Cisco's Talos unit warns of mass brute-force attacks targeting multiple VPN services, web application authentication interfaces, and SSH services. These attacks, observed globally since at least March 18, utilize generic and valid usernames, originating from Tor exit nodes and other anonymizing solutions. Source IP addresses associated with Tor, VPN Gate, and various proxy services are identified, with attackers potentially using additional services. Successful attacks may result in unauthorized network access, account lockouts, or denial-of-service conditions. Affected services include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Miktrotik, Draytek, and Ubiquiti, with others potentially impacted. Cisco has witnessed a significant surge in attack traffic, indicating ongoing and escalating activity. While known associated IP addresses are added to block lists, Cisco warns of their likely change. Indicators of compromise (IoCs) containing IPs, usernames, and passwords are published on GitHub. Given the diverse targets, mitigation strategies will vary based on the affected service, emphasizing the need for tailored responses.
Belarus' main security service agency, the KGB, has reportedly been offline for two months following a cyberattack by politically motivated Belarusian hackers known as the Bela...
The Latrodectus malware, also known as Unidentified 111 and IceNova, is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate ...
Dropbox, the cloud storage company, disclosed a recent cybersecurity breach where a hacker accessed sensitive information, including passwords, following unauthorized access to the...