2021, Encryption, Firmware and VPN - Cyber Security Informer

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices. R6700v3 – 1.0.4.106 R6900 – 1.0.2.16 R7900 – 1.0.4.38

DNS

DNS Firmware VPN Risk

NSA, CISA Release Guidance for Choosing and Hardening VPNs

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN

VPN Authentication Passwords Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware DDOS Passwords Backups

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The types of vulnerabilities affecting the devices are Inadequate Encryption Strength, Session Fixation, Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Insecure Default Variable Initialization, Use of Hard-coded Credentials. ” continues the alert.

Firmware

Firmware VPN Firewall Risk

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released.

Education

Education Ransomware Phishing Passwords

Lapsus$: The New Name in Ransomware Gangs

Security Boulevard

MARCH 15, 2022

The LHR was created to limit Ethereum mining capabilities in the NVidia RTX 30 series graphics cards, after the cryptomining community depleted the stock in early 2021. The ransomware group specified that “they are not looking for data” but rather to buy remote VPN access to the corporate network. But first things first.

Ransomware

Ransomware Telecommunications Firmware Media

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

Observed since: July 2021 Ransomware note: BlackByteRestore.txt Ransomware extension: BlackByte Kill Chain: Some victims reported that attackers used known Microsoft Exchange Server vulnerabilities to gain access to their networks. > Observed since: January 2021 Ransomware note: BackFiles_encoded01.txt LockBit 2.0.

Ransomware

Ransomware Phishing Accountability Technology

Remotely Accessing Secure Kali Pi

Kali Linux

NOVEMBER 27, 2022

In Secure Kali Pi (2022) , the first blog post in the Raspberry Pi series, we set up a Raspberry Pi 4 with full disk encryption. author: Broadcom Corporation firmware: brcm/brcmfmac*-sdio.*.bin bin firmware: brcm/brcmfmac*-sdio.*.txt We mentioned that we can leave it somewhere as a drop box. wireless LAN fullmac driver.

Firmware

Firmware Wireless Passwords VPN

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. •

Passwords

Passwords Government Firmware Accountability

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

We look at three RSAC 2021 sessions and some of the most daunting vulnerabilities presented by the SANS Institute, Cybersecurity and Infrastructure Security Agency (CISA), and Varonis Systems. Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities.

Software

Software Firmware DNS VPN

DDoS attacks in Q1 2021

SecureList

MAY 10, 2021

Q1 2021 saw the appearance of two new botnets. Cybercriminals exploited several critical vulnerabilities in programs installed on victim devices, including the newly discovered CVE-2021-3007. In Q1 2021, cybercriminals also found a host of new tools for amplifying DDoS attacks. News overview.

DDOS

DDOS Cryptocurrency Media Marketing

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index

Thales Cloud Protection & Licensing

APRIL 20, 2021

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index. Tue, 04/20/2021 - 11:33. In the MSI 2021, more than half of respondents told Verizon that their organizations allowed employees to access corporate IT assets over public Wi-Fi. Verizon’s MSI 2021, page 72. Verizon’s MSI 2021, page 73.

Mobile

Mobile Architecture Data breaches Authentication

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

for cyber 2021 budget for the Department of Defense. Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks. Russian govn blocked Tutanota service in Russia to stop encrypted communication. Russian govn blocked Tutanova service in Russia to stop encrypted communication. US administration requests $9.8B

Artificial Intelligence

Artificial Intelligence eCommerce Firmware Hacking

Cyber Security Informer

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Webinars

Trending Sources

NSA, CISA Release Guidance for Choosing and Hardening VPNs

Webinars

Who and What is Behind the Malware Proxy Service SocksEscort?

Avoslocker ransomware gang targets US critical infrastructure

CISA is warning of vulnerabilities in GE Power Management Devices

FBI warns of ransomware attacks targeting the food and agriculture sector

FBI warns of increase in PYSA ransomware attacks targeting education

Lapsus$: The New Name in Ransomware Gangs

Ransomware: February 2022 review

Remotely Accessing Secure Kali Pi

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

The Biggest Lessons about Vulnerabilities at RSAC 2021

DDoS attacks in Q1 2021

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index

Security Affairs newsletter Round 252

Stay Connected