Event, Firewall and Hacking - Cyber Security Informer

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., based Sophos Ltd.

Firewall

Firewall Hacking Malware Passwords

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. ” continues the advisory.

Firewall

Firewall VPN Accountability Firmware

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. China has enclosed its national internet servers within what is colloquially called ‘the Great Firewall.’ Related: How China challenged Google in Operation Aurora.

Hacking

Hacking Passwords Internet Internet

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. Network monitoring tools can also detect unusual activities and prevent potential breaches.

Small Business

Small Business Data breaches Backups Passwords

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The threat actors appear to have the capability to control China’s Great Firewall and were observed utilizing a novel technique involving fake DNS MX records. The DNS event data containing MX records from the GFW often occurs on separate dates from those where we see MX queries at open resolvers.” ” concludes the report.

DNS

DNS Firewall DDOS Hacking

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

Hackers attempted to exploit a zero-day flaw in the Sophos XG firewall to distribute ransomware to Windows machines, but the attack was blocked. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. Sophos was informed of the attacks exploiting the zero-day issue by one of its customers on April 22.

Firewall

Firewall Ransomware Passwords VPN

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

Here are five notable historical events that influenced cybersecurity assessment and transformed it into what it is today: The Battle of Midway (1942). It’s clear that when technology develops, people find creative ways to cause mass disruption, increasing the need for antivirus protection and firewalls.

Cybersecurity

Cybersecurity Hacking Identity Theft Technology

Hackers Are Now Exploiting Windows Event Logs

eSecurity Planet

MAY 10, 2022

Hackers have found a way to infect Windows Event Logs with fileless malware , security researchers have found. During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. If it does not find one, the encrypted shell code is written in 8KB chunks in the event logs.

Malware

Malware Architecture Encryption Antivirus

The Cybersecurity Snowball Effect: Crafting Your Career's Virtuous Cycle

SecureWorld News

NOVEMBER 7, 2024

Start small, skill up The starting line is all about building up some basic skills—networking basics, firewall configuration, system hardening, threat analysis, and access control. Each piece of knowledge is a potential ticket into conversations, networking events, and job opportunities. Here's the game plan.

Cybersecurity

Cybersecurity Firewall Encryption Passwords

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

A firewall with the right threat intelligence embedded could have blocked communications with the command-and-control server thus preventing a Trojanized Orion install from connecting back to the attackers and stopping them from furthering the attack. But recent events have worked to undermine this growing understanding.

Hacking

Hacking DNS Firewall Malware

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. critical infrastructure in the event of a major crisis or conflict with the United States.

VPN

VPN Government Malware Manufacturing

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

Security Affairs

AUGUST 19, 2021

On January 31, 2020 the Bureau receives its second CISA request to investigate the compromised servers and a few days later, on February 5, 2020, the Bureau confirmed that other servers were hacked. SecurityAffairs – hacking, Citrix). ” states the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Firewall Ransomware Accountability

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. APT stands for Advanced Persistent Threat, a term that generally refers to state-sponsored hacking groups.

Government

Government Hacking Cyber threats Mobile

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Security Affairs

MARCH 24, 2025

The encrypted China Chopper variant, frequently used by the attackers, employed AES encryption to evade detection by Web Application Firewalls (WAFs). They patched the Event Tracing for Windows (ETW) to suppress event logs and bypassed the Antimalware Scan Interface (AMSI) by modifying amsi.dll, allowing malicious PowerShell execution.

Telecommunications

Telecommunications Encryption Accountability Firewall

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

APRIL 3, 2021

THOMPSON posted about the Capital One hack on GitHub, she exploited a misconfigured web application firewall to get access to the data. Based on our analysis to date, this event affected approximately 100 million individuals in the United States and approximately 6 million in Canada. SecurityAffairs – hacking, Capital One).

Hacking

Hacking Data breaches Banking Small Business

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 24, 2024

A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane Microsoft seized 240 sites used by the ONNX phishing service U.S.

Cybercrime

Cybercrime Artificial Intelligence Hacking VPN

China Says NSA Is Hacking Top Military Research University

SecureWorld News

SEPTEMBER 12, 2022

China's National Computer Virus Emergency Response Center (CVERC) recently made a statement accusing the United States National Security Agency (NSA) of repeatedly hacking the Northwestern Polytechnical University, a key public military research university located in Xi'an, China. TAO is a tactical implementation unit of the U.S.

Hacking

Hacking Cyber Attacks Government Internet

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. and 7 p.m., and 7 p.m.,

Energy and Utilities

Energy and Utilities Firewall Firmware Advertising

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

The Last Watchdog

DECEMBER 26, 2018

Threat hunting is the practice of actively seeking out dangers to cyber security by detecting and eliminating new and emerging threats that are able to evade preventative controls such as firewalls and antivirus software. One of the most commonly used tools for threat hunting, however is security information and event management (SIEM).

Penetration Testing

Penetration Testing Technology Software Antivirus

Why Would Someone Hack My Website?

SiteLock

AUGUST 27, 2021

Why would cybercriminals be interested in hacking a vegan food blog? Joe can use a web application firewall (WAF ) to help protect his blog from bad bots and other malicious traffic. He is the go-to guy when the church wants to post new announcements and events. To prevent a DDoS attack, a web application firewall must be used.

Hacking

Hacking DDOS eCommerce Firewall

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

Expert found a hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor. . The feature was implemented to enable connecting to collectors from the supervisor when there is a firewall between the collector and the supervisor. Pierluigi Paganini.

Authentication

Authentication Advertising Firmware Firewall

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The attackers exploited zero-day vulnerabilities in Zyxel firewalls used by many critical infrastructure operators in Denmark. On April 25, 2023, Zyxel disclosed a critical vulnerability (CVSS score 9.8), tracked as CVE-2023-28771 , in a number of their firewalls. According to the report, 11 companies were immediately compromised.

Firewall

Firewall Firmware Cyber Attacks VPN

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

Threat actors exploited the flaw to gain remote firewall access and breach corporate networks. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers. The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue.

VPN

VPN Passwords Authentication Accountability

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

Security Affairs

JANUARY 8, 2022

SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. Security vendor SonicWall confirmed that some of its Email Security and firewall products have been impacted by the Y2K22 bug. SecurityAffairs – hacking, IKEA). x should upgrade to the latest Junk Store 7.6.9.

Firewall

Firewall Engineering Firmware Malware

A vulnerable honeypot exposed online can be compromised in 24 hours

Security Affairs

NOVEMBER 24, 2021

experts observed that one threat actor compromised 96% of the 80 Postgres honeypots that the researchers deployed, and all the instances were hacked within 30 seconds. Each firewall policy might block 600-3,000 known scanner IP addresses. SecurityAffairs – hacking, honeypot). Rocke , TeamTNT ).” Pierluigi Paganini.

Firewall

Firewall Internet Internet Hacking

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

PortStarter A back door script written in Go that provides functionality for modifying firewall settings and opening ports to pre-configured command and control (C2) servers.[ wevtutil.exe A standard Windows Event Utility tool used to view event logs. AnyDesk also supports remote file transfer.

Ransomware

Ransomware Manufacturing Healthcare Education

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

The Last Watchdog

AUGUST 4, 2021

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas. Related: Kaseya hack raises more supply chain worries. For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting.

Mobile

Mobile Marketing Risk Digital transformation

Crooks use software skimmer that pretends to be a security firm

Security Affairs

NOVEMBER 16, 2020

The skimmer is added to the onclick event of the checkout button and onunload event of the web page. com is neither a malicious site nor a hacked site. . com is neither a malicious site nor a hacked site. A good website firewall can help to minimize the risk of infection in the first place.”

Software

Software Firewall Hacking Accountability

Staying Ahead of the Distortion of a Cyber Attack?

Security Boulevard

JULY 30, 2022

Each firewall, IDS, MFA, and email security is built to protect and stop cyber attacks. Distortion hacks are becoming more common. For example, suppose criminals hack into your company’s cloud. While enforcement of FERPA is left to the department of education, there is some sense of data accountability and disclosure of events.

Cyber Attacks

Cyber Attacks Artificial Intelligence Education Cyber Insurance

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

No one, save threat actors, was paying close attention to the ramifications of granting a myriad of small- and mid-sized contractors privileged access inside the company firewall. It’s notable that the Solar Winds hack is something of an outlier. These are the providers with whom sensitive data and privileged access gets shared daily.

Risk

Risk Cyber Risk Insurance Banking

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

.” But Pyle said a great many EAS stakeholders are still ignoring basic advice from the manufacturer, such as changing default passwords and placing the devices behind a firewall, not directly exposing them to the Internet, and restricting access only to trusted hosts and networks. and Marquette, Mich.

Firmware

Firmware Manufacturing Passwords Software

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities VPN Manufacturing Firewall

Fortinet fixed 16 vulnerabilities, 6 rated as high severity

Security Affairs

NOVEMBER 3, 2022

A remote, unauthenticated attacker can trigger the flaw to perform a stored cross-site scripting (XSS) attack via HTTP fields observed in the traffic and event logviews. The issue impacted FortiGate firewalls and FortiProxy web proxies. SecurityAffairs – hacking, Fortinet). ” reads the advisory. Pierluigi Paganini.

Firewall

Firewall Authentication Passwords Hacking

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

There are many types of cyberattacks , with top trends for 2022 including mobile attacks, ransomware, COVID-related scams and hacks, zero-click attacks , malicious QR codes , phishing , cryptojacking , and IoT malware attacks, among others. Security information and event management (SIEM). Next-generation firewalls (NGFW).

Backups

Backups Ransomware Malware Firewall

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event. Configure network firewalls to block unauthorized IP addresses and disable port forwarding. SecurityAffairs – hacking, FBI). Pierluigi Paganini.

DDOS

DDOS IoT Internet Internet

Reducing the Time to Discovery: How to Determine if You Have Been Hacked

Webroot

FEBRUARY 19, 2021

Here are some ideas IT admins can use to detect a network compromise sooner, potentially limiting the damage of an adverse cyber event. Because so much of cybersecurity relies on passive forms of protection (think firewalls, antivirus solutions, password protection, etc.), Consider booby trapping your network.

Small Business

Small Business Hacking Passwords Surveillance

Emotions Used in Human Hacking

Security Through Education

MARCH 3, 2021

Malicious actors use emotions in human hacking with a high success rate. Install and maintain anti-virus software, firewalls, and email filters. Learn More About Emotions and Human Hacking. The Human Hacking Conference is happening March 11-13, 2021. Below are some helpful tips to help prevent a social engineering attack.

Social Engineering

Social Engineering Hacking Engineering Banking

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

The Last Watchdog

MAY 15, 2021

Reacting to the disclosure of this momentous supply-chain hack , many of the breached organizations were able to deploy advanced tools and tactics to swiftly root out Sunburst and get better prepared to repel any copycat attacks. The SolarWinds hack provided a chance to assess how far SOAR technology has come. Cohesive use of intel.

Technology

Technology Hacking CISO IoT

DORA Compliance Strategy for Business Leaders

Security Affairs

JUNE 14, 2024

Additional podcast guest Mark Hughes, Global Managing Partner, Cybersecurity Services, IBM Consulting, pointed out how events such as Colonial Pipeline clearly showed how a single piece of a supply chain can have a disproportionate impact on all the other parts.

Insurance

Insurance Technology Risk Information Security

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Below some mitigations recommended by the Microsoft Defender Advanced Threat Protection (ATP) Research Team to reduce risk from threats that exploit gateways and VPN vulnerabilities: Apply all available security updates for VPN and firewall configurations. Monitor and pay special attention to your remote access infrastructure.

Ransomware

Ransomware VPN Healthcare Cyber Attacks

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

One way of dealing with that is to simply block the devices from receiving any updates: Troy, Firewall Rule number 1 for HA and Home IoT subnets (although breaks Wiz Bulb connectivity even though they have a “local” access API) pic.twitter.com/RGOhsGaq7F — GerryD ©? The attacker would have to be on your wi-fi network to do the hack.

IoT

IoT Firmware Risk Encryption

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

Although details are limited, Versa Networks confirmed one case where the vulnerability was exploited due to a customer’s failure to implement recommended firewall guidelines. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganin ( SecurityAffairs – hacking, Volt Typhoon)

Energy and Utilities

Energy and Utilities Firewall Technology Malware

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

The threat actors also gained access to terminal event logs and scan for any instance where customers scanned private key at the ATM. “Please keep your CAS behind a firewall and VPN. With VPN/Firewall attackers from open internet cannot access your server and exploit it. Terminals should also connect to CAS via VPN.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Chinese national charged for hacking thousands of Sophos firewalls

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Trending Sources

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

Hackers Are Now Exploiting Windows Event Logs

The Cybersecurity Snowball Effect: Crafting Your Career's Virtuous Cycle

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

China’s Volt Typhoon botnet has re-emerged

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

New Leak Shows Business Side of China’s APT Menace

5 Ways to Protect Yourself from IP Address Hacking

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

China Says NSA Is Hacking Top Military Research University

DoS attack the caused disruption at US power utility exploited a known flaw

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

Why Would Someone Hack My Website?

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Check Point released hotfix for actively exploited VPN zero-day

Alfer Microsoft, also SonicWall confirmed that its products were affected by Y2K22 bug

A vulnerable honeypot exposed online can be compromised in 24 hours

FBI and CISA warn of attacks by Rhysida ransomware gang

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

Crooks use software skimmer that pretends to be a security firm

Staying Ahead of the Distortion of a Cyber Attack?

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

Sounding the Alarm on Emergency Alert System Flaws

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Fortinet fixed 16 vulnerabilities, 6 rated as high severity

What is a Cyberattack? Types and Defenses

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Reducing the Time to Discovery: How to Determine if You Have Been Hacked

Emotions Used in Human Hacking

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

DORA Compliance Strategy for Business Leaders

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

IoT Unravelled Part 3: Security

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Stay Connected