firewall

Pierluigi Paganini December 04, 2023
Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can exploit the vulnerabilities to steal cookies, access configuration files, carry out command injection and denial-of-service […]

Pierluigi Paganini July 16, 2020
Cisco fixes 5 critical flaws that could allow router firewall takeover

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely […]

Pierluigi Paganini June 30, 2020
APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated […]

Pierluigi Paganini June 30, 2020
Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. Palo Alto Networks addressed a critical vulnerability, tracked as CVE-2020-2021, in the operating system (PAN‑OS) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. “When Security Assertion Markup Language (SAML) authentication is enabled and […]

Pierluigi Paganini February 22, 2017
FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer […]

Pierluigi Paganini October 27, 2016
Experts disclosed a critical flaw in Schneider Industrial Firewalls

CyberX experts at the SecurityWeek’s 2016 ICS Cyber Security Conference disclosed a critical flaw in the Schneider Industrial Firewalls. This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities. The experts demonstrated how hackers can target ICS systems and passing security measures in places. Among the vulnerabilities disclosed by […]

Pierluigi Paganini February 01, 2016
Audit shows Department of Homeland Security 6 billion U.S. Dollar firewall not so effective against hackers

A multi-billion U.S. Dollar firewall run by the Department of Homeland Security meant to detect and prevent nation-state hacks against the government functions ineffectively, according to a sanitized version of a secret federal audit. The National Cybersecurity Protection System (NCPS), also known as EINSTEIN, is a firewall run by the Department of Homeland Security. It’s goal: […]