Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.   Cisco Talos researchers warn of large-scale credential brute-force attacks targeting multiple targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.   […]

Bitwarden

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.  

Cisco Talos researchers warn of large-scale credential brute-force attacks targeting multiple targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.  

Below is a list of known affected services: 

  • Cisco Secure Firewall VPN 
  • Checkpoint VPN  
  • Fortinet VPN  
  • SonicWall VPN  
  • RD Web Services 
  • Miktrotik 
  • Draytek 
  • Ubiquiti 

Successful brute-force attacks can result in unauthorized network access, account lockouts, or denial-of-service (DoS) conditions.

These attacks originate from TOR exit nodes and anonymizing tunnels and proxies, such as:  

  • VPN Gate  
  • IPIDEA Proxy  
  • BigMama Proxy  
  • Space Proxies  
  • Nexus Proxy  
  • Proxy Rack 

“The brute-forcing attempts use generic usernames and valid usernames for specific organizations. The targeting of these attacks appears to be indiscriminate and not directed at a particular region or industry.” reads the advisory published by Cisco Talos.

The malicious activity lacks a specific focus on particular industries or regions, suggesting a broader strategy of random, opportunistic attacks.

The advisory published by Talos includes a list of indicators of compromise (IoCs) for this campaign.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, brute-force)