Encryption, Information Security and VPN

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 We see around 3.3M

Encryption

Encryption Passwords Internet Internet

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. An attacker can compromise these systems to gain remote access to the organizations.

Malware

Malware VPN Encryption Hacking

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare

Healthcare Ransomware VPN Malware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

VPN

VPN Government Hacking Accountability

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. RAPIDPULSE can serve as an encrypted file downloader for the attacker. and Europe.”

VPN

VPN Government Malware Hacking

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency. .

Ransomware

Ransomware Hacking Social Engineering VPN

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. We condemn the blocking of Tutanota. Pierluigi Paganini.

Encryption

Encryption VPN Government Internet

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. It intercepts credentials by hooking into Versa’s “setUserPassword” method, encrypting and storing them on disk.

VPN

VPN Government Malware Manufacturing

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The group used a variety of attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials. ” reads the post published by Microsoft.

Encryption

Encryption Ransomware Cybercrime Malware

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report. SuperBlack modifies LockBit 3.0s

Firewall

Firewall Ransomware VPN Encryption

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Security Affairs

JANUARY 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem. Europol said. Pierluigi Paganini.

VPN

VPN Cybercrime Ransomware Advertising

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Security Affairs

DECEMBER 5, 2019

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel. The experts explained that in this way, it is possible to hijack active connections within the VPN tunnel. ” reads the advisory published by the experts.

VPN

VPN Encryption Advertising Authentication

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

Malwarebytes

JANUARY 4, 2023

Synology has issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of Synology VPN Plus Server. VPN Plus Server. VPN Plus Server allows users to turn their Synology Router into a Virtual Rrivate Network (VPN) server. 0534 and 1.4.4-0635

VPN

VPN Internet Internet Engineering

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

FEBRUARY 21, 2022

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Encryption

Encryption Ransomware VPN Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware VPN Ransomware

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

Russian-based DoubleVPN seized by law enforcement

Security Affairs

JUNE 30, 2021

Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. The VPN service was offered for a starting price of €22 ($25). . “On 29th of June 2021, law enforcement took down DoubleVPN.

VPN

VPN Cybercrime Encryption Advertising

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

Tianfeng worked at Sichuan Silence Information Technology Co., The malware stole data and encrypted files to block remediation attempts. “Guan and his co-conspirators worked at the offices of Sichuan Silence Information Technology Co. ” reads the press release published by DoJ. ” reads the advisory.

Firewall

Firewall Hacking Malware Passwords

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Security Affairs

FEBRUARY 12, 2024

The issue was discovered by Attila Tomaschek, a VPN expert and staff writer at the tech publication CNET. Tomaschek noticed that DNS requests on his Windows machine weren’t being directed to ExpressVPN’s dedicated servers when he had activated the split tunneling feature, which is used to limit which apps send their traffic through the VPN.

DNS

DNS VPN Encryption Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Security Affairs

NOVEMBER 24, 2024

Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware

Malware Spyware Antivirus VPN

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware

Ransomware Encryption VPN Malware

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. LockBit ransomware operators told ZDNet that they have accessed the network of the helicopter maker via a VPN appliance that was poorly protected. ” reported ZDNet.

Ransomware

Ransomware VPN Encryption Passwords

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Antivirus VPN

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Use a corporate VPN. Encrypting data on corporate devices can prevent hackers from accessing sensitive information. The best way to protect data in this way is to set up a corporate VPN (a virtual private network). VPNs allow employees to connect to the internet securely while hiding the company’s IP address.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), VPN Plus Server or VPN Server.” ” reads the advisory published by the company.

VPN

VPN Encryption Authentication Hacking

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Enhancing secure logging, isolating device management, and enforcing strict access control lists (ACLs) are key strategies. Strong segmentation with firewalls and DMZs, securing VPN gateways, and ensuring encrypted traffic with TLS v1.3 are essential for protecting data.

Telecommunications

Telecommunications Government Mobile Cyber threats

Hacktivist group Twelve is back and targets Russian entities

Security Affairs

SEPTEMBER 22, 2024

The group targets Russian entities, it encrypts victims’ data without demanding a ransom and then destroy their infrastructure with a wiper to destroy its operations. The threat actor gains initial access by abusing valid local or domain accounts, VPN or SSH certificates. ” concludes the report.

VPN

VPN Encryption Hacking Ransomware

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant found the earliest evidence of compromise uncovered within 3CX’s network was through the VPN using the employee’s corporate credentials, two days after the employee’s personal computer was compromised.

Malware

Malware Software Technology Accountability

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Not all providers are created equal, and it’s important to do your research to find one that will meet your specific needs and security requirements. Data encryption. In the cloud era, data encryption is more important than ever. It is also important to make sure that your data is encrypted both in motion and at rest.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

OCTOBER 26, 2019

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Encryption plays an integral role in securing the online data as well as its integrity. Final Thoughts.

Encryption

Encryption Ransomware Cyber threats Cybercrime

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. in their infrastructure, while the rest discovered they had been infiltrated via a third party only after data leakage or encryption.

VPN

VPN Accountability Passwords Antivirus

The Best Ways to Secure Communication Channels in The Enterprise Environment

CyberSecurity Insiders

DECEMBER 12, 2021

When you are typing the secret that you want to send, SharePass will calculate how secure it is. Based on those results, you might consider changing your password and use a more secure one. The messages you send are encrypted on the client side so the content is visible only by you and the recipient intended to read it.

VPN

VPN Passwords Encryption Mobile

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Government

Government VPN Telecommunications Advertising

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) discovered an implementation vulnerability in the source code of the Rhysida ransomware. Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data.

Ransomware

Ransomware Encryption VPN Manufacturing

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Encryption VPN Backups

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

New TunnelVision technique can bypass the VPN encapsulation

Trending Sources

J-magic malware campaign targets Juniper routers

NailaoLocker ransomware targets EU healthcare-related entities

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

APT hacked a US municipal government via an unpatched Fortinet VPN

China-linked APT groups targets orgs via Pulse Secure VPN devices

Cloak ransomware group hacked the Virginia Attorney General’s Office

Russian govn blocked Tutanota service in Russia to stop encrypted communication

China’s Volt Typhoon botnet has re-emerged

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

New Hive ransomware variant is written in Rust and use improved encryption method

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Everyday Threat Modeling

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Russian-based DoubleVPN seized by law enforcement

Chinese national charged for hacking thousands of Sophos firewalls

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

ExpressVPN leaked DNS requests due to a bug in the split tunneling feature

Who and What is Behind the Malware Proxy Service SocksEscort?

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 21

Black Kingdom ransomware is targeting Microsoft Exchange servers

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Akira ransomware received $42M in ransom payments from over 250 victims

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Some Synology products impacted by recently disclosed OpenSSL flaws

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Hacktivist group Twelve is back and targets Russian entities

3CX Breach Was a Double Supply Chain Compromise

15 Cybersecurity Measures for the Cloud Era

FBI published a flash alert on Mamba Ransomware attacks

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Trusted relationship attacks: trust, but verify

The Best Ways to Secure Communication Channels in The Enterprise Environment

The Russian Government blocked ProtonMail and ProtonVPN

Researchers released a free decryption tool for the Rhysida Ransomware

FBI issued an alert on Ragnar Locker ransomware activity

Stay Connected