Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access to victims’ networks. Up to now, a large number of VPN users have been attacked.” are vulnerable.

VPN 144

VPN Government Advertising Firmware 144

Security Affairs

NOVEMBER 25, 2024

“A command injection vulnerability in the IPSec VPN feature of some firewall versions could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device.” ” The vendor addressed these vulnerabilities with the release of firmware version 5.39

Firewall 73

Firewall Ransomware VPN Firmware 73

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 131

VPN Firmware Malware Government 131

Security Affairs

FEBRUARY 6, 2024

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. The RAT is used as second-stage malware, the experts pointed out that it doesn’t exploit a new vulnerability. COATHANGER is a stealthy malware that hooks system calls that could reveal its presence.

Malware 134

Malware Firmware VPN Backups 134

Krebs on Security

JUNE 15, 2023

But last week, Barracuda took the highly unusual step of offering to replace compromised ESGs , evidently in response to malware that altered the systems in such a fundamental way that they could no longer be secured remotely with software updates. “They sold so many VPNs through the pandemic and this is the hangover,” Gray said.

Risk 267

Risk VPN Internet Internet 267

Security Boulevard

MARCH 31, 2025

Privacy Without Compromise: Proton VPN is Now Built Into Vivaldi Vivaldi Vivaldi integrates ProtonVPN natively into its desktop version of its browser. Version 2 reduces traffic overhead and introduces dynamic configurations varying VPN tunnel characteristics. Malware campaigns covered generally target/affect the end user.

VPN 59

VPN Surveillance Malware Data breaches 59

Security Affairs

DECEMBER 11, 2024

The man and co-conspirators exploited a zero-day vulnerability, tracked as CVE-2020-12271 , in Sophos firewalls to deploy malware. The malware stole data and encrypted files to block remediation attempts. Tianfeng worked at Sichuan Silence Information Technology Co., based Sophos Ltd. ” reads the press release published by DoJ.

Firewall 75

Firewall Hacking Malware Passwords 75

Security Boulevard

MARCH 24, 2025

Vulnerabilities and Malware Primarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user. Once executed, the script fetches the information stealing malware.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware 137

Ransomware Firmware Mobile InfoSec 137

Security Affairs

MAY 1, 2021

If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” ” QNAP NAS devices continue to be under attack, earlier March, researchers at 360Netlab warned of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices.

Ransomware 143

Ransomware Cryptocurrency Malware Internet 143

Security Affairs

JUNE 4, 2023

Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting CVE-2023-28771 , CVE-2023-33009 , and CVE-2023-33010 vulnerabilities. Patch 2 VPN ZLD V4.60 Patch 1 ZLD V5.36

Firmware 98

Firmware VPN Firewall Hacking 98

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. “Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

Firewall 98

Firewall Firmware VPN DDOS 98

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 The password for this account can be found in cleartext in the firmware.” reads the advisory published by NIST.

Firmware 124

Firmware Passwords Accountability VPN 124

CSO Magazine

NOVEMBER 9, 2022

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks.

Malware 69

Malware Firmware VPN 69

Security Boulevard

FEBRUARY 17, 2025

Privacy Services Mullvad has partnered with Obscura VPN Mullvad Mullvad announces its partnership with ObscuraVPN; Mullvad WireGuard VPN servers can be used as the exit hop for the two-party VPN service offered by ObscuraVPN. Malware campaigns covered generally target/affect the end user.

Surveillance 52

Surveillance Data breaches VPN Malware 52

Security Affairs

JUNE 20, 2023

The vulnerability is a pre-authentication command injection issue that impacts the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, 14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, 11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. ” reads the advisory published by Zyxel.

Firmware 98

Firmware Firewall Authentication VPN 98

Security Affairs

FEBRUARY 11, 2019

Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. “Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0

Antivirus 111

Antivirus Advertising Firmware VPN 111

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Install and regularly update antivirus and anti-malware software on all hosts.

Ransomware 134

Ransomware Antivirus Passwords Malware 134

Security Affairs

APRIL 25, 2019

. “An open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.” This malicious website could potentially run or download arbitrary malware on the user’s machine.

Firmware 102

Firmware Social Engineering Advertising Malware 102

Security Affairs

NOVEMBER 29, 2020

Experts was that vendors may have bought vulnerable versions of this stack before the 2012 update and are still using it in their firmware. “However, many vendors may have bought vulnerable versions of this stack prior to the 2012 update, starting in the early 2000s when it was first issued, and integrated it into their own firmware.

Hacking 140

Hacking Firmware Internet Internet 140

Security Affairs

SEPTEMBER 15, 2020

7 ] CVE-2019-19781 : Citrix Virtual Private Network (VPN) Appliances – CISA has observed the threat actors attempting to discover vulnerable Citrix VPN Appliances. Citrix blog post: firmware updates for Citrix ADC and Citrix Gateway versions 12.1 CVE-2019-19781 enabled the actors to execute directory traversal attacks.[

Government 104

Government VPN Firmware Energy and Utilities 104

Security Boulevard

MARCH 3, 2025

Privacy Services Brave iOS update brings Smart Proxy and Kill Switch AlternativeTo This has more to do with Brave's VPN service rather than its browser. An update (version 1.75) on iOS introduces Smart Proxy and Kill Switch for Brave's VPN service. Malware campaigns covered generally target/affect the end user.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

Security Affairs

JULY 22, 2023

The cause of the vulnerability is the improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35.

DDOS 98

DDOS Firmware VPN Firewall 98

Krebs on Security

MAY 22, 2023

Very often, this proxy software is installed surreptitiously, such as through a “Free VPN” service or mobile app. Residential proxies also can refer to households protected by compromised home routers running factory-default credentials or outdated firmware. “Consider salaries in Russia,” Quotpw said.

Scams 303

Scams DDOS Cryptocurrency Accountability 303

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT 125

IoT DDOS Malware Firmware 125

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Install updates/patch operating systems, software, and firmware as soon as they are released. • Install and regularly update anti-virus and anti-malware software on all hosts.

Ransomware 145

Ransomware Encryption Passwords Malware 145

eSecurity Planet

MAY 3, 2022

The goal is to redirect the victims to rogue servers owned by the hackers to steal credentials or install malware. According to the researchers, the affected devices are “well-known IoT devices running the latest firmware.” Admins need to apply the latest updates to all vendors and watch for the next firmware releases.

DNS 132

DNS Risk Firmware IoT 132

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 118

Ransomware DDOS Passwords Backups 118

eSecurity Planet

JANUARY 16, 2024

January 10, 2024 Thousands of WordPress Sites Vulnerable to Malware Injection Type of vulnerability: Cross-site scripting flaw in Popup Builder that allows a malware injection. The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Versions 9.x 20240107.1.xml

Firewall 110

Firewall Firmware IoT Authentication 110

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 116

Banking Malware Computers and Electronics Mobile 116

eSecurity Planet

MAY 28, 2021

Malware detection has long been a game of signature detection. With ML and artificial intelligence (AI) using thousands of strains to train algorithms, one would surmise that the ability to detect malware is only improving. Hackers are using the same ML and AI technology to avoid using recognized malware. Current Target: VBOS.

Software 120

Software DNS Firmware VPN 120

Security Boulevard

MARCH 15, 2022

The ransomware group specified that “they are not looking for data” but rather to buy remote VPN access to the corporate network. Attackers can use the compromised code signing certificates to sign malware, so it will appear to be legitimate and trustworthy and escape security solutions to be loaded and executed.

Ransomware 128

Ransomware Telecommunications Firmware Media 128

eSecurity Planet

MARCH 21, 2022

They then authenticated to the victim’s VPN to initiate a remote desktop protocol (RDP) connection to the domain controllers. Update software, including operating systems, applications, and firmware on IT network assets in a timely manner. When possible, implement multi-factor authentication on all VPN connections.

VPN 118

VPN Accountability Authentication Passwords 118

eSecurity Planet

JANUARY 22, 2024

This week’s vulnerability news include GitHub credential access, a new Chrome fix, and hidden malware from pirated applications hosted on Chinese websites. The problem: The Unified Extensible Firmware Interface (UEFI) specification has an open-source network implementation, EDK II, with nine discovered vulnerabilities.

Authentication 115

Authentication Malware VPN Mobile 115

Security Affairs

SEPTEMBER 3, 2021

Install updates/patch operating systems, software, and firmware as soon as they are released. Install and regularly update anti-virus and anti-malware software on all hosts. Consider installing and using a VPN. hard drive, storage device, the cloud). Use multifactor authentication with strong pass phrases where possible.

Ransomware 118

Ransomware Passwords Backups Firmware 118

Malwarebytes

SEPTEMBER 3, 2021

Rise in malware. As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware 142

Ransomware Manufacturing Passwords Internet 142

Adam Levin

FEBRUARY 10, 2020

The reason phishing is an issue here is that it could be a way to propagate crippling malware throughout a population. Wiping attacks are also possible, where malware simply deletes everything on your hard drive. Tip: Pause before you click on a link in an email or open an attachment. Update Everything. Back Up Your Files.

Passwords 245

Passwords Phishing Password Management Accountability 245