Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since ...
Homeland Security Today

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organizations to ...

VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed ...
The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 spreads fake VPN installers via SEO poisoning and GitHub downloads, stealing enterprise VPN credentials with Hyrax ...

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
SecurityWeek

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.
The Register on MSN

Credential-stealing crew spoofs VPN clients from Cisco, Fortinet, and others

And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is ...
SDxCentral

China-Linked Hackers Target Pulse Secure Flaws, Infiltrate US Agencies

Suspected Chinese state-sponsored hackers used vulnerabilities in Pulse Secure VPN appliances to infiltrate dozens of U.S. government agencies, defense contractors, and private companies, according to ...
WRAL

Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe

In a blog post, Pulse Secure said the newly discovered flaw affects a "very limited number of customers" and that a more permanent software update to address that vulnerability will be issued in early ...
CRN

Ivanti Discloses Fifth Major VPN Vulnerability In A Month

The disclosure of the new high-severity Connect Secure bug comes as three recently discovered Ivanti VPN vulnerabilities are now under mass exploitation. Ivanti published details Thursday on a new, ...
Dark Reading

APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm

Virtual private networks (VPNs), which have become essential for many organizations that provide remote employees with access to private networks since the pandemic's onset, are a popular target for ...
CRN

Ivanti Reports Exploitation Of Two Zero-Day VPN Flaws

The high-severity vulnerabilities impact Ivanti’s Connect Secure VPN and do not yet have a patch available. Ivanti disclosed Wednesday that a pair of high-severity, zero-day vulnerabilities impacting ...