IoT and VPN - Cyber Security Informer

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

MARCH 20, 2020

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. which boasts some 100 million devices deployed worldwide.

IoT

IoT DDOS VPN Firewall

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Microsoft warns of BadAlloc flaws in OT, IoT devices

Security Affairs

APRIL 30, 2021

Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers from Microsoft’s Section 52 team recently uncovered several critical memory allocation flaws, collectively tracked as BadAlloc , affecting IoT and OT devices.

IoT

IoT VPN Firewall Risk

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes.

VPN

VPN Hacking IoT Advertising

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. In today’s digital-driven world, IoT connects almost everything including homes, offices, and vehicles, allowing users the convenience of activating and operating nearly any device remotely. Think again.

IoT

IoT Spyware VPN Passwords

Google One gets certified by Internet of Secure Things Alliance

CyberSecurity Insiders

APRIL 18, 2021

The aim of the new IoT Security Certification program is to offer developers a group badge to earn for their software that helps build trust among users. As of now, the alliance has approved mobile apps and Virtual Private Network (VPN) services and is planning to include all cloud connected services like social media apps in near future.

Internet

Internet Internet VPN IoT

FortiGate VPN Default Config Allows MitM Attacks

Threatpost

SEPTEMBER 25, 2020

The client's default configuration for SSL-VPN has a certificate issue, researchers said.

VPN

VPN Authentication IoT

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

AUGUST 3, 2024

The hidden weakness: human error Despite leaps in cybersecurity technology, human error remains an Achilles heel in SCADA and IoT security. A compromised VPN account with a weak password led to a ransomware attack that disrupted fuel supplies throughout the U.S. The attacker's gateway? Human blunders.

IoT

IoT Education Technology Passwords

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

The Last Watchdog

DECEMBER 13, 2020

Many enterprises have accelerated their use of Virtual Private Network (VPN) solutions to support remote workers during this pandemic. However deploying VPNs on a wide-scale basis introduces performance and scalability issues. SASE then provides secure connectivity between the cloud and users, much as with a VPN.

IoT

IoT B2C B2B VPN

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. “Additional services that the devices offer besides routing – such as multimedia functions or VPN – tend to be outdated as well. ” reads the advisory published by the experts.

Manufacturing

Manufacturing IoT Firmware VPN

A New Standard for Mobile App Security

Google Security

APRIL 15, 2021

We’ve seen early interest from Internet of Things (IoT) and virtual private network (VPN) developers, however the standard is appropriate for any cloud connected service such as social, messaging, fitness, or productivity apps.

Mobile

Mobile VPN IoT Internet

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

The Last Watchdog

JULY 30, 2021

Then a global pandemic came along and laid bare just how brittle company VPNs truly are. Criminal hackers recognized the golden opportunity presented by hundreds of millions employees suddenly using a company VPN to work from home and remotely connect to an array of business apps. Two sweeping trends resulted: one bad, one good.

VPN

VPN Firewall Encryption Accountability

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

NOVEMBER 26, 2021

Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT

IoT Wireless DDOS VPN

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

The Last Watchdog

DECEMBER 9, 2021

Securing Iot, MEC. However, these advancements open the door to new potential threats and vulnerabilities such as kernel bypass, DDOS attacks on 5G service interfaces, cyberattacks on the Internet-of-Things (IoT) ecosystem, leading to Zero-day exploits, software tampering and API exploits. Work from anywhere, forever .

Mobile

Mobile IoT Cybersecurity Digital transformation

New Linux Malware Surges, Surpassing Android

eSecurity Planet

AUGUST 2, 2022

The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, from 226,334 samples to nearly 1.7 The Atlas VPN team used AV-ATLAS, a threat intelligence platform from AV-TEST Gmb, for its report. million malware samples in the first half of 2022.

Malware

Malware VPN Encryption Marketing

OpenSSH trojan campaign targets Linux systems and IoT devices

Malwarebytes

JUNE 26, 2023

Poorly configured Linux and Internet of Things (IoT) devices are at risk of compromise from a cryptojacking campaign , according to researchers at Microsoft. Use least-privileges access: Use a secure virtual private network (VPN) service for remote access and restrict remote access to the device.

IoT

IoT Adware Firmware Internet

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

The technologies used by organizations to facilitate remote work include virtual private network (VPN) connections and remote desktop protocol (RDP). Opportunistic threat actors know that with remote work not going away, there will be chances to gain entry to corporate networks by exploiting RDP and VPN connections. IoT Devices.

IoT

IoT Phishing Passwords Scams

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Riley Kilmer is co-founder of Spur.us , a company that tracks thousands of VPN and proxy networks, and helps customers identify traffic coming through these anonymity services. In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices.

Malware

Malware Passwords Accountability Advertising

IoT garage door exploit allows for remote opening attack

Malwarebytes

APRIL 6, 2023

When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

IoT

IoT Social Engineering Passwords Internet

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

JANUARY 11, 2024

This category also includes routers, switches, and Internet of Things (IoT) devices that can’t install traditional endpoint protection such as antivirus (AV) or endpoint detection and response (EDR) solutions. NGFWs can decrypt and inspect VPN traffic to monitor file exfiltration as well as detect increased and anomalous traffic.

Ransomware

Ransomware Encryption IoT VPN

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

New Mirai variant appears in the threat landscape

Security Affairs

MARCH 16, 2021

“The IoT realm remains an easily accessible target for attackers. Security experts at Palo Alto Networks disclosed a series of attacks aimed at delivering a Mirai variant leveraging multiple vulnerabilities. “The attacks are still ongoing at the time of this writing.

Wireless

Wireless IoT DNS VPN

Vulnerabilities Detected in These 9 Routers for SMBs

SecureWorld News

DECEMBER 8, 2021

IoT Inspector , a European platform for IoT security analysis, and CHIP , a German IT magazine, recently discovered an alarming number of vulnerabilities in commonly used Wi-Fi routers. IoT Inspector discusses the most common vulnerabilities found: "Some of the security issues were detected more than once.

Manufacturing

Manufacturing IoT Firmware Small Business

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

VPN

VPN Ransomware Manufacturing IoT

Security Affairs newsletter Round 286

Security Affairs

OCTOBER 18, 2020

VPN

VPN Advertising Surveillance Ransomware

A week in security (June 28 – June 4)

Malwarebytes

JULY 5, 2021

Lil’ skimmer, the Magecart impersonator What is the WireGuard VPN protocol ? Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming ? Stay safe, everyone!

Cyber Insurance

Cyber Insurance Social Engineering Scams Insurance

Cybersecurity for a Cloud-First, Work-from-Home World

CyberSecurity Insiders

FEBRUARY 16, 2021

There are risks associated with a remote workforce and the at-home use of business devices and IoT devices, but the right tools are available now to continuously manage these risks. This PC when connected, even via VPN, to the corporate network, could be a source of infection by sending malware onto the network and premises.

Cybersecurity

Cybersecurity IoT Malware Risk

ioXt Alliance Expands Certification Program for Mobile and VPN Security

CyberSecurity Insiders

APRIL 15, 2021

.–(BUSINESS WIRE)– #IoTSecurity–The ioXt Alliance, the Global Standard for IoT security, today announced that it is expanding its ioXt Compliance Program with a new mobile application profile with added requirements for virtual private network (VPN) applications.

VPN

VPN Mobile IoT Technology

Bitdefender offers mobile security to chats on messaging apps

CyberSecurity Insiders

NOVEMBER 8, 2022

However, the feature is available for a premium of $16 per year and includes a VPN access in the pay. From then, the company has been offering antivirus software, multi-cloud security, extended detection and response and anti-virus and IoT protection.

Mobile

Mobile Antivirus VPN IoT

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Threatpost

FEBRUARY 28, 2019

Cisco said that CVE-2019-1663, which has a CVSS score of 9.8, allows unauthenticated, remote attackers to execute arbitrary code.

Wireless

Wireless Firewall VPN IoT

Below The Surface Summer 2024

Security Boulevard

JULY 18, 2024

As the heat of summer continues, we continue to see increased attacks against VPN and firewall appliances and IoT devices. Welcome to the Summer 2024 edition of the Below the Surface Threat Report.

Threat Reports

Threat Reports VPN IoT Firewall

Portnox Cloud: NAC Product Review

eSecurity Planet

APRIL 19, 2023

RADIUS and TACACS+ apply to specific types of endpoints, but the ZTNA-as-a-Service product works for all kinds of devices, including Bring-Your-Own-Device (BYOD) endpoints, Internet-of-Things (IoT) devices, operations technology (OT), industrial control systems (ICS), and industrial IoT (IIoT).

IoT

IoT Authentication VPN Backups

CISA Cautions of Attacks on UPS Devices

Hacker Combat

APRIL 1, 2022

Hackers obtain access “usually through passwords and usernames that have never been changed,” the same applies to numerous Internet of Things (IoT) devices like smart-lighting structures and routers. Leaving the original credentials in IoT appliances and devices is not a new risk.

Passwords

Passwords Internet Internet Manufacturing

8 Top Unified Threat Management (UTM) Software & Hardware Vendors

eSecurity Planet

APRIL 25, 2022

IPsec and SSL virtual private networking ( VPN ). Includes intrusion prevention system (IPS), antivirus, Web filtering, content filtering, data loss prevention (DLP) , virtual private network (VPN) tunnel endpoint (SSL & IPSec), SSL inspection, and advanced threat protection. URL filtering. Web antivirus. Application control.

Software

Software Firewall VPN Antivirus

Ukrainian police dismantled a bot farm involved in multiple spam campaigns

Security Affairs

OCTOBER 3, 2019

Crooks were preserving their anonymity using VPN and TOR services. To anonymize the bot farm traffic, the operators ran connections through VPN services and the Tor network. The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. .

Cybercrime

Cybercrime VPN Advertising Accountability

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

Leaked credentials could have been used for credential stuffing attacks, which try to log into companies’ internet-connected tools such as VPN portals, HR management platforms, or corporate emails. The data was publicly accessible for 5 months, as the leak was first indexed by IoT search engines on January 31st, 2023.

Backups

Backups Manufacturing Passwords Internet

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence

Artificial Intelligence Hacking VPN Firewall

Contec SolarView: Critical Bug Unpatched After 14 MONTHS

Security Boulevard

JULY 7, 2023

PV OT: VPN PDQ! CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems. The post Contec SolarView: Critical Bug Unpatched After 14 MONTHS appeared first on Security Boulevard.

VPN

VPN IoT CISO Security Awareness

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

IoT Vulnerabilities: With the proliferation of Internet of Things (IoT) devices, the number of IoT-related cyber attacks is expected to increase by 25% in 2024. Market Size: The AI cyber security market was worth around $17.4 billion in 2022 and is expected to grow to about $102.78

Social Engineering

Social Engineering Cyber Attacks Cyber Insurance IoT

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

If you use IoT devices, create a separate network on your router for them since they aren’t always the most secure connections to the outside world. Remember, IoT devices also require updating to be as secure as possible, so check to see if all your tech (including that smart doorbell) is up to date.

Passwords

Passwords Phishing Password Management Accountability

Cybersecurity Predictions: 2023 Brings New Threats from Hybrid Working and Economic Downturn

CyberSecurity Insiders

DECEMBER 21, 2022

With hybrid work, VPN and remote access will start to become greater network-based targets. Many security professionals have emphasized the importance of asset management for IoT and other internet-connected devices. More workers have returned to the office, with hybrid work increasingly the new normal.

Cybersecurity

Cybersecurity Education Internet Internet

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Overview of IoT threats in 2023

Webinars

Trending Sources

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Webinars

Microsoft warns of BadAlloc flaws in OT, IoT devices

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Spyware in the IoT – the Biggest Privacy Threat This Year

Google One gets certified by Internet of Secure Things Alliance

FortiGate VPN Default Config Allows MitM Attacks

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

GUEST ESSAY: Here’s how Secure Access Service Edge — ‘SASE’ — can help, post Covid-19

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

A New Standard for Mobile App Security

Black Hat insights: Will Axis Security’s ZTNA solution hasten the sunsetting of VPNs, RDP?

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

New Linux Malware Surges, Surpassing Android

OpenSSH trojan campaign targets Linux systems and IoT devices

Top 5 Attack Vectors to Look Out For in 2022

Who and What is Behind the Malware Proxy Service SocksEscort?

Giving a Face to the Malware Proxy Service ‘Faceless’

IoT garage door exploit allows for remote opening attack

Why BYOD Is the Favored Ransomware Backdoor

A new Zerobot variant spreads by exploiting Apache flaws

New Mirai variant appears in the threat landscape

Vulnerabilities Detected in These 9 Routers for SMBs

Security Affairs newsletter Round 326

Security Affairs newsletter Round 286

A week in security (June 28 – June 4)

Cybersecurity for a Cloud-First, Work-from-Home World

ioXt Alliance Expands Certification Program for Mobile and VPN Security

Bitdefender offers mobile security to chats on messaging apps

Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers

Below The Surface Summer 2024

Portnox Cloud: NAC Product Review

CISA Cautions of Attacks on UPS Devices

8 Top Unified Threat Management (UTM) Software & Hardware Vendors

Ukrainian police dismantled a bot farm involved in multiple spam campaigns

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Contec SolarView: Critical Bug Unpatched After 14 MONTHS

Daixin Team targets health organizations with ransomware, US agencies warn

26 Cyber Security Stats Every User Should Be Aware Of in 2024

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Cybersecurity Predictions: 2023 Brings New Threats from Hybrid Working and Economic Downturn

Stay Connected