2019, Encryption, Firmware and Information Security

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

A new vulnerability, tracked as CVE-2019-0090 , affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. Security experts from Positive Technologies warn of a new vulnerability, tracked as CVE-2019-0090, that affects all Intel processors that were released in the past 5 years.

Firmware

Firmware Technology Advertising Authentication

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT).

IoT

IoT Firmware DNS Advertising

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

Searching online the expert first found an encrypted firmware, he found on a forum a Portable ROM Dumper , (a custom firmware update file that once loaded, dumps the memory of the camera into the SD Card) that allowed him to dump the camera’s firmware and load it into his disassembler (IDA Pro).

Firmware

Firmware Ransomware Wireless Encryption

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS. In November 2019, security experts first spotted the QSnatch malware that at the time infected thousands of QNAP NAS devices worldwide. Webshell functionality for remote access. ” reads the alert.

Malware

Malware Firmware Advertising Manufacturing

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms Intezer and Anomali separately discovered sample of the ransomware targeting Network Attached Storage (NAS) devices. The malicious code appends.encrypt extension to filenames of encrypted files.

Ransomware

Ransomware Encryption Firmware Passwords

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

BleepingComputer also reported that dozens of ransom notes and encrypted files have been submitted to the ID-Ransomware service by affected QNAP users. Up to date apps and firmware seem not to help either.” The malicious code appends.encrypt extension to filenames of encrypted files.

Ransomware

Ransomware Encryption Backups Firmware

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper is a piece of malware that was first spotted in October 2019 by experts from security firm Symantec, it is a persistent Android dropper app that is able to reinstall itself even after users attempt to uninstall it. In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Mobile

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. ” reads the joint advisory. “The Pierluigi Paganini.

Ransomware

Ransomware Encryption Firmware Backups

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks. After this, PYSA is then deployed and executed.

Education

Education Ransomware Phishing Passwords

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.” Pierluigi Paganini.

VPN

VPN Ransomware Antivirus Firmware

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. hard drive, storage device, the cloud).

Passwords

Passwords Government Firmware Accountability

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

The WPA Wireless security standard was designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and to establish secure connections that hackers cannot spy on. The Enterprise mode implements 192-bit encryption for networks that require extra security.

Passwords

Passwords Hacking Wireless Authentication

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

The first is Ransom.Sodinokibi , which Malwarebytes has already profiled and has been detecting since 2019.). The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

Three more ransomware attacks hit Water and Wastewater systems in 2021

Security Affairs

OCTOBER 15, 2021

In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment. RDP accesses); Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions.

Ransomware

Ransomware Cyber threats Firmware Backups

The Hacker Mind Podcast: Hacking Teslas

ForAllSecure

JUNE 8, 2022

Certainly no one uses 40 bit encryption anymore. The phone key then understands that message and encrypts it back to the sender to the vehicle with that secret key, the car and the phone have that challenge token and only then the car would unlock. It's using device encryption and it's pretty good protected. It's I like it.

Hacking

Hacking Manufacturing Encryption Wireless

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Ransomware: Encryption, Exfiltration, and Extortion. Ransomware perpetrators of the past presented a problem of availability through encryption. Nickels suggests organizations follow this guidance: Also Read: How Zero Trust Security Can Protect Against Ransomware. Detect Focus on encryption Assume exfiltration.

Software

Software Firmware DNS VPN

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

Russian govn blocked Tutanota service in Russia to stop encrypted communication. Russian govn blocked Tutanova service in Russia to stop encrypted communication. CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability. Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack.

Artificial Intelligence

Artificial Intelligence eCommerce Firmware Hacking

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

From the 1960’s to 2000 infusion pumps were mostly electromechanical devices with some embedded electronics, but the turn of the century delivered “smarter” devices with better safety mechanisms and the possibility to program them, which slowly opened the door to information security challenges.

Computers and Electronics

Computers and Electronics Authentication Software Risk

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

Vamosi: Wiki space, got bought out and then shut down in January of 2019. And that's probably a security design of what they're, what they might put out there and encryption keys and things like that. And then you have the smart meters and so the software on the smart meters that's just 100% on its firmware.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. Yes, grasshoppers invaded Las Vegas at the start of hacker summer camp in 2019. Vamosi: 2019 was last time I was at DEF CON and I remember there were a lot of activities going on in the car hacking village.

Hacking

Hacking Computers and Electronics InfoSec Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? And I think there were something like 18 and 2019. Roberts: We've got some great so secure repairs I founded in 2019.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

As Stuart Brand said back in 1984 “information wants to be free.” ” So should analyzing a device’s firmware for security flaws be considered illegal? And I think there were something like 18 and 2019. Roberts: We've got some great so secure repairs I founded in 2019.

InfoSec

InfoSec Manufacturing Technology Software

Cyber Security Informer

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

New Ttint IoT botnet exploits two zero-days in Tenda routers

Trending Sources

Infecting Canon EOS DSLR camera with ransomware over the air

QSnatch malware infected over 62,000 QNAP NAS Devices

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

xHelper, the Unkillable Android malware that re-Installs after factory reset

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

FBI warns of increase in PYSA ransomware attacks targeting education

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Three more ransomware attacks hit Water and Wastewater systems in 2021

The Hacker Mind Podcast: Hacking Teslas

The Biggest Lessons about Vulnerabilities at RSAC 2021

Security Affairs newsletter Round 252

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

The Hacker Mind Podcast: Reverse Engineering Smart Meters

The Hacker Mind Podcast: DEF CON Villages

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected