30, 2021

Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. The VPN service was offered for a starting price of €22 ($25). . SecurityAffairs – hacking, cybercrime ). “On 29th of June 2021, law enforcement took down DoubleVPN.

VPN

VPN Cybercrime Encryption Advertising

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Related: Poll confirms rise of Covid 19-related hacks. Many people use a virtual private network (VPN) to bypass geographic restrictions on streaming sites or other location-specific content. Since a VPN tunnels traffic through a server in a location of your choosing.

VPN

VPN Passwords Firewall Risk

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware

Spyware Data breaches DNS Artificial Intelligence

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

JULY 30, 2021

Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted: one bad, one good.

VPN

VPN Firewall Encryption Accountability

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Security Affairs

FEBRUARY 12, 2024

The issue was discovered by Attila Tomaschek, a VPN expert and staff writer at the tech publication CNET. Tomaschek noticed that DNS requests on his Windows machine weren’t being directed to ExpressVPN’s dedicated servers when he had activated the split tunneling feature, which is used to limit which apps send their traffic through the VPN.

DNS

DNS VPN Encryption Internet

Currency Exchange Company Travelex Hit By Ransomware Attack

Adam Levin

JANUARY 9, 2020

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Researchers believe the hackers took advantage of an unpatched critical vulnerability on the company’s VPN servers.

Ransomware

Ransomware Encryption Insurance VPN

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. SecurityAffairs – hacking, Microsoft Exchange). Pierluigi Paganini.

Ransomware

Ransomware Encryption VPN Malware

Cloak ransomware group hacked the Virginia Attorney General’s Office

Hackers Were Inside Citrix for Five Months

Trending Sources

APT hacked a US municipal government via an unpatched Fortinet VPN

5 common VPN myths busted

J-magic malware campaign targets Juniper routers

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Chinese national charged for hacking thousands of Sophos firewalls

New TunnelVision technique can bypass the VPN encapsulation

Fortinet VPN with default certificate exposes 200,000 businesses to hack

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

9 Reasons Why Everyone Should Use a VPN

NailaoLocker ransomware targets EU healthcare-related entities

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

China-linked APT groups targets orgs via Pulse Secure VPN devices

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

How Does a VPN Work? A Comprehensive Beginner’s Overview

What is a VPN and How Does it Work?

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Everyday Threat Modeling

China’s Volt Typhoon botnet has re-emerged

Secure Your Online Privacy: How to Choose the Best VPN in 2023

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

VPN Android apps: What you should know

VPN apps insecurely store session cookies in memory and log files

New Hive ransomware variant is written in Rust and use improved encryption method

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

VPN vs. proxy: which is better to stay anonymous online?

Russian govn blocked Tutanota service in Russia to stop encrypted communication

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

5 Ways to Protect Yourself from IP Address Hacking

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Russian-based DoubleVPN seized by law enforcement

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs newsletter Round 507 by Pierluigi Paganini – INTERNATIONAL EDITION

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

Who and What is Behind the Malware Proxy Service SocksEscort?

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Currency Exchange Company Travelex Hit By Ransomware Attack

Black Kingdom ransomware is targeting Microsoft Exchange servers

Stay Connected