SiteLock

AUGUST 27, 2021

According to SiteLock researchers and cybersecurity experts, the threat landscape will only continue to grow in 2020 and will likely bring even more new challenges with it. We’ve analyzed the current state of the industry and packaged up our top five cybersecurity predictions for 2020.

Cybersecurity 98

Cybersecurity Phishing Data breaches IoT 98

Security Affairs

MARCH 8, 2021

Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507). The flaws affect QNAP NAS firmware versions prior to August 2020.

Cryptocurrency 107

Cryptocurrency Firmware Malware Threat Detection 107

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, ” reads the advisory published by NCC Group.”

Firmware 133

Firmware Authentication Hacking Software 133

Security Affairs

MAY 1, 2021

. “To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” The malware was designed to abuse NAS resources and mine cryptocurrency.

Ransomware 113

Ransomware Cryptocurrency Malware Internet 113

CyberSecurity Insiders

JANUARY 26, 2022

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” Key takeaways: BotenaGo malware source code is now available to any malicious hacker or malware developer.

Malware 81

Malware IoT Authentication Antivirus 81

Malwarebytes

JUNE 30, 2022

The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat actor behind it. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. SOHO routers. Stay safe, everyone!

DNS 93

DNS Malware Small Business Firmware 93

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. Install the latest version of Malware Remover.

Cryptocurrency 113

Cryptocurrency Firmware Malware Passwords 113

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com)

IoT 114

IoT DDOS Malware Firmware 114

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. In May 2020, Zipper told another Lolzteam member that quot[.]pw A DIRECT QUOT The domain quot[.]pw

Scams 251

Scams DDOS Cryptocurrency Accountability 251

Security Affairs

DECEMBER 8, 2020

The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File Station, to inject malicious code in System Connection Logs, and to inject malicious code in certificate configuration.

Firmware 101

Firmware Malware Ransomware Hacking 101

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. During 2020 and 2021, more than 500 router vulnerabilities were found. The nvd.nist.gov website presents different figures, but they too show a significant increase in the number of router vulnerabilities found in 2020 and 2021.

DDOS 104

DDOS Passwords IoT Firmware 104

Security Affairs

NOVEMBER 29, 2020

Tracked as CVE-2020-25159 , the flaw is rated 9.8 The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 ” Experts used the search engines for Internet-connected devices, like Shodan.io, to search for ENIP-compatible internet-facing devices and discovered more than 8,000 systems exposed online. .”

Hacking 125

Hacking Firmware Internet Internet 125

Security Affairs

OCTOBER 5, 2020

.” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987. The vulnerability was detailed in July 2020 by the security researchers Sanjana Sarda. “We recommend that Tenda router users check their firmware and make necessary update.”

IoT 139

IoT Firmware DNS Advertising 139

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. Rise in malware. Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020.

Ransomware 135

Ransomware Manufacturing Passwords Internet 135

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 142

IoT Firmware Authentication Wireless 142

Security Affairs

DECEMBER 12, 2020

The National Instruments CompactRIO product , a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.

Firmware 88

Firmware Manufacturing Software Authentication 88

Security Affairs

DECEMBER 15, 2020

The vulnerabilities ((CVE-2020-25183, CVE-2020-25187, CVE-2020-27252)) could be only exploited by an attacker within the Bluetooth range of the vulnerable product. The third vulnerability, tracked as CVE-2020-27252, is a race condition that could be leveraged to upload and execute unsigned firmware on the Patient Reader.

Firmware 100

Firmware Authentication Mobile IoT 100

Security Affairs

SEPTEMBER 8, 2020

Probably the most interesting vulnerability is an undocumented backdoor, tracked as CVE-2020-15835, that can be exploited by attackers to gain root access to a router. “Multiple critical vulnerabilities have been discovered in the MoFi4500 router, an OpenWRT based wireless router that provides Internet access via LTE.

Firmware 87

Firmware Wireless Authentication Advertising 87

eSecurity Planet

APRIL 28, 2022

Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities. CVE-2020-1472. CVE-2020-0688. CVE-2020-2509. Also read: Best Patch Management Software & Tools. “U.S.,

Cybersecurity 113

Cybersecurity Software Firmware Internet 113

Security Affairs

FEBRUARY 6, 2020

Security experts from Check Point discovered a high-severity flaw ( CVE-2020-6007 ) in Philips Hue Smart Light Bulbs that can be exploited by hackers to gain entry into a targeted WiFi network. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network.

Hacking 118

Hacking IoT Wireless Firmware 118

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware 119

Ransomware Backups Media Malware 119

Security Affairs

OCTOBER 8, 2020

According to a security advisory published by the company, both flaws, tracked as CVE-2020-2506 and CVE-2020-2507 , are improper access control vulnerabilities. In early August, the Taiwanese company urged its users to update the Malware Remover app to prevent NAS devices from being infected by the QSnatch malware.

Encryption 100

Encryption Firmware Advertising Ransomware 100

Security Affairs

APRIL 25, 2021

Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. 10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts.

Firmware 111

Firmware Passwords Authentication Wireless 111

Security Affairs

NOVEMBER 24, 2022

Researchers at Recorded Future observed several intrusion attempts on Indian critical infrastructure since 2020 and shared IOCs related to this campaign. The researchers identified over 1 million internet-exposed Boa server components around the world over the span of a week. ”reads the report published by Recorded Future.

IoT 95

IoT Firmware Software Risk 95

Security Affairs

APRIL 2, 2021

The vulnerabilities affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446 that reached end of life (EOL). The first vulnerability is an RCE issue that affects any QNAP device exposed to the Internet, it resides in the NAS web server (default TCP port 8080). October 23, 2020 – Sent another e-mail to QNAP security team.

Firmware 73

Firmware Internet Internet Authentication 73

Security Affairs

JULY 10, 2020

Some of the issues also affected third-party components, including OpenSSL, Intel firmware, Bouncy Castle, Java SE, Apache software, and others. Another critical vulnerability addressed by the company is CVE-2020-1654 , it could be exploited to trigger a DoS condition or to execute arbitrary code remotely.

Firmware 82

Firmware Advertising Firewall Internet 82

Security Affairs

APRIL 11, 2021

Clop Ransomware operators plunder US universities Malware attack on Applus blocked vehicle inspections in some US states 2,5M+ users can check whether their data were exposed in Facebook data leak 33.4% Every week the best security articles from Security Affairs free for you in your email box.

Cyber Attacks 53

Cyber Attacks Firmware Malware VPN 53

Security Affairs

MARCH 23, 2020

Netlab shared its findings with LILIN on January 19, 2020, and the vendor addressed the issues with the release of the firmware update (version 2.0b60_20200207). The new firmware released by the vendors validated the hostname passed as input to prevent command execution. ” reads the advisory published by Netlab.

Firmware 106

Firmware Surveillance Manufacturing Advertising 106

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware 145

Firmware Malware Encryption Passwords 145

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Here are five significant cybersecurity vulnerabilities with IoT in 2020. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet.

IoT 132

IoT Cybersecurity Manufacturing Internet 132

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” continues the analysis.

IoT 125

IoT DDOS Architecture Passwords 125

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware 98

Ransomware Passwords Backups Firmware 98

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443.

Passwords 66

Passwords Government Firmware Accountability 66

Security Affairs

FEBRUARY 3, 2020

L inear eMerge E3 smart building access systems designed by N ortek Security & Control (NSC) are affected by a severe vulnerability (CVE-2019-7256) that has yet to be fixed and attackers are actively scanning the internet for vulnerable devices. Passwords can be found in p roduct documentation and compiled lists available on the Internet.”

DDOS 79

DDOS Hacking Internet Internet 79

Security Affairs

NOVEMBER 1, 2021

On 2020-01-02, CNCERT reported that “the number of Bot node IP addresses associated with this botnet exceeds 5 million. Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control.

Architecture 123

Architecture DDOS Advertising DNS 123

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords 115

Passwords Architecture Backups Cyber Attacks 115

SecureList

JULY 19, 2023

While the threat actor infrastructure might request Net-NTLMv2 authentication, Windows will honor the defined internet security zones and will not send (leak) Net-NTLMv2 hashes. In other words, the vulnerability only affects the SMB protocol. on 2022-05-17 14:21:25 UTC Target: Energy transportation critical infrastructure – PO Information!

Firmware 92

Firmware Internet Internet Government 92