2020, Firmware and Surveillance - Cyber Security Informer

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. ” Netlab concludes.

Firmware

Firmware Surveillance Manufacturing Advertising

Industrial Switches from different Vendors Impaired by Similar Exposures

Hacker Combat

JUNE 3, 2021

Industrial switches are made using universal firmware developed by Korenix Technology, a leading provider for industrial networking solutions based in Taiwan. Since mid-April in 2020, the Atos-owned organization has struggled to have the security loopholes fixed in vain. Malicious firmware and bootloader uploads are possible too.

Firmware

Firmware Energy and Utilities Cyber Attacks Surveillance

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

Hackers also posted images captured from the hacked surveillance video on Twitter with an #OperationPanopticon hashtag, published images show that they have gained root shell access to the surveillance cameras used by Telsa and Cloudflare. The initial charges are for previous hacking activities as the they date from September 2020.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

U.S. Organizations Continue to Use Banned Chinese Tech

SecureWorld News

SEPTEMBER 30, 2021

Cybersecurity and Infrastructure Security Agency (CISA) recently warned administrators about a vulnerability that would allow threat actors to take control of devices produced by Hikvision, a Chinese state-owned video surveillance company. A remote attacker could exploit this vulnerability to take control of an affected device.

Firmware

Firmware Surveillance Government Technology

APT annual review 2021

SecureList

NOVEMBER 30, 2021

Based on forensic analysis of numerous mobile devices, Amnesty International’s Security Lab found that the software was repeatedly used in an abusive manner for surveillance. Further analysis revealed that this escalation of privilege (EoP) exploit had potentially been used in the wild since at least November 2020.

Malware

Malware Mobile Spyware Surveillance

Top 10 Malware Strains of 2021

SecureWorld News

AUGUST 8, 2022

A 2020 LokiBot variant was disguised as a launcher for the Fortnite multiplayer video game. Remcos, short for Remote Control and Surveillance, was leveraged by malicious cyber actors conducting mass phishing campaigns during the COVID-19 pandemic to steal personal data and credentials. Qakbot can also be used to form botnets.

Malware

Malware Banking Penetration Testing Healthcare

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

This toolset was in use from as early as July 2020, mainly targeting Southeast Asian entities, including government agencies and telecoms companies. Apart from Trojanized installers, we also observed infections involving use of a UEFI (Unified Extensible Firmware Interface) and MBR (Master Boot Record) bootkit.

Malware

Malware Banking Energy and Utilities Accountability

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

Botnet based on Medusa, working since 2020. Paul has discovered critical vulnerabilities in the firmware and protocols of certain webcam models, and one of the vendors he contacted never even got back to him to discuss remediation. Not going to waffle — I’ll just tell you why it is my service you should choose. Our advantages: 1.

IoT

IoT DDOS Passwords Malware

Vulnerability Recap 7/8/24 – Intel, Cisco & More Face Risks

eSecurity Planet

JULY 8, 2024

It’s a regression of an 18-year-old flaw (CVE-2006-5051) that was reintroduced in October 2020. To protect your network devices from potential risks, apply patches on a regular basis and keep their firmware up to date. The fix: Traeger has enabled automated firmware updates for grills using the D2 Wi-Fi Controller.

Risk

Risk Authentication Firmware Surveillance

Advanced threat predictions for 2024

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). Leaks are often sold on the dark web, message groups or the group’s own platforms, and some are given away for free.

Hacking

Hacking Energy and Utilities Malware Media

APT trends report Q1 2022

SecureList

APRIL 27, 2022

The supporting infrastructure for this operation overlaps with an operation described in a report published by Cisco Talos in September 2021, which discusses a campaign targeting government personnel in India using Netwire and Warzone (aka AveMaria RAT) dating back to the end of 2020. in June 2021. Other interesting discoveries.

Malware

Malware Firmware Government Phishing

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

ReconHellcat is a little-known threat actor that was spotted publicly in 2020. During 2020 and 2021, we detected a new ShadowPad loader module, dubbed ShadowShredder, used against critical infrastructure across multiple countries, including but not limited to India, China, Canada, Afghanistan and Ukraine.

Malware

Malware Government Surveillance Spyware

Over 100 million Hikvision devices hit by critical cyber vulnerability

CyberSecurity Insiders

SEPTEMBER 24, 2021

China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.

Surveillance

Surveillance Firmware DDOS IoT

Cyber Security Informer

MoonBounce: the dark side of UEFI firmware

Botnet operators target multiple zero-day flaws in LILIN DVRs

Trending Sources

Industrial Switches from different Vendors Impaired by Similar Exposures

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

U.S. Organizations Continue to Use Banned Chinese Tech

APT annual review 2021

Top 10 Malware Strains of 2021

IT threat evolution Q3 2021

Overview of IoT threats in 2023

Vulnerability Recap 7/8/24 – Intel, Cisco & More Face Risks

Advanced threat predictions for 2024

APT trends report Q1 2022

APT trends report Q3 2021

Over 100 million Hikvision devices hit by critical cyber vulnerability

Stay Connected