2014, Architecture and Information Security

ENISA publishes a Threat Landscape for 5G Networks

Security Affairs

NOVEMBER 21, 2019

Today’s ENISA 5G Threat landscape complements the Coordinated Risk Assessment with a more technical and more detailed view on the 5G architecture, the assets and the cyber threats for those assets. Coordination with EU-wide activities will be key to the success of secure 5G practices. Understanding threat exposure. Pierluigi Paganini.

Architecture

Architecture Risk Telecommunications Advertising

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Architecture Advertising Manufacturing

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture IoT Malware Advertising

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

. “The modus operandi of the group behind this specific attack comes over with a criminal group that already has one has a long history, and goes back to at least 2014,” reads the Fox-IT full report to UM (in Dutch). TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Pierluigi Paganini.

Ransomware

Ransomware Cyber Attacks Backups Architecture

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Czech cyber-security agency warns over Huawei, ZTE security threat

Security Affairs

DECEMBER 18, 2018

. “The main issue is a legal and political environment of the People’s Republic of China, where (the) aforementioned companies primarily operate,” reads a statement issued by the Czech National Cyber and Information Security Agency. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Advertising Internet Internet

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

The company announced that is currently working to further enhance the security of its architecture with the help of “relevant experts” Customers can contact the support website to receive information about the security breach, the company is recommending them to change their passwords.

Data breaches

Data breaches Telecommunications Passwords Advertising

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Gafgyt is a popular choice for launching large-scale DDoS attacks, it first appeared in the threat landscape in 2014. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture.

DDOS

DDOS Architecture Malware Cybercrime

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

The malware has evolved over the years, it is able to log keystrokes, steal files, capture screenshots, collect information about the infected system, steal credentials from major browsers (i.e. The malware has been active since at least 2014, it was undetected for more than 3 years and was used in highly targeted attacks.

Phishing

Phishing Malware Advertising Architecture

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Security Affairs

MARCH 30, 2020

Prevent zero-day attacks with a holistic, end to end cyber architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – coronavirus, hacking).

Malware

Malware Advertising Retail Architecture

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Don’t waste time, patch your system now!

Security Intelligence

Security Intelligence Authentication Advertising Passwords

AMD admits hacker stole source code files related to its GPUs

Security Affairs

MARCH 28, 2020

The hacker claims to have obtained files related to several AMD graphics processing units (GPUs), including the Navi 10 architecture and the upcoming Navi 21, and Arden. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Architecture Hacking Data breaches

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

In November 2018, the Wall Street Journal reported that the US Government was urging its allies to exclude Huawei from critical infrastructure and 5G architectures. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Advertising Surveillance Architecture

VMware addressed flaws in its Workstation and Tools

Security Affairs

JUNE 6, 2019

The second issue, tracked as CVE-2019-5525, is a use-after-free bug affecting the Advanced Linux Sound Architecture (ALSA) backend in Workstation 15.x. “VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. ” states the advisory. for Linux. .”

Architecture

Architecture Advertising Software Hacking

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

It extracts the binary for the relevant architecture in /tmp/udev2 and executes it. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Below the infection chain for the FinSpy for Linux, descrived by the researchers.

Spyware

Spyware Surveillance Advertising Mobile

Hackers for hire group target organizations via 3ds Max exploit

Security Affairs

AUGUST 26, 2020

2] It has modeling capabilities and a flexible plugin architecture and must be used on the Microsoft Windows platform. 3Ds Max is used by engineering, architecture, gaming, or software organizations. ” reads the security alert. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture Malware Advertising Software

Czech public radio says Huawei Czech Unit secretly collected data

Security Affairs

JULY 22, 2019

In December 2018, the Czech National Cyber and Information Security Agency warned against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Manufacturing

Manufacturing Internet Internet Advertising

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Vendors supporting Samba 4.7 Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Passwords

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

. “Intel’s security is designed so that even arbitrary code execution in any Intel CSME firmware module would not jeopardize the root cryptographic key (Chipset Key),” the experts said. “Unfortunately, no security system is perfect. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Technology Advertising Authentication

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. It is the largest office furniture manufacturer in the world.

Ransomware

Ransomware Computers and Electronics Manufacturing Advertising

Companies paid $4.2M bug bounties for XSS flaws in 2020

Security Affairs

OCTOBER 31, 2020

In the third place there are SSRF (Server Side Request Forgery) flaws, experts pointed out that the advent of cloud architecture and unprotected metadata endpoints has rendered these vulnerabilities increasingly critical. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. million / €33.4 million / ¥273.7

Accountability

Accountability Advertising Architecture Hacking

US CISA warns of Ransomware attacks impacting pipeline operations

Security Affairs

FEBRUARY 18, 2020

CISA alert provided planning and operational mitigation measures, as well as technical and architectural mitigations that should be implemented by organizations in critical infrastructure sectors to avoid similar ransomware attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Advertising Encryption Architecture

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Security Affairs

DECEMBER 17, 2018

In November 2018, the Wall Street Journal reported that the US Government is urging its allies, including Germany, to exclude Huawei from critical infrastructure and 5G architectures. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs –BSI, Huawei).

Technology

Technology Internet Internet Advertising

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

The MosaicRegressor framework was developed for cyber espionage purposes, its modular architecture allows operators to perform multiple actions. “With this in mind, we see that UEFI continues to be a point of interest to APT actors, while at large being overlooked by security vendors.” Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

” According to the experts, the attackers have good knowledge about the internal architecture of the targeted platform. Since the attackers obtain information about activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud (IRSF).”

Malware

Malware Encryption Advertising Passwords

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. “tracert -h 8 8.8.8.8”

Government

Government Malware Advertising Architecture

Top cybersecurity certifications to consider for your IT career

Security Affairs

OCTOBER 11, 2019

The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Certified Information Security Manager – CISM. Cybersecurity professionals with Security+ know how to address security incidents – not just identify them.

Cybersecurity

Cybersecurity Information Security Penetration Testing Advertising

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, QNap).

Authentication

Authentication Advertising Architecture Cybercrime

Kali Linux is now available for Raspberry Pi 4

Security Affairs

JULY 10, 2019

.” Linux Kali distro for the Raspberry Pi 4 also supports an onboard Wi-Fi monitor mode and frame injection support, but it is only available for 32-bit architecture. Offensive security plans to release a 64-bit version in the near future. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Architecture Hacking Information Security

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

. “ DePriMon is an unusually advanced downloader whose developers have put extra effort into setting up the architecture and crafting the critical components,” ESET concludes. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – DePriMon, malware).

Malware

Malware Telecommunications Advertising Encryption

QNodeService Trojan spreads via fake COVID-19 tax relief

Security Affairs

MAY 16, 2020

is dropped depending on the Windows system architecture of the target machine. . Operators were spreading it in a spam campaign aimed at stealing victims’ financial information, the spam messages sent to the victims claim to provide information related to the Coronavirus outbreak and government relief payments. The wizard.js

Malware

Malware Phishing Advertising Antivirus

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cyber Attacks

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

Then determines whether it can write to various directories, checks the system architecture, and then makes three attempts to download and install a ‘kerberods’ dropper using wget or curl. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – WatchBog, malware).

Architecture

Architecture Cryptocurrency Malware Advertising

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Security Affairs

JUNE 18, 2019

The extender operates on the MIPS architecture, like many routers, the zero-day flaw can be triggered. TP-Link’s Wi-Fi extenders operate on MIPS architecture and the vulnerability can be triggered by sending a malformed HTTP request. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Architecture

Architecture Advertising Firmware IoT

Spotlight on Cybersecurity Leaders: Walter Williams

SecureWorld News

APRIL 19, 2023

Walter Williams has more than 20 years of experience in Information Security, and currently resides as the CISO for Monotype. He is the author of "Creating an Information Security Program from Scratch" (2021, CRC Press) and "Security for Service Oriented Architecture" (2014, CRC Press).

Cybersecurity

Cybersecurity Information Security CISO Architecture

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

The second architectural flaw is related subscriber credentials that are checked on S-GW (SGSN) equipment by default. Security must be a priority during network design,” the report concluded. “ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

Mobile

Mobile Internet Internet Advertising

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Passwords Advertising Architecture

Decrypting TLS connections with new Raccoon Attack

Security Affairs

SEPTEMBER 11, 2020

If ephemeral keys get reused in either variant, they could lead to micro-architectural side channels, which could be exploited, although leading zero bytes are preserved. The good news is that F5 , Microsoft, Mozilla, and OpenSSL have already released security patches to address the vulnerability. ” state the researchers.

Encryption

Encryption Advertising Architecture Hacking

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the alert. Pierluigi Paganini.

VPN

VPN Government Authentication Advertising

Millions of computers powered by Intel chips are affected by MDS flaws

Security Affairs

MAY 14, 2019

. “MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms.” “Refer to the MDS table in Deep dive: CPUID Enumeration and Architectural MSRs for a list of processors that may be affected by MDS. Pierluigi Paganini.

Architecture

Architecture Advertising Encryption Passwords

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

JULY 11, 2019

The implant analyzed by the experts contained binary files for ARMv7 and ARM64 CPU architectures. For more information, contact intelreports@kaspersky.com “ ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Spyware

Spyware Advertising Mobile Architecture

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Security Affairs

AUGUST 1, 2019

Cisco finally addressed the flaws in 2013 and stopped selling Cisco Video Surveillance Manager (VSM) in 2014. There was no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Surveillance

Surveillance Technology Government Software

ENISA publishes a Threat Landscape for 5G Networks

AMD is going to patch UEFI SMM callout privilege escalation flaw

Trending Sources

New HEH botnet wipes devices potentially bricking them

Maastricht University finally paid a 30 bitcoin ransom to crooks

Mozi Botnet is responsible for most of the IoT Traffic

Czech cyber-security agency warns over Huawei, ZTE security threat

Aerial Direct, the O2’s largest UK partner suffered a data breach

Enemybot, a new DDoS botnet appears in the threat landscape

CISA warns of phishing attacks delivering KONNI RAT

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Hackers are using Zerologon exploits in attacks in the wild

AMD admits hacker stole source code files related to its GPUs

US officials claim Huawei Equipment has secret backdoor for spying

VMware addressed flaws in its Workstation and Tools

Unknown FinSpy Mac and Linux versions found in Egypt

Hackers for hire group target organizations via 3ds Max exploit

Czech public radio says Huawei Czech Unit secretly collected data

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Steelcase office furniture giant hit by Ryuk ransomware attack

Companies paid $4.2M bug bounties for XSS flaws in 2020

US CISA warns of Ransomware attacks impacting pipeline operations

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Second-ever UEFI rootkit used in North Korea-themed attacks

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Top cybersecurity certifications to consider for your IT career

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Kali Linux is now available for Raspberry Pi 4

DePriMon downloader uses a never seen installation technique

QNodeService Trojan spreads via fake COVID-19 tax relief

Iran-linked APT is exploiting the Zerologon flaw in attacks

WatchBog cryptomining botnet now uses Pastebin for C2

Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders

Spotlight on Cybersecurity Leaders: Walter Williams

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Zerologon attack lets hackers to completely compromise a Windows domain

Decrypting TLS connections with new Raccoon Attack

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Millions of computers powered by Intel chips are affected by MDS flaws

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Stay Connected