Firmware, Information Security and VPN - Cyber Security Informer

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. Cisco has addressed the flaw with the release of firmware version 1.0.01.02

VPN

VPN Small Business Wireless Firmware

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. “The primary causes of the incident include the use of an outdated and vulnerable firmware version on the Fortigate VPN server (version 6.0.2 ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. ” continues the researchers.

VPN

VPN Government Advertising Firmware

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

Security Affairs

APRIL 28, 2023

Researchers from TRAPA Security have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 (CVSS score 9.8), impacting Zyxel Firewall. The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60

Firewall

Firewall Firmware VPN Authentication

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL). Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, routers)

Authentication

Authentication Firmware VPN Manufacturing

Zyxel published guidance for protecting devices from ongoing attacks

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware

Firmware VPN Firewall Hacking

ASUS addressed critical flaws in some router models

Security Affairs

JUNE 19, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates. ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities. “Update your router to the latest firmware. ” ASUS added.

Firmware

Firmware VPN Wireless Passwords

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. Moreover, the infection survives firmware upgrades.” reads the advisory published by the security vendor. reads the advisory published by the security vendor. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware

Malware Firmware VPN Backups

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Successful exploitation of these vulnerabilities could allow attackers to steal sensitive data, inject firmware payloads, and even reach LAN-connected devices. Attackers maintained persistence through VPN credentials, Active Directory DCSYNC access, and firmware-hooking methods to survive updates. ” concludes the report.

Firmware

Firmware Government Firewall Malware

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

. “Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Firmware

Firmware Ransomware Passwords Mobile

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

“Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x x firmware in an imminent ransomware campaign using stolen credentials.”

Ransomware

Ransomware Firmware Mobile InfoSec

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Security Affairs

JUNE 20, 2023

Zyxel released security updates to address a critical security flaw, tracked as CVE-2023-27992 (CVSS score: 9.8), affecting its network-attached storage (NAS) devices. The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0,

Firmware

Firmware Firewall Authentication VPN

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Security Affairs

NOVEMBER 14, 2023

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

Cyber Attacks

Cyber Attacks Firmware Firewall VPN

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Some of the security issues were detected more than once. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here.

Manufacturing

Manufacturing IoT Firmware VPN

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware

Firmware Passwords Accountability VPN

Hackers target zero-day flaws in enterprise Draytek network devices

Security Affairs

MARCH 28, 2020

The two critical remote command injection vulnerabilities tracked as CVE-2020-8515 affect DrayTek Vigor network devices, including enterprise switches, routers, load-balancers, and VPN gateway. On the 6th Feb, we released an updated firmware to address this issue.” ” reads the security bulletin. firmware or later.

Firmware

Firmware VPN Accountability Advertising

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Security Affairs

JANUARY 14, 2024

The vulnerability is an improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

Firewall

Firewall Firmware Cyber Attacks VPN

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

Zyxel fixed firewall unauthenticated remote command injection issue

Security Affairs

MAY 13, 2022

Below is the list of vulnerable products and related patches: Affected model Affected firmware version Patch availability USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall

Firewall Firmware VPN Wireless

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 17, 2022

Below is the list of vulnerable products and related patches: AFFECTED MODEL AFFECTED FIRMWARE VERSION PATCH AVAILABILITY USG FLEX 100(W), 200, 500, 700 ZLD V5.00 USG FLEX 50(W) / USG20(W)-VPN ZLD V5.10 VPN series ZLD V4.60 If possible, enable automatic firmware updates. through ZLD V5.21 Patch 1 ZLD V5.30 through ZLD V5.21

Firewall

Firewall VPN Firmware Internet

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

A critical vulnerability, tracked as CVE-2021-20019 , in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. The flaw resides in the HTTP/HTTPS service used for product management as well as SSL VPN remote access. “An reads the analysis published by Tripwire.

VPN

VPN Firewall Firmware Authentication

Zyxel addressed a critical RCE flaw in its NAS devices

Security Affairs

SEPTEMBER 7, 2022

flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. Below is the list of affected models and the firmware patches released by the company. The post Zyxel addressed a critical RCE flaw in its NAS devices appeared first on Security Affairs. 9)C0 NAS542 V5.21(ABAG.8)C0

Firewall

Firewall Firmware Authentication VPN

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.

DNS

DNS Firmware VPN Risk

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. Citrix blog post: security updates for Citrix SD-WAN WANOP release 10.2.6 Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1

Government

Government VPN Firmware Energy and Utilities

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Firmware Update 8.2B Pierluigi Paganini.

Firmware

Firmware Manufacturing Passwords Penetration Testing

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking

Hacking Firmware Internet Internet

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., Install updates/patch operating systems, software, and firmware as soon as they are released. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords Backups Firmware

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

“To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” The flaws fixed by the vendor are rated as medium and high severity security. .” continues the advisory.

Ransomware

Ransomware Cryptocurrency Malware Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT

IoT DDOS Malware Firmware

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

eSecurity Planet

MAY 20, 2024

It’s also possible that your VPN app will automatically disable the VPN once your device connects to a supposedly trusted Wi-Fi network, according to the researchers at Top10VPN. Use always-active VPN connections and never reuse the same credentials for an SSID.

VPN

VPN Firmware Malware Software

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware. I waited until it expired and forgot to buy it.

Scams

Scams DDOS Cryptocurrency Accountability

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN. Use multi-factor authentication wherever possible. Disable hyperlinks in received emails.

Education

Education Ransomware Phishing Passwords

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

This is to enhance the security of your QNAP NAS. We recommend users to make use of the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware.

Ransomware

Ransomware Internet Internet Encryption

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The vendor released security updates for all these devices and urges customers to update their installs, it also released mitigations to address the flaws. “GE strongly recommends users with impacted firmware versions update their UR devices to UR firmware Version 8.10, or greater to resolve these vulnerabilities.

Firmware

Firmware VPN Firewall Risk

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

……… “ The vendor recommends not exposing the SMB service to the internet and using VPN to access the NAS and reduce the attack surface. Go to Control Panel > System > Firmware Update. Bitcoin wallet is unique for you, so we can find out what you paid. Next to Lowest SMB version , select SMB 2 or higher.

Ransomware

Ransomware Encryption Passwords Internet

Expert found a secret backdoor in Zyxel firewall and VPN

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Trending Sources

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

NSA, CISA release guidance on hardening remote access via VPN solutions

Cisco fixes critical remote code execution issues in SMB VPN routers

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

Zyxel fixed a critical RCE flaw in its firewall devices and urges customers to install the patches

ASUS fixed critical remote authentication bypass bug in several routers

Zyxel published guidance for protecting devices from ongoing attacks

ASUS addressed critical flaws in some router models

Widespread exploitation by botnet operators of Zyxel firewall flaw

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

HelloKitty ransomware gang targets vulnerable SonicWall devices

Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices

Danish critical infrastructure hit by the largest cyber attack in Denmark’s history

Multiple DDoS botnets were observed targeting Zyxel devices

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Hackers target zero-day flaws in enterprise Draytek network devices

Who and What is Behind the Malware Proxy Service SocksEscort?

Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Zyxel fixed firewall unauthenticated remote command injection issue

CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Zyxel addressed a critical RCE flaw in its NAS devices

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Experts found backdoors in a popular Auerswald VoIP appliance

A critical flaw in industrial automation systems opens to remote hack

Daixin Team targets health organizations with ransomware, US agencies warn

FBI warns of ransomware attacks targeting the food and agriculture sector

AgeLocker ransomware operation targets QNAP NAS devices

A new Zerobot variant spreads by exploiting Apache flaws

Vulnerability Recap 5/20/24 – Patch Tuesday, Chrome & D-Link

Interview With a Crypto Scam Investment Spammer

FBI warns of increase in PYSA ransomware attacks targeting education

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

CISA is warning of vulnerabilities in GE Power Management Devices

New Checkmate ransomware target QNAP NAS devices

Stay Connected