Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Digital technology and connected IoT devices have proliferated across industries and into our daily lives. To secure data exchanged between IoT devices and the software required for operating these devices – bootstrap, firmware, apps – we need to establish a chain of trust. Critical Success Factors to Widespread Deployment of IoT.

IoT 96

IoT Manufacturing Energy and Utilities Data collection 96

Digital Shadows

NOVEMBER 10, 2022

In 2019, the FBI dubbed this tactic as the “ $26 Billion scam ”, given the high losses associated with this social engineering method. If you’re interested in a regional and industry breakdown of all things ransomware observed in the past quarter, check our Q3 2022 ransomware blog.

Cyber threats 52

Cyber threats Media Social Engineering Mobile 52

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Targeted attacks. BlueNoroff continues its search for crypto-currency.

Phishing 110

Phishing Spyware Firmware Malware 110

Google Security

DECEMBER 1, 2022

From 2019 to 2022 the annual number of memory safety vulnerabilities dropped from 223 down to 85. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. We’ve migrated VM firmware in the Android Virtualization Framework to Rust. We’re implementing userspace HALs in Rust.

DNS 145

DNS Accountability Firmware Risk 145

SecureList

APRIL 27, 2022

On March 1, ESET published a blog post related to wipers used in Ukraine and to the ongoing conflict: in addition to HermeticWiper, this post introduced IsaacWiper, used to target specific machines previously compromised with another remote administration tool named RemCom, commonly used by attackers for lateral movement within compromised networks.

Malware 135

Malware Firmware Government Phishing 135

SecureList

NOVEMBER 30, 2021

According to Google TAG’s blog, this actor used highly sophisticated social engineering, approached security researchers through social media, and delivered a compromised Visual Studio project file or lured them to their blog where a Chrome exploit was waiting for them. Firmware vulnerabilities.

Malware 109

Malware Mobile Spyware Surveillance 109

Malwarebytes

FEBRUARY 1, 2023

A sophisticated hacking group was in SolarWinds ' production environment as early as 2019 before affecting 18,000 of its clients, which include private companies like FireEye and Microsoft and several US federal agencies, via an embedded backdoor to updates of its network monitoring software, Orion.

Software 69

Software Risk Backups Technology 69

McAfee

AUGUST 24, 2021

For a brief overview please see our summary blog here. Lastly, the pump runs its own custom Real Time Operating System (RTOS) and firmware on a M32C microcontroller. Attacks on healthcare settings are increasing with the FBI estimating a cyberattack using “Ryuk” ransomware took in $61 million over a 21-month period in 2018 and 2019.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

ForAllSecure

MAY 13, 2022

Vamosi: Wiki space, got bought out and then shut down in January of 2019. Everybody's got their own little blog where they post stuff. So nothing to do with electronics whatsoever other than we sell, you know, technology products, right, and cameras and things like that. And then the company went out of business.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

ForAllSecure

DECEMBER 11, 2020

It’s a firmware replacement designed to allow you to install it instead of the firmware that came with your router. Google’s Ian Beer, who first reported this vulnerability to Apple in November 2019, published a detailed technical account of how he found and developed an exploit. Enter OpenWRT.

Hacking 52

Hacking Banking Internet Internet 52

SecureList

JULY 28, 2022

In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). As part of this process, the actor abused a legitimate blog service to host a malicious script with an encoded format.

Malware 136

Malware Firmware Phishing Cryptocurrency 136

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? To change your tire, they could use technology to enforce that that business model. That's, that's a dystopian future that is technologically is already possible. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec 52

InfoSec Manufacturing Technology Software 52

ForAllSecure

FEBRUARY 10, 2021

” So should analyzing a device’s firmware for security flaws be considered illegal? To change your tire, they could use technology to enforce that that business model. That's, that's a dystopian future that is technologically is already possible. As Stuart Brand said back in 1984 “information wants to be free.”

InfoSec 52

InfoSec Manufacturing Technology Software 52