Firewall, Telecommunications and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

Strong segmentation with firewalls and DMZs, securing VPN gateways, and ensuring encrypted traffic with TLS v1.3 The US government’s continued investigation into the People’s Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign.”

Telecommunications

Telecommunications Government Mobile Cyber threats

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 15, 2025

CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug U.S. custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware

Spyware Firewall Artificial Intelligence Malware

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 1, 2024

CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog Thai police arrested Chinese hackers involved in SMS blaster attacks Zyxel firewalls targeted in recent ransomware attacks Malware campaign abused flawed Avast Anti-Rootkit driver Russia-linked APT TAG-110 uses targets Europe and Asia Russia-linked threat (..)

Cybercrime

Cybercrime Firewall Social Engineering Ransomware

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware.

Energy and Utilities

Energy and Utilities Telecommunications Technology Government

Becoming an MSSP: Tools, Services & Tips for Managed Security Services

eSecurity Planet

FEBRUARY 9, 2022

According to Jay McBain, an analyst at Forrester Research, spending on IT and telecommunications will be worth about $7 trillion by 2030. Here are a few EDR vendors with an MSP focus: Sophos Intercept X with XDR synchronizes endpoint, server, firewall, and email security. The next few years will see a surge in channel spending.

Backups

Backups Firewall DDOS Antivirus

Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

eSecurity Planet

MARCH 27, 2023

.” The three activity sets included a campaign against the Philippine government between March and May 2022; a campaign against telecommunications and business service providers in South Asia in April 2022; and a campaign against organizations in Belarus and Russia in May 2022.

Firewall

Firewall Internet Internet Ransomware

The War in Technology: A Digital Iron Curtain Goes Up

SecureWorld News

MARCH 10, 2022

We know that war has impacts on telecommunications, but what we've seen in Ukraine is on a different level.". These documents outlined a series of measures the Kremlin wants state-owned websites and online portals to implement by the end of this week in order to "coordinate actions to defend telecommunication services on the internet.".

Technology

Technology Internet Internet Telecommunications

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

History of MSSPs As internet service providers (ISPs) and telecommunications companies (telecoms) began offering commercial access to the internet in the late 1990s, they began to also offer firewall appliances and associated managed services. and then monitors the endpoint alerts to respond to detected threats. Outsourcing U.S.

Firewall

Firewall Telecommunications Penetration Testing Cybersecurity

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. Telecom Infrastructure Abuse: The threat actor used Verizon IPv6 addresses to access the network, leveraging telecommunications infrastructure with a clean reputation to bypass security controls.

Social Engineering

Social Engineering Engineering Accountability Backups

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

AES encryption can be commonly found in communication protocols, virtual private network (VPN) encryption, full-disk encryption, and Wi-Fi transmission protocols. Command and control attacks similarly impersonate legitimate traffic that uses encrypted protocols such as TLS to avoid firewall inspections.

Encryption

Encryption Passwords IoT Firewall

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

Scattered Spider previously targeted telecommunications firms, likely to support its SIM-swapping activities that facilitate account takeovers. Telecom Infrastructure Abuse: The threat actor used Verizon IPv6 addresses to access the network, leveraging telecommunications infrastructure with a clean reputation to bypass security controls.

Social Engineering

Social Engineering Engineering Accountability Backups

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Perimeter81 VPN and zero trust 2020 Private Wiz Cloud security 2020 Private OneTrust Privacy management 2019 Private Darktrace AI network security 2017 Private Recorded Future Threat intelligence 2017 Acquired: Insight Thycotic Access management 2015 Private Checkmarx Application security 2015 Acquired: P.E.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

China-linked APT Salt Typhoon has breached telcos in dozens of countries

Security Affairs

DECEMBER 4, 2024

China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries. reads the joint advisory.

Telecommunications

Telecommunications Government Mobile Cyber threats

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

From a different angle, reporting from The Intercept revealed mobile surveillance capabilities available to Iran for the purposes of domestic investigations that leverage direct access to (and cooperation of) local telecommunication companies. One of the major cyber-incidents of 2022 took place early this year: the Okta hack.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Trending Sources

Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 500 by Pierluigi Paganini – INTERNATIONAL EDITION

FBI chief says China is preparing to attack US critical infrastructure

Becoming an MSSP: Tools, Services & Tips for Managed Security Services

Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

The War in Technology: A Digital Iron Curtain Goes Up

What is a Managed Security Service Provider? MSSPs Explained

Scattered Spider x RansomHub: A New Partnership

What Is Encryption? Definition, How it Works, & Examples

Scattered Spider x RansomHub: A New Partnership

Top VC Firms in Cybersecurity of 2022

China-linked APT Salt Typhoon has breached telcos in dozens of countries

Advanced threat predictions for 2023

Stay Connected