Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. ” reads the flash alert. Pierluigi Paganini.

Ransomware 122

Ransomware Firmware Antivirus Accountability 122

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The experts started investigating the password reset functionality that requests access to the web interface. The experts started investigating the password reset functionality that requests access to the web interface.

Firmware 87

Firmware Manufacturing Passwords Penetration Testing 87

Malwarebytes

AUGUST 9, 2021

On August 3, 2021 a vulnerability that was discovered by Tenable was made public. The vulnerability is listed as CVE-2021-20090. Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02

Firmware 127

Firmware DDOS Internet Internet 127

SecureList

SEPTEMBER 29, 2022

In 2020, CVE-2020-28212 , a vulnerability affecting this software, was reported, which could be exploited by a remote unauthorized attacker to gain control of a PLC with the privileges of an operator already authenticated on the controller. The procedure acts as authentication. It is always located immediately after the session key.

Firmware 86

Firmware Passwords Authentication Engineering 86

Thales Cloud Protection & Licensing

APRIL 20, 2021

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index. Tue, 04/20/2021 - 11:33. In the MSI 2021, more than half of respondents told Verizon that their organizations allowed employees to access corporate IT assets over public Wi-Fi. Verizon’s MSI 2021, page 72. Verizon’s MSI 2021, page 73.

Mobile 71

Mobile Architecture Data breaches Authentication 71

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. The number of internet-facing cameras in the world is growing exponentially. Original post at [link].

Surveillance 122

Surveillance Manufacturing Passwords Internet 122

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware 125

Firmware Authentication Passwords Manufacturing 125

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. Gift yourself a Samsung device from this Thanksgiving 2021 or Black Friday 2021 deals.

Mobile 132

Mobile Firmware Manufacturing Passwords 132

Security Affairs

MAY 25, 2021

Trend Micro fixed some flaws in Trend Micro Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication. Trend Micro fixed three vulnerabilities in Home Network Security devices that could be exploited to elevate privileges or achieve arbitrary authentication.

Network Security 111

Network Security Authentication Firmware Passwords 111

Malwarebytes

OCTOBER 22, 2021

Unfortunately, in an echo of the Y2K bug, a flaw in some versions of GPSD could cause time to roll back after October 23, 2021. The buggy versions of the code reportedly subtract 1024 from the week number on October 24, 2021. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time.

Authentication 144

Authentication System Administration Firmware Passwords 144

Malwarebytes

DECEMBER 16, 2021

In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution vulnerability. Due to a flaw in the password reset request process, an attacker can reset someone else’s password. The attack may be launched remotely.

Wireless 85

Wireless Passwords Firmware Authentication 85

eSecurity Planet

MARCH 21, 2022

Using misconfigured multi-factor authentication (MFA) and an unpatched Windows vulnerability, Russian state-sponsored hackers were able to breach a non-governmental organization (NGO) and escalate privileges, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed last week.

VPN 114

VPN Accountability Authentication Passwords 114

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account.

Accountability 88

Accountability Passwords Authentication Firmware 88

eSecurity Planet

NOVEMBER 4, 2021

CWE-1277 : Firmware Not Updateable – firmware exploitation exposes the victim to a permanent risk without any possibility to patch weaknesses. Hackers may use firmware exploitation to compromise the network, as the firmware links the operating system and the hardware. The most popular firmware is BIOS and UEFI.

Software 114

Software Firmware Computers and Electronics Risk 114

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. Implement network segmentation.

Ransomware 91

Ransomware Passwords Backups Firmware 91

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The vendor recommends the use of strong passwords and to modify the default network port 8080 for accessing the NAS operating interface. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021.

Ransomware 112

Ransomware Backups Media Malware 112

SecureWorld News

FEBRUARY 17, 2024

Being constantly connected to the internet, they are either protected by basic passwords or, in some cases, have no password protection at all. A 2021 Cynerio report revealed a staggering 123% increase in ransomware attacks on healthcare facilities, resulting in more than 500 incidents and costs exceeding $21 billion.

Healthcare 94

Healthcare Manufacturing Internet Internet 94

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Upgrade to the latest firmware version.

Energy and Utilities 90

Energy and Utilities Government Firewall Malware 90

Security Boulevard

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. The researchers initially discovered an authentication bypass issue, then explored the systems looking at functionalities available to authenticated users such as uploading and downloading configuration files.

Firmware 98

Firmware Authentication Passwords Manufacturing 98

Malwarebytes

SEPTEMBER 24, 2021

In June of 2021 we wrote about another vulnerability in the same Secure Mobile Access (SMA) 100 series. SonicWall customers can log in to its MySonicWall.com website to get updated firmware for their appliances. Back then SonicWall had been made aware of an imminent ransomware campaign using stolen credentials.

Firmware 78

Firmware Internet Internet Firewall 78

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. Use multifactor authentication where possible.

Ransomware 92

Ransomware DDOS Passwords Backups 92

Malwarebytes

JANUARY 12, 2022

Microsoft has a technology called Active Directory that allows workstations to authenticate with a “domain controller.” CVE-2021-22947 is regarding a vulnerability in the curl open source library which is used by Windows. CVE-2021-36976 is regarding a vulnerability in the libarchive open source library which is used by Windows.

Authentication 114

Authentication Firmware Passwords Technology 114

SecureList

MAY 23, 2022

A remote attacker could easily implement a password brute force attack in ISaGRAF Runtime. An attacker that can carry out a MitM attack will be able to overwrite tag statuses, the program being downloaded to the device, or authentication data.

Architecture 80

Architecture Authentication Passwords Encryption 80

Security Affairs

FEBRUARY 14, 2022

As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 84

Ransomware Accountability Firmware Antivirus 84

Malwarebytes

APRIL 28, 2022

In September 2021 , the agency revealed that ransomware threat actors were ramping up attacks as the sector adopted more smart technologies. During the same month as the FBI’s initial warning, in September 2021, BlackMatter ransomware hit Iowa’s NEW Cooperative, demanding a ransom of $5.9

Ransomware 90

Ransomware Technology Firmware Internet 90

Malwarebytes

MARCH 17, 2021

link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible. Disable unused RDP ports and monitor remote access/RDP logs.

Education 106

Education Ransomware Phishing Passwords 106

Kali Linux

NOVEMBER 27, 2022

To enable wireless support, we need to find: The kernel Wi-Fi modules that need to be in the initramfs (Depends on hardware) The Wi-Fi firmware files that need to be in the initramfs (Depends on hardware) The Wireless interface name (Kali defaults to: wlan0 ) Additional packages to increase functionally. bin firmware: brcm/brcmfmac*-sdio.*.txt

Firmware 52

Firmware Wireless Passwords VPN 52

eSecurity Planet

OCTOBER 1, 2021

Because of VPNs’ vulnerabilities – a recent example involved a massive leak of Fortinet users’ passwords – a number of security vendors have been pushing zero trust network access as a potential replacement for VPNs. Use multi-factor authentication and choose products that are compatible with the credentials you’ll be using.

VPN 107

VPN Authentication Passwords Software 107

Security Boulevard

MAY 9, 2022

Either way, this ransomware-for-hire has been around far longer (in internet terms) than the bulletin may have some believe, having been first seen in September 2021. Regularly back up data, air gap, and password protect backup copies offline. Use multifactor authentication where possible.

Ransomware 98

Ransomware Antivirus Backups Passwords 98

Malwarebytes

MARCH 10, 2022

Observed since: July 2021 Ransomware note: BlackByteRestore.txt Ransomware extension: BlackByte Kill Chain: Some victims reported that attackers used known Microsoft Exchange Server vulnerabilities to gain access to their networks. > Observed since: January 2021 Ransomware note: BackFiles_encoded01.txt Mitigations.

Ransomware 71

Ransomware Phishing Accountability Technology 71

Security Boulevard

MAY 30, 2022

In November 2021, the Cybersecurity and Infrastructure Agency (CISA) and Philips issued advisories pertaining to several security vulnerabilities identified in certain patient monitoring and medical device interface products from the manufacturer. Change all default passwords. Maintain a regular patch management process.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly back up data, air gap, and password protect backup copies offline. Use multifactor authentication where possible.

Passwords 63

Passwords Government Firmware Accountability 63

Malwarebytes

MAY 6, 2022

REvil (aka Sodinokibi) first appeared in May 2020 and has been responsible for numerous high-profile ransomware attacks, including arguably the biggest ransomware attack of all time—a supply-chain attack on Kaseya VSA in July 2021 that is thought to have affected over 1,000 businesses. Known ransomware attacks in April 2022 by country.

Ransomware 84

Ransomware Encryption Accountability Technology 84

McAfee

AUGUST 24, 2021

Though this partnership, our research led us to discover five previously unreported vulnerabilities in the medical system which include: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7). CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). Braun on January 11, 2021.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

SecureList

NOVEMBER 14, 2022

In another publication , Google also followed up on the activities of a similar vendor named Cytrox that had leveraged four 0-day vulnerabilities in a 2021 campaign. Okta is a widely used authentication services provider, and it is safe to assume that a hacker controlling their network would be able to infect any of their customers.

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. Update and patch operating systems, software, and firmware as soon as updates and patches are released. The 15 Vulnerabilities Explained.

Ransomware 126

Ransomware Encryption Backups Accountability 126

eSecurity Planet

AUGUST 10, 2021

The discovery by the Juniper researchers of the exploit attempts came two days after security experts from cybersecurity vendor Tenable first disclosed the vulnerability, which is tracked by CVE-2021-20090. Common in all the affected devices is firmware from Arcadyan, a communications device maker.

IoT 144

IoT DDOS Internet Internet 144