Information Security, Software and VPN - Cyber Security Informer

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Passwords

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

The most severe flaw included in the September 2024 security bulletin is the critical, remote code execution (RCE) vulnerability CVE-2024-40711 (CVSS v3.1 Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. SecurityAffairs – hacking, VPN services). Pierluigi Paganini.

VPN

VPN Internet Internet Media

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN.

VPN

VPN Education Authentication Engineering

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” in the open-source Roundcube webmail software.

VPN

VPN Firewall Technology Passwords

Cisco fixes critical remote code execution issues in SMB VPN routers

Security Affairs

FEBRUARY 4, 2021

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

VPN

VPN Small Business Wireless Firmware

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Experts also spotted a tainted version of the Psiphon tool, an open-source VPN software used to evade internet censorship. Pierluigi Paganini.

VPN

VPN Internet Internet Software

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

FEBRUARY 16, 2020

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. ” reads the report published by ClearSky.

VPN

VPN Advertising Telecommunications Hacking

Expired certificate caused a Pulse Secure VPN global scale outage

Security Affairs

APRIL 12, 2021

Pulse Secure VPN users were not able to login due to the expiration of a code signing certificate used to digitally sign and verify software components. Pulse Secure VPN users were not able to login after a code signing certificate used to digitally sign and verify software components has expired.

VPN

VPN Software Hacking Information Security

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft

Identity Theft Passwords Malware Banking

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. ” reads the advisory published by CISA.

Software

Software VPN Cybersecurity Internet

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

Lenny Zeltser

JULY 6, 2017

When analyzing malware or performing other security research, it’s often useful to tunnel connections through a VPN in a public cloud. Moreover, by using VPN exit nodes in different cities and even countries, the researcher can explore the target from multiple geographic vantage points, which sometimes yields additional findings.

VPN

VPN Software DNS Internet

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs

APRIL 24, 2020

SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. REvil/Sodinokibi Ransomware group just posted a threatening message to Seachange, a global, public supplier of video delivery software. – Seachange has over 50,000,000 subscribers.

Software

Software Ransomware VPN Advertising

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The Orange Cyberdefense CERT investigated four attackers with a similar initial access vector consisting of thecompromise of a Check Point VPN appliance. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features.

Healthcare

Healthcare Ransomware VPN Malware

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

Security Affairs

OCTOBER 20, 2021

Zerodium is looking to pay for zero-day exploits for vulnerabilities in the Windows clients of three virtual private network (VPN) service providers, ExpressVPN, NordVPN, and Surfshark. Zerodium is searching for information disclosure, IP address leak, or remote code execution in the Windows VPN software of the three service providers.

VPN

VPN Software Mobile Hacking

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report. .

Malware

Malware Software Technology Accountability

Cisco addresses ten high-risk issues in NX-OS software

Security Affairs

AUGUST 28, 2020

Cisco addressed ten high-risk vulnerabilities in NX-OS software, including some issues that could lead to code execution and privilege escalation. Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation.

Software

Software Risk Advertising Authentication

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510.

VPN

VPN Advertising Hacking Government

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Security Affairs

MAY 25, 2021

A flaw in Pulse Connect Secure VPN could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. Ivanti addressed a high severity Buffer Overflow vulnerability in Secure VPN appliances that could allow a remote authenticated attacker to execute arbitrary code with elevated privileges.

VPN

VPN Authentication Hacking Software

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The experts published the Yara rule for the detection of similar KrustyLoader samples. KrustyLoader – as I dubbed it – performs specific checks in order to run only if conditions are met.”

VPN

VPN Malware Authentication Small Business

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware VPN Ransomware

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. ASEC researchers recently discovered that Amadey malware is being distributed by SmokeLoader which is hidden in software cracks and serial generation programs available on multiple sites. Pierluigi Paganini.

Software

Software Malware Cybercrime VPN

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

Malwarebytes

JANUARY 4, 2023

Synology has issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of Synology VPN Plus Server. VPN Plus Server. VPN Plus Server allows users to turn their Synology Router into a Virtual Rrivate Network (VPN) server. Vulnerability. 0534 and 1.4.4-0635

VPN

VPN Internet Internet Engineering

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

Rebuild the device per Ivanti’s instructions AND upgrade to one of the following supported software versions through Ivanti’s download portal (there is no cost to upgrade): 9.1R18.3, The software company also warned that one of these two vulnerabilities is under active exploitation in the wild. x) and Policy Secure (9.x,

VPN

VPN Authentication Software Malware

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. SecurityAffairs – Pulse Secure VPN , hacking). Pierluigi Paganini.

VPN

VPN InfoSec Advertising Cybersecurity

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security Affairs

SEPTEMBER 23, 2019

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. In versions of the software lower than 6.6.1 SecurityAffairs – Forcepoint VPN Client , hacking). Pierluigi Paganini.

VPN

VPN Advertising Hacking Malware

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

APRIL 6, 2024

The IT giant pointed out that the impacted devices are end-of-life (EoL) RV series small business routers and the company will not release software updates to fix the problem. An unauthenticated, remote attacker can conduct a cross-site scripting (XSS) attack against a user of the interface.

Small Business

Small Business VPN Wireless Software

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Security Affairs

JANUARY 20, 2023

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. ” concludes Mandiant.

VPN

VPN Firewall Internet Internet

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN

VPN Software Encryption Authentication

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Spur tracks SocksEscort as a malware-based proxy offering, which means the machines doing the proxying of traffic for SocksEscort customers have been infected with malicious software that turns them into a traffic relay. co and a VPN provider called HideIPVPN[.]com. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. ” reads the advisory published by the IT giant. or earlier).

Ransomware

Ransomware VPN Authentication Hacking

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The Pentagon, State Department, NASA, National Security Agency (NSA), Postal Service, NOAA, Department of Justice, and the Office of the President of the United States use SolarWinds solutions. The attacks are the work of a highly-skilled threat actor and the operation was conducted with significant operational security, FireEye explained.

Hacking

Hacking Software Telecommunications Government

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

DECEMBER 13, 2020

Many enterprises have accelerated their use of Virtual Private Network (VPN) solutions to support remote workers during this pandemic. However deploying VPNs on a wide-scale basis introduces performance and scalability issues. SASE can function as security infrastructure and as the core IT network of large enterprises.

IoT

IoT B2C B2B VPN

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

CODESYS addressed 11 security flaws in the ICS Automation Software that could lead to information disclosure and trigger a denial-of-service (DoS) condition. CODESYS has released security patches to fix eleven 11 vulnerabilities in its ICS Automation Software. Follow me on Twitter: @securityaffairs and Facebook.

Software

Software Manufacturing Firmware Risk

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Security Affairs

AUGUST 6, 2024

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. The malware was concealed within security authentication software used during website login. ” continues the joint advisory.

VPN

VPN Malware Software Hacking

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

DECEMBER 19, 2022

The bugs, some of which are rated as ‘critical’ severity, impact Cisco IOS, NX-OS, and HyperFlex software. Below are the critical vulnerabilities being exploited in attacks in the wild: CVE-2017-12240 (CVSS score of 9.8) – The vulnerability affects the DHCP relay subsystem in IOS and IOS XE software.

Wireless

Wireless VPN Software Hacking

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Security Affairs

SEPTEMBER 8, 2021

Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six virtual private networks (VPNs), Hola!VPN, VPN, ExpressVPN, KeepSolid VPN Unlimited, Nord VPN, Speedify VPN, and IPVanish VPN. ” reads the announcement published by Roskomnadzor.

VPN

VPN Internet Internet Mobile

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Security Affairs

APRIL 9, 2021

The company has not released security updates to address this flaw, the company pointed out that there are no workarounds that fix this vulnerability. The flaw affects the following Cisco Small Business RV Series Routers: RV110W Wireless-N VPN Firewall RV130 VPN Router RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router.

Small Business

Small Business Wireless VPN Firewall

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

Russian internet watchdog Roskomnadzor bans six more VPN services

Webinars

NSA, CISA release guidance on hardening remote access via VPN solutions

A zero-day in Atlas VPN Linux Client leaks users’ IP address

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Cisco fixes critical remote code execution issues in SMB VPN routers

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Expired certificate caused a Pulse Secure VPN global scale outage

International law enforcement operation dismantled RedLine and Meta infostealers

Multiple malware used in attacks exploiting Ivanti VPN flaws

CISA published 2021 Top 15 most exploited software vulnerabilities

How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud

SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

NailaoLocker ransomware targets EU healthcare-related entities

Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

3CX Breach Was a Double Supply Chain Compromise

Cisco addresses ten high-risk issues in NX-OS software

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Ivanti fixes high severity flaw in Pulse Connect Secure VPN

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Amadey malware spreads via software cracks laced with SmokeLoader

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Update VPN Plus Server now! Synology patches vulnerability with a CVSS of 10

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Cisco warns of XSS flaw in end-of-life small business routers

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Who and What is Behind the Malware Proxy Service SocksEscort?

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

Two critical flaws affect CODESYS ICS Automation Software

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Old vulnerabilities in Cisco products actively exploited in the wild

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Russian communications watchdog Roskomnadzor blocks access to 6 VPNs

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Stay Connected