EUVD-2015-1701

Malware in sbrugna...

Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally

Millions of devices, including home routers, VPN servers, and CDNs are vulnerable to exploitation due to critical flaws…...

Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

The threat actors behind the Vidar malware have made changes to their backend infrastructure, indicating attempts to retool and conceal their online trail in response to public disclosures about their modus operandi. "Vidar threat actors continue to rotate their backend IP infrastructure, favorin...

US agencies issue warning about DAIXIN Team ransomware

The FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of Health and Human Services HHS have issued a joint advisory about DAIXIN Team, a fledgling ransomware and data exfiltration group that has been targeting US healthcare. First spotted in June 2022, the DAIXIN Team...

US healthcare organizations targeted by Daixin Team ransomware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Daixin Team ransomware, and data extortion group has been gaining initial access to victims through virtual private networks VPN servers since June 2022, either by exploiting an unpatched vulnerability in...

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment. The...

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...

Iranian APT group hacking VPN servers for “Fox Kitten Campaign”

By Waqas An Iranian APT group ran a hacking campaign to hack VPN servers and install backdoors or bugs to access networks of firms across the globe. This is a post from HackRead.com Read the original post: Iranian APT group hacking VPN servers for “Fox Kitten Campaign”...

Android Private Internet Access Denial Of Service

Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/ SUMMARY The Android application provided by Private Internet Access PIA VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be...

ike-scan - Discover and fingerprint IKE hosts (IPsec VPN Servers)

Discover and fingerprint IKE hosts IPsec VPN Servers. Building and Installing ike-scan uses the standard GNU autoconf and automake tools, so installation is the normal process: Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code Run cd ike-scan to enter source...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...

CVE-2014-9104

CVE-2014-9104 covers CSRF vulnerabilities in the XML-RPC API of the OpenVPN Access Server Desktop Client (versions up to 1.5.6). The issues allow an attacker to hijack administrator authentication and perform actions via crafted API requests, including disconnecting VPN sessions, connecting to ar...

CVE-2010-3903

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service application crash via a 404 HTTP status code...

DEBIAN-CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...

CVE-2010-3903

CVE-2010-3903 affects OpenConnect (before 2.23). The vulnerability allows remote denial of service (application crash) of an AnyConnect SSL VPN server by triggering a 404 HTTP response. The exact root cause, vulnerable component/file, and remediation are not detailed in the provided documents; ex...

CVE-2009-5009

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...