Firmware, Information Security and VPN - Cyber Security Informer

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. ” reported Heise Security.

VPN

VPN Passwords Firewall Firmware

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.”

Firewall

Firewall Firmware VPN Authentication

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware

Firmware Government Firewall Malware

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. Cisco has addressed the flaw with the release of firmware version 1.0.01.02

VPN

VPN Small Business Wireless Firmware

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. ” continues the researchers.

VPN

VPN Government Advertising Firmware

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). ” The researchers noticed that the attack targeted firmware versions of devices ranging between 7.0.14

Firewall

Firewall VPN Accountability Firmware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later.

Firmware

Firmware VPN Accountability Advertising

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, routers)

Authentication

Authentication Firmware VPN Manufacturing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here.

Manufacturing

Manufacturing IoT Firmware VPN

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

A list of the user IDs permitted to use the firewall for SSL VPN and accounts that were permitted to use a clientless VPN connection. Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices.

Firewall

Firewall Hacking Malware Passwords

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware. ” ASUS added.

Firmware

Firmware VPN Wireless Passwords

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” reads the advisory published by the security vendor. reads the advisory published by the security vendor. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware

Malware Firmware VPN Backups

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.

DNS

DNS Firmware VPN Risk

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking

Hacking Firmware Internet Internet

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. Citrix blog post: security updates for Citrix SD-WAN WANOP release 10.2.6 Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1

Government

Government VPN Firmware Energy and Utilities

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware. I waited until it expired and forgot to buy it.

Scams

Scams DDOS Cryptocurrency Accountability

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall

Firewall Firmware VPN Wireless

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall

Firewall VPN Firmware Internet

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

“To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” The flaws fixed by the vendor are rated as medium and high severity security. .” continues the advisory.

Ransomware

Ransomware Cryptocurrency Malware Internet

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Firmware Update 8.2B Pierluigi Paganini.

Firmware

Firmware Manufacturing Passwords Penetration Testing

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. The post Zyxel addressed a critical RCE flaw in its NAS devices appeared first on Security Affairs. 9)C0 NAS542 V5.21(ABAG.8)C0

Firewall

Firewall Firmware Authentication VPN

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Focus on cyber security awareness and training. Require administrator credentials to install software.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use multi-factor authentication wherever possible. Disable hyperlinks in received emails.

Education

Education Ransomware Phishing Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a virtual private network (VPN).

Ransomware

Ransomware Antivirus Passwords Malware

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

SonicWall warns of an exploitable SonicOS vulnerability

Trending Sources

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

NSA, CISA release guidance on hardening remote access via VPN solutions

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Cisco fixes critical remote code execution issues in SMB VPN routers

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Hackers target zero-day flaws in enterprise Draytek network devices

HelloKitty ransomware gang targets vulnerable SonicWall devices

ASUS fixed critical remote authentication bypass bug in several routers

Who and What is Behind the Malware Proxy Service SocksEscort?

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Zyxel published guidance for protecting devices from ongoing attacks

Chinese national charged for hacking thousands of Sophos firewalls

ASUS addressed critical flaws in some router models

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Widespread exploitation by botnet operators of Zyxel firewall flaw

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

A critical flaw in industrial automation systems opens to remote hack

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Interview With a Crypto Scam Investment Spammer

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Zyxel fixed firewall unauthenticated remote command injection issue

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

AgeLocker ransomware operation targets QNAP NAS devices

Multiple DDoS botnets were observed targeting Zyxel devices

Experts found backdoors in a popular Auerswald VoIP appliance

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel addressed a critical RCE flaw in its NAS devices

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of increase in PYSA ransomware attacks targeting education

BlackCat Ransomware gang breached over 60 orgs worldwide

Stay Connected