Network Security


NEWS 
  • BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

    May 12, 2022

    A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device. The malware does not need to open ports, it can’t ...

  • It costs just $7 to rent DCRat to backdoor your network

    May 9, 2022

    A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, ...

  • Exploits created for critical F5 BIG-IP flaw – install patch immediately

    May 8, 2022

    Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote ...

  • F5 Releases Security Advisories Addressing Multiple Vulnerabilities

    May 4, 2022

    F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system. CISA encourages users and administrators to review the ...

  • Indian government wants VPNs to store and share user data

    May 4, 2022

    A new directive from the Ministry of Electronics and Information Technology (MeitY) and the Indian Computer Emergency Response Team (CERT-in) requires VPN companies to retain data on users for 5 years or more. The rule also applies to data centres and cryptocurrency exchanges and will come into effect from July 27. According to a new directive, ...

  • Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

    May 3, 2022

    Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet ...

  • Ransomware: How Attackers are Breaching Corporate Networks

    April 30, 2022

    Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most frequently employed tools, tactics, and procedures (TTPs) organizations can gain a deeper understanding into how ransomware groups infiltrate networks and use this knowledge ...

  • NATO enters final phase of project to refresh cyber security technology

    April 24, 2022

    The NCI Agency announced earlier this year that experts had successfully collaborated with industry partners to upgrade the central management of two cyber security systems: the Network Intrusion Protection/Detection System (NIPS) and Full Packet Capture (FPC) system. This contract award begins the next and final phase of the project, where Atos will replace NIPS and ...

  • Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

    April 19, 2022

    Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...

  • DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

    April 6, 2022

    The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had over a global botnet of thousands of infected devices. The Cyclops Blink Malware specifically targeted WatchGuard ...

  • Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug

    April 6, 2022

    American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched ...

  • Bank had no firewall license, intrusion or phishing protection – guess the rest

    April 5, 2022

    An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 ...

  • Zyxel urges customers to patch critical firewall bypass vulnerability

    April 1, 2022

    Zyxel is urging customers to immediately patch a critical vulnerability in the vendor’s firewall software. In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. Tracked as CVE-2022-0342 and issued a critical severity ...

  • Sophos patches critical remote code execution vulnerability in Firewall

    March 28, 2022

    Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line. Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity. Read more… Source: ...

  • Cyclops Blink Sets Sights on Asus Routers

    March 18, 2022

    Cyclops Blink, an advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group, has recently been used to target WatchGuard Firebox devices according to an analysis performed by the UK’s National Cyber Security Centre (NCSC). Trend Micro researchers acquired a variant of the Cyclops Blink malware family that ...

  • ISC Releases Security Advisories for BIND

    March 17, 2022

    The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds. CVE-2021-25220 CVE-2022-0396 CVE-2022-0635 CVE-2022-0667 Read more… Source: U.S. Cybersecurity and ...

  • CISA: Strengthening Cybersecurity of SATCOM Network Providers and Customers

    March 17, 2022

    CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments. In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides ...

  • Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device

    March 7, 2022

    Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, researchers decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and CVE-2021-21745 — to show how they could be chained together by an ...

  • National Security Agency Cybersecurity Technical Report: Network Infrastructure Security Guidance

    March 4, 2022

    Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network. All networks are at risk of compromise, especially if devices are not properly ...

  • NATO Cyber Security Centre experiments with secure network capable of withstanding attack by quantum computers

    March 2, 2022

    Scientists have predicted that quantum computers will one day be able to break some commonly used encryption methods. That’s why NATO and Allies are already testing post-quantum solutions. The NATO Cyber Security Centre (NCSC) has successfully tested secure communication flows in a post-quantum world using a Virtual Private Network (VPN) provided by the United Kingdom-based company Post-Quantum. ...