Information Security and VPN - Cyber Security Informer

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Passwords

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN

VPN Passwords Firewall Firmware

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN

VPN Firewall Marketing Encryption

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” “The list of all security advisories and the associated list of vulnerabilities is below. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.”

Firewall

Firewall Firmware VPN Authentication

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions.

VPN

VPN Government Firmware Authentication

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. SecurityAffairs – hacking, VPN services). Pierluigi Paganini.

VPN

VPN Internet Internet Media

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN

VPN Firewall Authentication Hacking

Cisco addressed critical flaws in Small Business VPN routers

Security Affairs

AUGUST 4, 2022

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. SecurityAffairs – hacking, Small Business VPN routers). ” reads the advisory.

Small Business

Small Business VPN Hacking Information Security

Cisco fixes critical, high severity vulnerabilities in VPN routers

Security Affairs

AUGUST 4, 2021

Cisco fixed critical, high severity pre-auth security vulnerabilities impacting multiple Small Business VPN routers. Cisco addressed critical and high severity pre-auth security vulnerabilities that impact multiple Small Business VPN routers. SecurityAffairs – hacking, VPN routers). ” reads the advisory.

VPN

VPN Small Business Hacking Internet

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN

VPN Passwords Authentication Accountability

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

Security Affairs

JUNE 24, 2021

Networking equipment giant Zyxel warns customers of a series of attacks that have been targeting some of its enterprise firewall and VPN devices. Networking equipment vendor Zyxel warned its customers of a series of attacks that have been targeting some of its enterprise firewall and VPN server solutions. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN.

VPN

VPN Education Authentication Engineering

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. In all the intrusions, the attackers targeted Pulse Secure VPN appliances in the breached networks. and Europe.” ” reads the report published by FireEye. and Europe.”

VPN

VPN Government Malware Hacking

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN

VPN Firewall Technology Passwords

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication.

VPN

VPN Authentication Hacking Cybersecurity

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Impacted devices include Unified Security Gateway (USG), ATP, USG FLEX and VPN firewalls products. 2020 VPN series running firmware ZLD V4.60 They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Patch1 in Dec. 2020 USG series running firmware ZLD V4.60 Patch1 in Dec.

Firewall

Firewall VPN Firmware Passwords

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Security Affairs

JUNE 17, 2021

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Experts also spotted a tainted version of the Psiphon tool, an open-source VPN software used to evade internet censorship. Pierluigi Paganini.

VPN

VPN Internet Internet Software

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

The botnet operators are targeting multiple SOHO devices and VPN appliances, including TP-LINK, Zyxel, Asus, D-Link, and Netgear, exploiting both known and previously unknown vulnerabilities. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts.

Passwords

Passwords Wireless VPN Accountability

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

.” In the first week of September, Groove posted on its darknet blog nearly 500,000 login credentials for customers of Fortinet VPN products, usernames and passwords that could be used to remotely connect to vulnerable systems. Triggering the directors of information security companies. ” Image: @nokae8.

Ransomware

Ransomware Cybercrime VPN Media

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen’s telemetry shows that roughly 50% of the targeted enterprise devices are configured as a virtual private network (VPN) gateway. Lumen experts also mentioned another variant of cd00r, codenamed SEASPY , that was used in a campaign targeting Barracuda Email Security Gateway (ESG) appliances that dates back in 2022.

Malware

Malware VPN Encryption Hacking

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. Through forensic analysis of the memory sample, Volexity was able to recreate two proof-of-concept exploits that allowed full unauthenticated command execution on the ICS VPN appliance.

VPN

VPN Authentication Small Business Telecommunications

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

FEBRUARY 9, 2024

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. The vendor recommends to disable SSL VPN as a workaround. “Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). ” reads the advisory.

VPN

VPN Firmware Malware Government

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

Security Affairs

DECEMBER 12, 2022

Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.”

VPN

VPN Hacking Cybersecurity Information Security

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

JANUARY 14, 2025

The campaign likely began in November 2024, the campaign unfolded in four phases: vulnerability scanning (Nov 1623, 2024), reconnaissance (Nov 2227), SSL VPN setup (Dec 47), and lateral movement (Dec 1627). In the next phase (starting Dec 4, 2024), attackers targeted SSL VPN access by creating super admin accounts or hijacking existing ones.

Firewall

Firewall VPN Accountability Firmware

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. 2021-11-10: PAN released patches and a security bulletin assigning the vulnerability CVE-2021-3064. SecurityAffairs – hacking, GlobalProtect VPN ). 2020-11-20: Randori discovered the HTTP smuggling capability.

VPN

VPN Firewall Internet Internet

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

They then connect via VPN from wherever they are physically located (North Korea or across the border in China) and work at night so that it appears as if they are working during the day in the United States. He is also the author of the book La Gestione della Cyber Security nella Pubblica Amministrazione.

Risk

Risk Education Scams VPN

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. The experts published the Yara rule for the detection of similar KrustyLoader samples. KrustyLoader – as I dubbed it – performs specific checks in order to run only if conditions are met.”

VPN

VPN Malware Authentication Small Business

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware gang targets Cisco VPN products to gain initial access to corporate networks and steal their data. The group now is targeting Cisco VPN products to gain initial access to corporate networks. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN

VPN Government Malware Manufacturing

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

Example 2: Using a VPN. A lot of people are confused about VPNs. They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. If you log in at the end website you’ve identified yourself to them, regardless of VPN.

VPN

VPN Risk Hacking Encryption

Zyxel firewall and VPN devices affected by critical flaws

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. Patch 2 VPN ZLD V4.30

Firewall

Firewall VPN Authentication Hacking

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

Mandiant researchers recently discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices. The software firm recommends importing the “mitigation.release.20240126.5.xml” 20240126.5.xml”

VPN

VPN Authentication Software Malware

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

A cyberattack on the Virginia Attorney Generals Office forced officials to shut down IT systems, including email and VPN, and revert to paper filings. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency.

Ransomware

Ransomware Hacking Social Engineering VPN

Cisco warns of XSS flaw in end-of-life small business routers

Security Affairs

APRIL 6, 2024

.” The flaw impacts all software releases for the following Cisco RV Series Small Business Routers: RV016 Multi-WAN VPN Routers RV042 Dual WAN VPN Routers RV042G Dual Gigabit WAN VPN Routers RV082 Dual WAN VPN Routers RV320 Dual Gigabit WAN VPN Routers RV325 Dual Gigabit WAN VPN Routers To mitigate this vulnerability on Cisco Small Business RV320 (..)

Small Business

Small Business VPN Wireless Software

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware VPN Ransomware

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Security Affairs

MARCH 14, 2025

“When the firewall had VPN capabilities, the threat actor created local VPN user accounts with names resembling legitimate accounts but with an added digit at the end. These newly created users were then added to the VPN user group, enabling future logins.” ” reads the report.

Firewall

Firewall Ransomware VPN Encryption

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

The advisory pointed out that these IP addresses may be associated with VPN services, for this reason, they are also associated with legitimate user activity. .” The cybersecurity firm observed malicious activities originating from the following IP addresses 136.144.17[.]* 173.239.218[.]251 251 216.73.162[.]*

Firewall

Firewall Internet Internet VPN

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. Deny Remote Access VPN Using the Default Group Policy ( DfltGrpPolicy ).

Ransomware

Ransomware VPN Authentication Hacking

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities. Consider extra security layers : Use additional protection like a VPN for safer online activity. Long-term monitoring : Regularly check for unusual account activity to guard against potential identity theft.

Identity Theft

Identity Theft Passwords Malware Banking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Security firm SonicWall was victim of a coordinated attack

Security Affairs

JANUARY 23, 2021

The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vulnerabilities in their VPN solutions, such as NetExtender VPN client version 10.x x and Secure Mobile Access ( SMA ). Below the list of affected products shared by THN: NetExtender VPN client version 10.x

VPN

VPN Firewall Mobile Hacking

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Trending Sources

New TunnelVision technique can bypass the VPN encapsulation

SonicWall warns of an exploitable SonicOS vulnerability

NSA, CISA release guidance on hardening remote access via VPN solutions

Russian internet watchdog Roskomnadzor bans six more VPN services

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Cisco addressed critical flaws in Small Business VPN routers

Cisco fixes critical, high severity vulnerabilities in VPN routers

Check Point released hotfix for actively exploited VPN zero-day

Zyxel warns customers of attacks on its enterprise firewall and VPN devices

A zero-day in Atlas VPN Linux Client leaks users’ IP address

China-linked APT groups targets orgs via Pulse Secure VPN devices

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Expert found a secret backdoor in Zyxel firewall and VPN

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Multiple malware used in attacks exploiting Ivanti VPN flaws

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Chinese threat actors use Quad7 botnet in password-spray attacks

The ‘Groove’ Ransomware Gang Was a Hoax

J-magic malware campaign targets Juniper routers

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Digital nomads and risk associated with the threat of infiltred employees

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

China’s Volt Typhoon botnet has re-emerged

Everyday Threat Modeling

Zyxel firewall and VPN devices affected by critical flaws

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Cloak ransomware group hacked the Virginia Attorney General’s Office

Cisco warns of XSS flaw in end-of-life small business routers

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

International law enforcement operation dismantled RedLine and Meta infostealers

Who and What is Behind the Malware Proxy Service SocksEscort?

Security firm SonicWall was victim of a coordinated attack

Stay Connected