Tag: vpn
-
Chinese Espionage Group Targeting Legacy Ivanti VPN Devices
by
in SecurityNewsMore Evidence Surfaces of Chinese Hackers Targeting Ivanti Products. A suspected Chinese cyberespionage operation is behind a spate of malware left on VPN appliances made by Ivanti. The threat actor used a critical security vulnerability the Utah company patched in February. We are aware of a limited number of customers whose appliances have been exploited.…
-
CISA Urges Patching For ‘Critical’ Ivanti VPN Flaw Exploited In Attacks
by
in SecurityNewsExploitation of a critical-severity Ivanti Connect Secure vulnerability prompted CISA to issue an advisory Friday, urging organizations to implement patches to fix the issue. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-urges-patching-for-critical-ivanti-vpn-flaw-exploited-in-attacks
-
Chinese Hackers Exploit Ivanti VPN Vulnerability to Deliver Malware Payloads
by
in SecurityNewsIvanti disclosed a critical security vulnerability, CVE-2025-22457, affecting its Connect Secure (ICS) VPN appliances, particularly versions 22.7R2.5 and earlier. This buffer overflow vulnerability enables attackers to achieve remote code execution when exploited successfully. Security researchers from Mandiant and Ivanti have confirmed active exploitation of this vulnerability in the wild, targeting ICS 9.X (end-of-life) and earlier…
-
Privilegierte Zugänge werden zum Sicherheitsrisiko
by
in SecurityNews
Tags: access, ai, api, apple, authentication, best-practice, cisco, cloud, cyber, cyberattack, dark-web, hacker, mail, malware, mfa, microsoft, password, phishing, ransomware, risk, service, tool, vpn, vulnerabilityKriminelle bevorzugen Phishing als Erstzugriffsmethode und nutzen legale Tools für unauffällige Angriffe auf sensible Systeme, wie eine aktuelle Studie herausfand.Der Missbrauch legitimer privilegierter Zugänge (legitimate privileged access) nimmt zu . Wie der Cisco Talos’ Jahresrückblick 2024 herausfand, nutzten Angreifer immer öfter gestohlene Identitäten für ihre Attacken, darunter auch Ransomware-Erpressungen. Dafür missbrauchen die HackerAnmeldedaten,Tokens,API-Schlüssel undZertifikate.Angriffe dieser…
-
CVE-2025-22457: Critical Ivanti Connect Secure Vulnerability
by
in SecurityNewsSummary On April 3, 2025, Ivanti disclosed CVE-2025-22457 that impacts Ivanti Connect Secure VPN appliances, PulseConnect Secure(end of service), Ivanti Policy Secure, and ZTA Gateways. First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/04/cve-2025-22457-critical-ivanti-connect-secure-vulnerability/
-
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
by
in SecurityNewsOpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to crash servers and potentially execute remote code under certain conditions. The flaw, identified as CVE-2025-2704, affects OpenVPN servers using specific configurations and has been addressed in the newly released version OpenVPN 2.6.14. CVE-2025-2704: Overview The vulnerability is…
-
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
by
in SecurityNewsA suspected Chinese APT group has exploited CVE-2025-22457 a buffer overflow bug that was previously thought not to be exploitable to compromise appliances … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
by
in SecurityNewsIvanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
-
App Stores OK’ed VPNs Run by China PLA
by
in SecurityNewsBad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN apps”, with over a million downloads. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/app-stores-oked-vpns-run-by-china-pla/
-
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS
by
in SecurityNewsCisco has disclosed a significant vulnerability in itsAnyConnect VPN Serverfor Meraki MX and Z Series devices, allowing authenticated attackers to triggerdenial-of-service (DoS)conditions. The flaw (CVE-2025-20212) stems from an uninitialized variable during SSL VPN session establishment and affects over 20 hardware models across enterprise networks. Vulnerability Overview Exploiting this bug requires valid VPN credentials. Attackers can…
-
Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks
by
in SecurityNewsOver the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/perimeter/scans-pan-globalprotect-vpns-attacks
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
by
in SecurityNewsCISA Publishes Anatomy of Advanced Ivanti VPN Malware. Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881
-
Novel technique can unmask up to 70% of crooks hiding behind VPNs, proxies, Tor
by
in SecurityNews
Tags: vpnFirst seen on scworld.com Jump to article: www.scworld.com/feature/novel-technique-can-unmask-up-to-70-of-crooks-hiding-behind-vpns-proxies-tor
-
Vivaldi integrates Proton VPN into the browser to fight web tracking
by
in SecurityNewsVivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against ‘Big Tech’ surveillance for free. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/vivaldi-integrates-proton-vpn-into-the-browser-to-fight-web-tracking/
-
Die 10 häufigsten IT-Sicherheitsfehler
by
in SecurityNewsVon ungepatchten Sicherheitslücken bis hin zu unzureichenden Backups: Lesen Sie, wie sich die häufigsten IT-Sicherheitsfehler vermeiden lassen. Verschlüsselte Dateien und eine Textdatei mit einer Erpresser-Nachricht zeigen klar und deutlich: Ein Unternehmen ist einer Cyberattacke zum Opfer gefallen. Dabei ist das nur das Ende einer langen Angriffskette. Die Tätergruppe bewegt sich oft seit mehreren Wochen oder Monaten…
-
Zunehmende Angriffe auf Fernzugriffstechnologien – Schwachstelle VPN
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/schwachstelle-vpn-a-b67f1e061c24505a66e5dd749d4ef4ca/
-
Cloak ransomware group hacked the Virginia Attorney General’s Office
by
in SecurityNewsThe Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN,…
-
New Arcane Stealer Spreads via YouTube, Stealing VPN and Browser Login Credentials
by
in SecurityNewsA new malware campaign has been uncovered, involving a sophisticated stealer known as Arcane, which is distributed through YouTube videos promoting game cheats. This campaign highlights the evolving tactics of cybercriminals, who continue to exploit popular platforms to spread malware. The Arcane stealer is notable for its extensive data collection capabilities, targeting a wide range…
-
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.”What’s intriguing about this malware is how much it collects,” Kaspersky said in an analysis. “It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla,…
-
Automatisierte Angriffe: BlackBasta setzt auf <>
by
in SecurityNewsDie Ransomware-Gruppierung BlackBasta hat ein mächtiges Tool zur Automatisierung von Brute-Force-Angriffen auf Edge-Netzwerkgeräte wie Firewalls und VPNs entwickelt. Das Framework mit dem Namen “BRUTED” erlaubt es den Angreifern, gezielt Zugangsdaten zu knacken und so Ransomware-Attacken auf verwundbare Netzwerke zu skalieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/automatisierte-angriffe-blackbasta-setzt-auf-bruted
-
TotalAV vs Surfshark VPN: Features Comparison Guide
by
in SecurityNewsWhen comparing VPN software, consider server locations, ease of use, device compatibility, and more. Check out our TotalAV vs Surfshark guide here. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/totalav-vs-surfshark-vpn/
-
Black Basta uses brute-forcing tool to attack edge devices
by
in SecurityNewsThe ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/black-basta-uses-brute-forcing-tool-to-attack-edge-devices/742672/
-
AI development pipeline attacks expand CISOs’ software supply chain risk
by
in SecurityNews
Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerabilitydevelopment pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
-
Report on ransomware attacks on Fortinet firewalls also reveals possible defenses
by
in SecurityNews
Tags: access, attack, authentication, automation, backdoor, backup, ciso, control, credentials, cve, cybercrime, data, data-breach, defense, exploit, firewall, fortinet, group, infrastructure, Internet, lockbit, malicious, monitoring, network, password, radius, ransom, ransomware, risk, router, tactics, threat, tool, update, vpn, vulnerability, windowsSigns of intrusion: “This actor exhibits a distinct operational signature that blends elements of opportunistic attacks with ties to the LockBit ecosystem,” Forescout said in its analysis.”Mora_001’s relationship to the broader Lockbit’s ransomware operations underscores the increased complexity of the modern ransomware landscape where specialized teams collaborate to leverage complementary capabilities.”CISOs should note these consistent…
-
Ransomware gang creates tool to automate VPN brute-force attacks
by
in SecurityNewsThe Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/