Tag: vpn

Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks

May 21, 2025 11:54 PM

Tags: attack, exploit, ivanti, threat, vpn, vulnerability, zero-day

Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ivanti-epmm-exploitation-previous-zero-day-attacks
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

May 21, 2025 9:55 PM

Tags: cyber, email, exploit, hacker, intelligence, military, russia, service, spy, technology, threat, ukraine, vpn, vulnerability

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit…
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

May 21, 2025 5:55 PM

Tags: ai, browser, chrome, crypto, data, fortinet, google, malicious, tool, vpn

A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
Threat intelligence platform buyer’s guide: Top vendors, selection advice

May 21, 2025 8:54 AM

Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
QuickConnect als VPN-Alternative – Sicher von unterwegs auf das eigene Synology-NAS zugreifen

May 20, 2025 11:54 AM

Tags: vpn

First seen on security-insider.de Jump to article: www.security-insider.de/synology-nas-quickconnect-statt-vpn-fernzugriff-a-e7c2055199a8a4380ead1a7b7b15b2d1/
Passwortfreie Authentifizierung: So gelingt der Umstieg auf PKI

May 19, 2025 6:54 AM

Tags: access, authentication, bug, cyberattack, Hardware, infrastructure, mail, mfa, nis-2, password, phishing, ransomware, service, vpn

Die zertifikatsbasierte Authentifizierung mit PKI erfolgt via physischen Token statt Passwort.Die Bedrohungslage im Cyberraum verschärft sich stetig. Immer mehr Unternehmen sind mit Angriffen konfrontiert von Phishing-Kampagnen bis hin zu Ransomware-Attacken. Zudem verlangen Gesetzgeber mit Vorschriften wie NIS-2 ein hohes Maß an Sicherheit und Nachvollziehbarkeit der Authentifizierung. Herkömmliche Methoden wie Passwörter oder SMS-TANs sind den steigenden…
VPN Secure parent company CEO explains why he had to axe thousands of ‘lifetime’ deals

May 14, 2025 4:38 PM

Tags: ceo, vpn

Admits due diligence fell short – furious users cry ‘gaslighting’ First seen on theregister.com Jump to article: www.theregister.com/2025/05/14/vpn_secure_axe_lifetime_deals/
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

May 13, 2025 5:38 PM

Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-day

Executive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
Product showcase: Go beyond VPNs and Tor with NymVPN

May 13, 2025 3:38 PM

Tags: privacy, vpn

If you care about online privacy, you probably already know: Centralized VPNs and even Tor aren’t enough anymore. Traditional VPNs require you to trust a single company with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/13/product-showcase-nymvpn/
Nutzer verärgert: VPN-Anbieter kündigt unerwartet alle Lifetime-Zugänge

May 13, 2025 1:38 PM

Tags: vpn

Einige Nutzer hatten vor Jahren lebenslange Zugänge für VPNSecure gebucht. Diese sind nach einer Übernahme des VPN-Anbieters nun alle gekündigt worden. First seen on golem.de Jump to article: www.golem.de/news/nutzer-veraergert-vpn-anbieter-kuendigt-unerwartet-alle-lifetime-zugaenge-2505-196144.html
Six Ways Exposure Management Helps You Get Your Arms Around Your Security Tools

May 12, 2025 8:10 PM

Tags: access, api, application-security, attack, authentication, breach, business, cloud, control, cyber, cybersecurity, data, data-breach, detection, endpoint, exploit, firewall, framework, identity, infrastructure, intelligence, mfa, microsoft, mitigation, mitre, network, okta, risk, router, saas, service, software, strategy, threat, tool, unauthorized, vpn, vulnerability, vulnerability-management

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, the second of two parts, we look closely at six ways exposure management can help you tame security tool sprawl. You can read part one here and the entire Exposure…
IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

May 8, 2025 7:10 PM

Tags: attack, cve, cyber, data-breach, flaw, linux, macOS, risk, service, software, vpn, vulnerability, windows

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux, and macOS systems to local privilege escalation attacks, enabling non-privileged users to gain root or SYSTEM-level access. Designated as CVE-2025-26168 and CVE-2025-26169, these flaws affect versions 1.4.3 and earlier of the software, posing severe risks to industrial, enterprise, and managed service…
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

May 8, 2025 6:10 PM

Tags: access, cve, flaw, mobile, vpn, vulnerability

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.The vulnerabilities are listed below -CVE-2025-32819 (CVSS score: 8.8) – A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks…
Business Owners: Here’s Why a VPN Isn’t Optional Anymore

May 8, 2025 3:10 PM

Tags: business, data, malware, vpn

Protect 10 team members’ browsing, block malware, and secure sensitive data with this easy-to-use VPN sub. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/ipro-vpn-3-year-subscription/
SonicWall urges admins to patch VPN flaw exploited in attacks

May 8, 2025 2:10 PM

Tags: access, attack, exploit, flaw, mobile, update, vpn, vulnerability

SonicWall has urged its customers to patch three security vulnerabilities affecting its Secure Mobile Access (SMA) appliances, one of them tagged as exploited in attacks First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/
Stealth Is the Strategy: Rethinking Infrastructure Defense

May 6, 2025 8:50 PM

Tags: access, ai, attack, breach, cisco, cloud, cybersecurity, data, defense, edr, endpoint, espionage, exploit, finance, firewall, gartner, google, group, infrastructure, injection, ivanti, malicious, monitoring, network, resilience, risk, strategy, technology, threat, tool, vpn, vulnerability, zero-day, zero-trust
Mozilla VPN Review (2025): Features, Pricing, and Security

May 6, 2025 2:50 PM

Tags: network, vpn

Mozilla VPN’s fast performance may not be enough to make up for its small server network and lack of features. Learn more about it in our full review below. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/mozilla-vpn-review/
Warning issued to retailers’ CISOs worldwide after three attacks in UK

May 5, 2025 11:50 PM

Tags: access, attack, authentication, ciso, cloud, credentials, defense, detection, intelligence, login, mfa, microsoft, monitoring, network, password, resilience, service, tactics, threat, unauthorized, vpn

Advice to CISOs: In its weekend post, the UK’s NCSC said, “Preparation and resilience does not mean just having good defenses to keep out attackers. No matter how good your defenses are, sometimes the attacker will be successful. It also means detecting threat actors when they are using your employees’ legitimate access (or are on…
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

May 3, 2025 1:50 PM

Tags: access, cyber, espionage, flaw, group, hacker, infrastructure, iran, malware, middle-east, network, threat, vpn

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent…
The Top 7 Enterprise VPN Solutions

May 2, 2025 11:50 AM

Tags: vpn

Enterprise VPN solutions are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about seven viable choices for businesses. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/top-enterprise-vpns/
SonicWall Flags New Wave of VPN Exploits Targeting SMA Devices

May 1, 2025 10:50 PM

Tags: exploit, vpn

First seen on scworld.com Jump to article: www.scworld.com/brief/sonicwall-flags-new-wave-of-vpn-exploits-targeting-sma-devices
Co-op instructs staff to be wary of lurking hackers

May 1, 2025 8:50 PM

Tags: attack, communications, cyber, hacker, vpn

Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623309/Co-op-instructs-staff-to-be-wary-of-lurking-hackers
SonicWall warns of more VPN flaws exploited in attacks

May 1, 2025 4:50 PM

Tags: access, attack, cybersecurity, exploit, flaw, mobile, vpn, vulnerability

Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sma100-vpn-vulnerabilities-now-exploited-in-attacks/
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

May 1, 2025 9:50 AM

Tags: access, cve, exploit, flaw, mobile, vpn, vulnerability

SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild.The vulnerabilities in question are listed below -CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to First seen…
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency

Apr 30, 2025 11:50 PM

Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerability

Targeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks

Apr 30, 2025 7:50 PM

Tags: access, attack, cybersecurity, exploit, mobile, vpn, vulnerability

Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sma100-vpn-vulnerabilities-now-exploited-in-attacks/
Enterprise-specific zero-day exploits on the rise, Google warns

Apr 29, 2025 5:52 PM

Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-day

Surge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
The 5 Best VPNs for Amazon Fire Stick in 2025

Apr 29, 2025 4:51 PM

Tags: vpn

Check out TechRepublic’s list of top Amazon Fire Stick VPNs for safe streaming in 2025. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/best-vpn-amazon-fire-stick/
News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense

Apr 29, 2025 5:51 AM

Tags: defense, privacy, service, vpn

Toronto, Canada, Apr. 28, 2025, CyberNewswire, Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/news-alert-case-dismissed-against-vpn-executive-affirms-no-logs-policy-as-a-valid-legal-defense/
Ivanti VPNs See Major Surge in Scanning Activity

Apr 28, 2025 9:52 PM

Tags: ivanti, vpn

First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-vpns-see-major-surge-in-scanning-activity