Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. ” Dedserver also heavily promoted a virtual private networking (VPN) service called vpn-service[.]us

Ransomware 277

Ransomware Accountability Cybercrime Passwords 277

Security Affairs

MARCH 5, 2025

Microsoft has notified affected customers and is raising awareness to help mitigate Silk Typhoons threats, offering guidance to disrupt their operations and enhance security defenses. In January 2025, they exploited a zero-day in Ivanti Pulse Connect VPN ( CVE-2025-0282 ).

Energy and Utilities 61

Energy and Utilities Passwords VPN Healthcare 61

eSecurity Planet

FEBRUARY 19, 2024

The problem: Researchers at cybersecurity company Truesec uncovered data that indicated Akira ransomware might be exploiting an old vulnerability within Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Enabling logging.

VPN 113

VPN DNS Ransomware Software 113

eSecurity Planet

SEPTEMBER 5, 2023

Unpatched devices can give attackers privileged access to networks, particularly those set up as VPN virtual servers, ICA proxies, RDP proxies, or AAA servers. It is suspected that the Akira ransomware organization used an undisclosed weakness in Cisco VPN software to evade authentication. MFA should be enabled for all VPN users.

VPN 104

VPN Authentication Ransomware Antivirus 104

eSecurity Planet

JANUARY 11, 2024

Basic VPN and IPS focus on the connections between internal resources and external threats, which ignores network devices or trusted VPN connections. NGFWs can decrypt and inspect VPN traffic to monitor file exfiltration as well as detect increased and anomalous traffic.

Ransomware 123

Ransomware Encryption IoT VPN 123

eSecurity Planet

JUNE 3, 2024

May 28, 2024 Check Point VPN Zero-Day Vulnerability Requires Hotfix Type of attack: Information disclosure zero-day. The problem: Recently discovered zero-day CVE-2024-24919 affects Check Point virtual private network (VPN) products.

VPN 109

VPN Authentication Passwords Software 109

eSecurity Planet

FEBRUARY 12, 2024

February 8, 2024 FortiOS Sees Critical Vulnerability in SSL VPN Functionality Type of vulnerability: Arbitrary code execution by an unauthenticated user. The problem: Fortinet disclosed a vulnerability in its SSL VPN feature within FortiOS, the operating system that manages its next-generation firewall products. Connect Secure 9.1R17.3

VPN 109

VPN Authentication Software Firewall 109

eSecurity Planet

AUGUST 21, 2023

Note that not all of these venues are inherently or perfectly secure — they have vulnerabilities and require additional protective measures. Even VPN, while marketed as a security tool, has weaknesses of its own. Why Is Securing Access for Remote Workers So Important? Read more about the different types of remote access.

VPN 98

VPN Passwords Software Technology 98

eSecurity Planet

AUGUST 28, 2023

August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools. Sophos researchers first flagged this in May, and another researcher later noted that multiple other Cisco VPN instances had been compromised.

VPN 98

VPN Authentication Mobile Firewall 98

eSecurity Planet

APRIL 15, 2024

Threats range from severe weaknesses in Ivanti’s VPN appliances to zero-day exploits in popular software such as Palo Alto Networks’ PAN-OS and Telegram’s Windows client. Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users’ data security.

Firewall 109

Firewall VPN Software Risk 109

eSecurity Planet

AUGUST 28, 2023

August 24, 2023 Akira ransomware targeting Cisco, but MFA helps Akira ransomware groups have been exploiting Cisco’s virtual private network ( VPN ) tools. Sophos researchers first flagged this in May, and another researcher later noted that multiple other Cisco VPN instances had been compromised.

VPN 95

VPN Authentication Mobile Firewall 95

eSecurity Planet

JANUARY 29, 2024

Each user also has access to a free VPN to use when connecting to public Wi-Fi, and an Identity Dashboard that scans the dark web for potential fraud. These include a free premium personal or family plan for each user, with a Smart Spaces feature that keeps personal information separate from work accounts.

Password Management 109

Password Management Passwords Authentication Accountability 109

eSecurity Planet

AUGUST 23, 2021

Historically, ransomware has been delivered via email attachments or, more recently, using direct network access obtained through things like unsecure VPN accounts for software vulnerabilities,” Crane Hassold, director of threat intelligence at Abnormal Security, wrote in a blog post.

Ransomware 127

Ransomware Social Engineering Engineering VPN 127

Security Affairs

APRIL 10, 2023

Both groups used MULLVAD VPN. The attackers were able to interfere with security tools using Group Policy Objects (GPO). Once bypassed the security defenses, the attackers deployed the ransomware payload in the NETLOGON shares on several domain controllers. DEV-1084 used Rport and a customized version of Ligolo.

Ransomware 98

Ransomware Cybercrime VPN Education 98

eSecurity Planet

JANUARY 22, 2024

To exploit CVE-2023-6549, an attacker must find an appliance that’s configured as a gateway, such as a VPN virtual server, or it must be configured as an AAA virtual server. Ivanti received a mention in last week’s recap , too, for its Connect Secure VPN and Policy Secure zero-days. and later releases of 13.1

Authentication 113

Authentication Malware VPN Mobile 113

eSecurity Planet

SEPTEMBER 3, 2024

It includes Hotspot Shield VPN, which enhances your online privacy. While Hotspot Shield may not be the top VPN on the market, it provides satisfactory performance, with download speeds of 95% in Australia and 92% in the US. This ensures that your online activities remain secure without compromising on speed.

Password Management 104

Password Management Passwords Encryption VPN 104

eSecurity Planet

AUGUST 9, 2023

Getting Vulnerability Protection Right Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. “The CVE is only rated as Important and the CVSS v3.1 score is 7.5, Read next: What is Patch Management?

VPN 98

VPN Security Defenses Cybersecurity Engineering 98

eSecurity Planet

SEPTEMBER 25, 2023

Remote users can access the SASE environment using the VMware SD-WAN Client agent which creates virtual private network (VPN) connections to the VMware SASE solution instead of backhauled connections through corporate IT infrastructure. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

VPN 98

VPN Software Technology Artificial Intelligence 98

Security Affairs

AUGUST 5, 2020

In many cases, users rely on features disabled by such mitigations, making such safeguards impractical.

Risk 111

Risk Wireless Mobile Advertising 111

eSecurity Planet

JUNE 21, 2024

VPN integration: Secures surfing sessions by combining VPN with a password manager, for private, anonymous browsing and secure connections over public WiFi. Keeper offers a wide-range of add-ons, including optional privileged access control software to improve security.

Password Management 103

Password Management Passwords Encryption VPN 103

eSecurity Planet

FEBRUARY 23, 2024

ALGs enhance NGFWs by performing deep packet inspection at the application layer, offering precise control over application protocols and increasing overall security posture. VPN Users can integrate ALGs and VPNs by setting up ALGs to inspect and manage traffic passing via the VPN tunnel at the application layer.

Firewall 104

Firewall VPN Network Security Architecture 104

eSecurity Planet

SEPTEMBER 26, 2023

Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy.

Firewall 98

Firewall VPN Malware Internet 98

eSecurity Planet

MAY 28, 2024

Some organizations use virtual private networks (VPNs) to pull remote user access within the network, but these solutions cause huge bottlenecks and some users will bypass the VPN to access software-as-a-service (SaaS) and third-party websites.

VPN 62

VPN Firewall Architecture Network Security 62

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 119

Authentication VPN Software DDOS 119

eSecurity Planet

SEPTEMBER 24, 2024

5 PC Matic is an endpoint and application security provider for basic antivirus and device protection. It offers features like virtual private network (VPN) security for Wi-Fi, ad blocking, and endpoint scans. for 5 devices • Norton 360 with LifeLock: $79.99 5 Pricing: 3.5/5 5 Core features: 3.9/5 5 Customer support: 3.3/5

Antivirus 62

Antivirus VPN Firewall Password Management 62

eSecurity Planet

AUGUST 22, 2023

You build a strong barrier against unwanted access attempts by demanding extra kinds of identification, such as a security token or biometric information. Secure Virtual Private Network (VPN) Use: VPNs are used to protect communication between distant devices and your corporate network.

Passwords 97

Passwords Authentication Encryption VPN 97

CyberSecurity Insiders

JANUARY 19, 2023

This can occur due to data leakage through faulty apps or systems, by laptops or portable storage devices being lost, by malicious actors breaking through security defenses, by social engineering attacks, or by data being intercepted in man-in-the-middle attacks. Sometimes, despite all efforts to the contrary, data can be compromised.

Encryption 102

Encryption Internet Internet Social Engineering 102

eSecurity Planet

MAY 20, 2024

It’s also possible that your VPN app will automatically disable the VPN once your device connects to a supposedly trusted Wi-Fi network, according to the researchers at Top10VPN. Use always-active VPN connections and never reuse the same credentials for an SSID.

VPN 62

VPN Firmware Malware Software 62

eSecurity Planet

OCTOBER 10, 2024

Norton 360 Deluxe Norton 360 Deluxe is a well-regarded choice among Mac users, offering an all-in-one security suite that combines anti-malware protection with additional features like a VPN and password manager. While primarily focused on Mac security, it may lack some extensive features in more comprehensive suites like VPN services.

Software 62

Software Malware Antivirus Spyware 62

eSecurity Planet

AUGUST 11, 2023

SASE provides an edge security solution that addresses these challenges without the bottlenecks of traditional virtual private network (VPN) solutions. Bottom Line: Implement SASE to Improve Security and Operations Sprawling organizations with many cloud-based or remote resources will greatly benefit by adopting SASE solutions.

Firewall 104

Firewall IoT Technology Internet 104

eSecurity Planet

MARCH 11, 2024

According to Cisco , after exploiting the Secure Client vulnerability, an attacker could execute arbitrary code or access sensitive data in the browser, like valid SAML tokens. Whichever user’s privileges the attacker has exploited could then be used to create a remote access VPN session. LTS) 8.5.5 (LTS) Data Center Only) 8.7.1

Authentication 109

Authentication Software VPN Security Defenses 109

eSecurity Planet

JANUARY 16, 2024

The problem: Ivanti announced two vulnerabilities that affect Ivanti Connect Secure VPN and Ivanti Policy Secure products. Affected versions include: Junos OS versions earlier than 20.4R3-S9 Junos OS 21.2 versions earlier than 21.2R3-S7 Junos OS 21.3 versions earlier than 21.3R3-S5 Junos OS 21.4 Versions 9.x

Firewall 109

Firewall Firmware IoT Authentication 109

eSecurity Planet

FEBRUARY 16, 2024

In November 2021, the FBI disclosed a FatPipe VPN exploit that enabled backdoor access via web shells. Want to strengthen your organization’s digital defenses? Read the common types of network security solutions next. Using web shells, they attacked weak internet servers, specifically a Houston port.

Internet 113

Internet Internet Network Security Cybersecurity 113

eSecurity Planet

MARCH 4, 2024

February 29, 2024 Factory Resets of Ivanti VPN Appliances Don’t Remove Hacker Presence Type of vulnerability: Persistent unauthenticated user resource access. Consider how managed detection and response (MDR) can help locate potential compromises, stop attacks, and help remediate systems.

IoT 117

IoT Internet Internet Ransomware 117

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

Help telecommuting employees : Given the rise of mobile and the cloud, organizations would do themselves a great disservice if they exclude telecommuting employees from their security training programs. Through these initiatives, security personnel should make sure that this remote workforce has everything it needs to work securely.

Security Awareness 83

Security Awareness InfoSec Passwords Accountability 83

SiteLock

AUGUST 27, 2021

Remote workers should only access your system and teleconferences via secure connections such as a company VPN, while avoiding public Wi-Fi and unapproved conferencing applications. Remind your employees of security best practices.

Security Awareness 98

Security Awareness Passwords Phishing Scams 98

eSecurity Planet

AUGUST 15, 2023

Cloud-based NaaS deployments can easily scale and are used to replace load balancers, firewall appliances, and virtual private network (VPN) solutions. Get the Free Cybersecurity Newsletter Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Risk 98

Risk Firewall IoT Retail 98