Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Hacking 114

Hacking Firmware Internet Internet 114

Security Affairs

SEPTEMBER 22, 2021

A critical issue, tracked as CVE-2021-36260, affects more than 70 Hikvision device models and can allow attackers to take over them. A critical vulnerability, tracked as CVE-2021-36260, affects more than 70 Hikvision camera and NVR models and can allow attackers to take over the devices. ” wrote the expert. Pierluigi Paganini.

Hacking 111

Hacking Firmware IoT Internet 111

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. The number of internet-facing cameras in the world is growing exponentially. Original post at [link].

Surveillance 127

Surveillance Manufacturing Passwords Internet 127

Security Affairs

AUGUST 2, 2021

An attacker could also push an insecure firmware upgrade to fully compromise the devices. The CVE-2021-37160 has yet to be addressed. Swisslog has released Nexus Control Panel version 7.2.5.7 that addresses most of the above vulnerabilities.

Healthcare 107

Healthcare Firmware Manufacturing Ransomware 107

Security Affairs

JANUARY 25, 2022

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038 , in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December.

Mobile 87

Mobile Passwords Firmware Firewall 87

Security Affairs

NOVEMBER 10, 2022

The industrial automation giant ABB addressed the flaw with the release of firmware updates on July 14, 2022. “We chose the simplest approach, reading /etc/shadow and using hashcat cracking the root account password (which turned out to be root:root). ” reads an advisory published by Claroty. Pierluigi Paganini.

Firmware 129

Firmware Authentication Passwords Manufacturing 129

Security Affairs

MAY 25, 2021

The flaws addressed by the security firm were reported by experts from Cisco Talos. “ TALOS-2021-1230 (CVE-2021-32457) and TALOS-2021-1231 (CVE-2021-32458) are elevation of privilege vulnerabilities that could allow an attacker to obtain elevate permissions on the targeted device.

Network Security 117

Network Security Authentication Firmware Passwords 117

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. Implement network segmentation.

Ransomware 96

Ransomware Passwords Backups Firmware 96

Security Affairs

DECEMBER 22, 2022

The Go-based botnet spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323.

IoT 115

IoT DDOS Malware Firmware 115

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Ransomware 97

Ransomware DDOS Passwords Backups 97

Security Affairs

AUGUST 10, 2021

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. To achieve this, attackers are also leveraging CVE-2021-28799 to deliver the new eCh0raix ransomware variant to QNAP devices.” ” reads the report published by Palo Alto Researchers.

Ransomware 127

Ransomware Encryption Firmware Passwords 127

Security Affairs

JULY 16, 2022

Critical flaw in Netwrix Auditor application allows arbitrary code execution CISA urges to fix multiple critical flaws in Juniper Networks products Threat actors exploit a flaw in Digium Phone Software to target VoIP servers Tainted password-cracking software for industrial systems used to spread P2P Sality bot Experts warn of attacks on sites using (..)

Firmware 95

Firmware Ransomware DDOS Cryptocurrency 95

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Upgrade to the latest firmware version.

Energy and Utilities 96

Energy and Utilities Government Firewall Malware 96

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware 118

Ransomware Backups Media Malware 118

Security Affairs

JANUARY 16, 2022

The threat actors behind the attacks were exploiting an improper authorization vulnerability, tracked as CVE-2021-28799 , that could allow them to log in to a NAS device. “A A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. reads the security advisory published by the vendor.

Ransomware 112

Ransomware Encryption Backups Firmware 112

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches 87

Data breaches Cybercrime Ransomware Passwords 87

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account.

Accountability 91

Accountability Passwords Authentication Firmware 91

Malwarebytes

MARCH 17, 2021

link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for different accounts and implement the shortest acceptable timeframe for password changes.

Education 107

Education Ransomware Phishing Passwords 107

Security Affairs

NOVEMBER 20, 2021

The post Security Affairs newsletter Round 341 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Banking 66

Banking Small Business Data breaches Firmware 66

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware 88

Ransomware Accountability Firmware Antivirus 88

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” Frustratingly, Lumen was not able to determine how the SOHO devices were being infected with AVrecon.

Malware 203

Malware VPN Internet Internet 203

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Passwords 65

Passwords Government Firmware Accountability 65

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Install updates/patch operating systems, software, and firmware as soon as they are released.

Healthcare 108

Healthcare Ransomware Encryption Passwords 108

SecureWorld News

JUNE 13, 2023

Two-step phishing attacks involve threat actors using compromised vendors to target potential victims by creating convincing emails that resemble legitimate vendor communications, often related to DocuSign, orders, invoices, or tracking information.

Cyber threats 75

Cyber threats Malware Phishing Penetration Testing 75

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. Cyber Security Roundup for May 2021.

Ransomware 105

Ransomware Passwords Scams Cyber Attacks 105

Security Affairs

DECEMBER 27, 2021

The researchers performed reverse engineering of the firmware image for the COMpact 5500, version 7.8A The researchers used Ghidra for their analysis, it is the open-source reverse engineering tool developed by the US National Security Agency (NSA). . “Equipped with this password we then could authenticate successfully.

Firmware 92

Firmware Manufacturing Passwords Penetration Testing 92

McAfee

AUGUST 24, 2021

Though this partnership, our research led us to discover five previously unreported vulnerabilities in the medical system which include: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7). CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). Braun on January 11, 2021.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

ForAllSecure

MAY 13, 2022

In February 2021. And so, what I didn't want to do is is make it that I'm just completely rogue, and I dumped the firmware and I posted on for everybody to see and you do these things that you're not that legally, you know, as kind of a society we say we don't want to do, but we still need to look at these things.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021. Npower App Hack.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145