Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. SecurityAffairs – hacking, VPN services).

VPN 137

VPN Internet Internet Media 137

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN 144

VPN Government Firmware Authentication 144

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. Lumen experts also mentioned another variant of cd00r, codenamed SEASPY , that was used in a campaign targeting Barracuda Email Security Gateway (ESG) appliances that dates back in 2022. .

Malware 120

Malware VPN Encryption Hacking 120

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords 132

Passwords Wireless VPN Accountability 132

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups 129

Backups VPN Ransomware Authentication 129

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. SecurityAffairs – hacking, VPN routers). Pierluigi Paganini.

VPN 134

VPN Small Business Hacking Internet 134

Security Affairs

AUGUST 4, 2022

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. SecurityAffairs – hacking, Small Business VPN routers). Pierluigi Paganini.

Small Business 137

Small Business VPN Hacking Information Security 137

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN 112

VPN Firewall Technology Passwords 112

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN 133

VPN Firewall Marketing Encryption 133

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN 124

VPN Passwords Authentication Accountability 124

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN 143

VPN Firewall Firmware Authentication 143

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN 140

VPN Government Malware Hacking 140

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN 139

VPN Firewall Authentication Hacking 139

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate.

VPN 98

VPN Ransomware Hacking Education 98

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN.

VPN 136

VPN Education Authentication Engineering 136

Security Affairs

APRIL 18, 2025

It is recommended to (1) Disable AiCloud (2) disable any services that can be accessed from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.” ” concludes the security advisory.

Firmware 114

Firmware Authentication Passwords VPN 114

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 They could also intercept traffic or create VPN accounts to gain access to the network behind the device. SecurityAffairs – hacking, Zyxel). Patch1 in Dec. Patch1 in Dec.

Firewall 144

Firewall VPN Firmware Passwords 144

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Experts also spotted a tainted version of the Psiphon tool, an open-source VPN software used to evade internet censorship. SecurityAffairs – hacking, ransomware).

VPN 140

VPN Internet Internet Software 140

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall 81

Firewall VPN Accountability Firmware 81

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN 326

VPN Risk Hacking Encryption 326

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN 134

VPN Malware Authentication Hacking 134

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Consider extra security layers : Use additional protection like a VPN for safer online activity.

Identity Theft 124

Identity Theft Passwords Malware Banking 124

Security Affairs

NOVEMBER 3, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 108

Cryptocurrency Hacking Phishing Cyber Attacks 108

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. A KAERI spokesperson revealed that threat actors exploited a vulnerability in a virtual private network (VPN) server to gain access to the network of the institute. ” reported The Record. .”

Hacking 144

Hacking VPN Internet Internet 144

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China)

VPN 121

VPN Government Malware Manufacturing 121

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN 140

VPN Firewall Accountability Cybersecurity 140

Security Affairs

MARCH 4, 2025

They then connect via VPN from wherever they are physically located (North Korea or across the border in China) and work at night so that it appears as if they are working during the day in the United States. He is also the author of the book La Gestione della Cyber Security nella Pubblica Amministrazione.

Risk 121

Risk Education Scams VPN 121

Security Affairs

DECEMBER 12, 2022

Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.”

VPN 114

VPN Hacking Cybersecurity Information Security 114

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare 84

Healthcare Ransomware VPN Malware 84

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Hacking 135

Hacking VPN Ransomware Cybercrime 135

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN 131

VPN Firmware Malware Government 131

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN 127

VPN Authentication Small Business Telecommunications 127

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework. ” concludes the report.

VPN 126

VPN Malware Authentication Small Business 126

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware 134

Ransomware Hacking VPN Phishing 134

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. 2021-11-10: PAN released patches and a security bulletin assigning the vulnerability CVE-2021-3064. SecurityAffairs – hacking, GlobalProtect VPN ). 2021-11-10: This report was published.

VPN 127

VPN Firewall Internet Internet 127

Security Affairs

MAY 4, 2025

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. Unfortunately, according to security experts , the group now fixed its problems and can encrypt the files on compromised Exchange servers.

Ransomware 113

Ransomware Encryption VPN Malware 113