- Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
January 2, 2021
More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel.
The backdoor account, discovered by a team of Dutch security researchers from Eye Control, is considered as bad as it gets ...
- The History of DNS Vulnerabilities and the Cloud
December 28, 2020
Every now and then, a new domain name system (DNS) vulnerability that puts billions of devices around the world at risk is discovered. DNS vulnerabilities are usually critical. Just imagine that you browse to your bank account website, but instead of returning the IP address of your bank website, your DNS resolver gives you the ...
- Law enforcement take down three bulletproof VPN providers
December 22, 2020
Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims.
The three services were active at insorg.org , and safe-inet.net before the domains were seized ...
- Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
December 21, 2020
On Dec. 4, 2020, the Kubernetes Product Security Committee disclosed a new Kubernetes vulnerability assigned CVE-2020-8554. It is a medium severity issue affecting all Kubernetes versions and is currently unpatched. CVE-2020-8554 is a design flaw that allows Kubernetes Services to intercept cluster traffic to any IP address. Users who can manage services can exploit the ...
- The story of the year: remote work
December 10, 2020
The coronavirus pandemic has caused sudden, sweeping change around the world. The necessary social distancing measures are having an impact on all of us. One large part of society that has been affected by these measures more than others is the employed. While direct customer facing businesses like restaurants and retailers have had to change ...
- Chinese Breakthrough in Quantum Computing a Warning for Security Teams
December 7, 2020
China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to facing a threat more formidable than anything before.
Researchers from the University of Science ...
- Kazakhstan government is intercepting HTTPS traffic in its capital
December 6, 2020
Under the guise of a “cybersecurity exercise,” the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services.
Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users’ devices via a technique ...
- Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild
November 18, 2020
The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more.
Hackers have been sounding alarms about this ...
- High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
November 11, 2020
A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers (ASR).
The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS). The OS powers the Cisco ASR 9000 series, which are fully distributed routers engineered to address massive surges ...
- Cisco warns of attacks targeting high severity router vulnerability
October 20, 2020
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software.
The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.
Source: Bleeping Computer
- 800,000 SonicWall VPNs vulnerable to new remote code execution bug
October 16, 2020
Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday.
Discovered by the Tripwire VERT security team, CVE-2020-5135 impacts SonicOS, the operating system running on SonicWall Network Security Appliance (NSA) devices.
SonicWall NSAs are used as firewalls and SSL VPN portals to filter, control, ...
- Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability
October 14, 2020
Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages ...
- Hacker groups chain VPN and Windows bugs to attack US government networks
October 12, 2020
Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday.
Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been ...
- Safe and Smart Connections: Securing IoT Networks for Remote Setups
October 7, 2020
On the topic of securing the internet of things (IoT), setups focus typically on the “things” or devices available on the market today. However, while there is no denying that connected devices introduce security challenges, the network (in its role of creating a secure IoT environment) is of equal importance.
During this period of work-from-home (WFH) ...
- Why Web Browser Padlocks Shouldn’t Be Trusted
September 29, 2020
For years, Apple, Firefox, Google and Microsoft relentlessly made the point that in order to avoid rogue sites you must make sure your browser “padlock” is either locked, green or is otherwise indicating a site as being “secure.” Now, cybersecurity firms are stressing that those padlocks are not enough.
“You must look beyond the lock,” said ...
- WHY IT IS IMPORTANT TO USE PROFESSIONAL ANTI-DDoS SOLUTIONS
September 28, 2020
DDoS attacks have become the most common and affordable cyber weapon (the cost of launching an efficient DDoS attack may start from $50 per day). Thus, a DDoS attack is a simple way to cause damage that can have long-term consequences. During an attack, the targeted websites or services become unavailable. As a result, ...
- Mozi Botnet Accounts for Majority of IoT Traffic
September 17, 2020
The Mozi botnet, a peer-2-peer (P2P) malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things (IoT) devices, according to researchers.
IBM X-Force noticed Mozi’s spike within it’s telemetry, amid a huge increase in overall ...
- Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits
September 15, 2020
From May 1-July 21, 2020, Unit 42 researchers captured global network traffic from firewalls around the world and then analyzed the data to examine the latest network attack trends. The majority of attacks we observed were classified as high severity (56.7%), and nearly one quarter (23%) were classified as critical. The most common vulnerabilities exploited ...
- Upgraded Agent Tesla malware steals passwords from browsers, VPNs
August 10, 2020
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
Agent Tesla is a commercially available .Net-based infostealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014.
This malware is ...
- Cisco alert: Four high-severity flaws in routers, switches and AnyConnect VPN for Windows
August 6, 2020
Cisco is urging customers to update small business switches, its DNA Center software, routers with its StarOS software, and its AnyConnect Secure Mobility VPN client for Windows.
Cisco has disclosed a bug in the IPv6 packet processing engine of several Cisco Small Business Smart and Managed Switches that could allow a remote attacker without credentials to ...