Malwarebytes

JUNE 3, 2022

Although LockBit remained the most widely-deployed ransomware in May 2022, it was, typically, Conti that sucked all of the air out of the room. Not long after, a hacking group began using the leaked source code to attack targets inside Russia , violating one of ransomware’s unspoken rules. Ransomware attacks in May 2022.

Ransomware 102

Ransomware Accountability Technology Firmware 102

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. SecurityAffairs – hacking, DrayTek Vigor).

Hacking 96

Hacking Internet Internet Passwords 96

Security Affairs

SEPTEMBER 19, 2022

Researchers discovered two critical vulnerabilities (CVE–2022–36158 and CVE–2022–36159) in Flexlan devices that provide WiFi on airplanes. “It is found that our wireless products, FLEXLAN FX3000/2000 series, have a firmware vulnerability. “[CVE-2022-36158] – Hidden system command web page.

Wireless 86

Wireless Firmware Passwords Engineering 86

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The server is used to provide configurations and firmware updates to the devices. In this scenario, an attacker can act as a rogue server and distribute malicious firmware.

Firmware 84

Firmware Authentication Passwords Hacking 84

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. SecurityAffairs – hacking, ABB Totalflow).

Firmware 125

Firmware Authentication Passwords Manufacturing 125

Security Affairs

SEPTEMBER 19, 2022

The FunJSQ module is used in various Netgear routers and Orbi WiFi systems, the issues affecting it were discovered in May 2022 and are now fixed. “Back in May 2022, we discovered FunJSQ , a third-party gaming speed-improvement service by China-based Xiamen Xunwang Network Technology Co., SecurityAffairs – hacking, NETGEAR).

Firmware 95

Firmware Passwords Technology Hacking 95

SecureList

NOVEMBER 18, 2022

IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. IT threat evolution in Q3 2022. In July, we reported a rootkit that we found in modified Unified Extensible Firmware Interface (UEFI) firmware, the code that loads and initiates the boot process when the computer is turned on. Non-mobile statistics.

Malware 104

Malware Computers and Electronics Adware Cryptocurrency 104

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. Unlike the D-Link analysis, the researchers has no physical access to the device and attempted to retrieve the password from the config. 13 Sep 2022: Details sent to ZyXEL. Pierluigi Paganini.

Firmware 52

Firmware Passwords Hacking Cybersecurity 52

Security Affairs

DECEMBER 22, 2022

The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT 112

IoT DDOS Malware Firmware 112

SecureList

JUNE 8, 2022

Routers are forever being hacked and infected, and used to infiltrate local networks. Number of router vulnerabilities according to cve.mitre.org, 2010–2022 ( download ). Number of router vulnerabilities according to nvd.nist.gov, 2010–2022 ( download ). search results for “default password” in June 2021.

DDOS 94

DDOS Passwords IoT Firmware 94

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 84

Authentication Firmware Hacking Passwords 84

Security Affairs

MARCH 22, 2023

The experts discovered four vulnerabilities in the Netgear Orbi mesh wireless system, the most critical one is a critical remote code vulnerability, tracked as CVE-2022-37337 (CVSS v3.1: Netgear addressed the flaws with the release of the firmware version 4.6.14.3 ” states Talos. on January 19, 2023.

Wireless 85

Wireless Firmware Authentication Passwords 85

Krebs on Security

AUGUST 12, 2022

It had the username and password for the system printed on the machine. That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software. A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019.

Firmware 209

Firmware Manufacturing Passwords Software 209

Malwarebytes

MARCH 3, 2022

In the case of the Nvidia breach, LAPSUS$ claimed it was mainly after the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware—apparently all to help out gamers and the mining community. ” (Friday in this demand is March 4, 2022). Hacked back? YOU HAVE UNTIL FRIDAY, YOU DECIDE!”

Ransomware 88

Ransomware Password Management Passwords Hacking 88

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches 83

Data breaches Cybercrime Ransomware Passwords 83

Security Affairs

AUGUST 9, 2023

Google researcher Daniel Moghimi devised a new side-channel attack technique Intel CPU, named Downfall, that relies on a flaw tracked as CVE-2022-40982. Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

Firmware 62

Firmware Encryption Software Banking 62

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. Upgrade to the latest firmware version.

Energy and Utilities 90

Energy and Utilities Government Firewall Malware 90

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Usually, these users have no idea their systems are compromised. “Probably, they wanted to keep that revenue stream going.”

Malware 211

Malware VPN Internet Internet 211

SecureList

NOVEMBER 14, 2022

But first, let’s examine how they fared with the predictions for 2022. What we predicted in 2022. Although 2022 did not feature any mobile intrusion story on the scale of the Pegasus scandal, a number of 0-days have still been exploited in the wild by threat actors. Mobile devices exposed to wide attacks. Source: Meta.

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

Security Affairs

JANUARY 25, 2022

This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, Also some password spraying of default passwords from the past few days Remember to update AND change default passwords pic.twitter.com/WyDIXVKb4m — Rich Warren (@buffaloverflow) January 24, 2022. 37sv, 10.2.1.1-19sv,

Mobile 83

Mobile Passwords Firmware Firewall 83

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Regularly back up data, air gap, and password-protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Disable hyperlinks in received emails.

Ransomware 98

Ransomware Antivirus Passwords Malware 98

Kali Linux

AUGUST 1, 2022

When you format any LUKS partitions, you will be prompted for a password, and while normally you will use a strong password, because we are only using this as a hack to include cryptsetup into our initramfs, the password you create at this prompt will not be needed or used past these steps, so you can set it to something short/quick to type.

Encryption 52

Encryption Passwords Backups Firmware 52

Security Boulevard

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. SecurityAffairs – hacking, ABB Totalflow).

Firmware 98

Firmware Authentication Passwords Manufacturing 98

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords 107

Passwords Architecture Backups Cyber Attacks 107

Security Affairs

MAY 14, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog. We are in the final !

Data breaches 84

Data breaches DDOS Artificial Intelligence Ransomware 84

SecureList

JULY 19, 2023

Perform offline cracking to extract the password. However, a later sample appeared (in a different format – TNEF attachment in.eml – that was not detected by the first version of the YARA rule used by VirusTotal) with a “FirstSeen VT” timestamp of 2022-04-01 and a received timestamp in the mail header of 2022-03-18.

Firmware 88

Firmware Internet Internet Government 88

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Attack vectors There are two main IoT infection routes: brute-forcing weak passwords and exploiting vulnerabilities in network services. per day, or $1350 per month.

IoT 91

IoT DDOS Passwords Malware 91

Security Affairs

JANUARY 16, 2022

Once the ransomware has infected a device, it moves all the files on the NAS into password-protected 7z archives and demands the payment of a $550 ransom. “It seems like a new version of the QLocker ransomware appeared on 06/1/2022. Up to date apps and firmware seem not to help either.” Pierluigi Paganini.

Ransomware 106

Ransomware Encryption Backups Firmware 106

ForAllSecure

APRIL 26, 2022

Like any other criminal hack. It’s about challenging our expectations about the people who hack for a living. A village is like a mini conference within a larger conference and it is not just at DEF CON, ICS village is also at RSAC, Hack the Capital, AvergerCon, BSides, and many more.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. “The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [ T1098 ] for ESXi servers in the environment. SecurityAffairs – hacking, Daixin Team).

Ransomware 65

Ransomware VPN Cybercrime Accountability 65

SecureWorld News

AUGUST 8, 2022

FormBook FormBook is an information stealer advertised in hacking forums. NanoCore NanoCore is used for stealing victims' information, including passwords and emails. Based on information from trusted third parties, TrickBot's infrastructure is still active in July 2022. Mitigations for top malware strains. Enforce MFA.

Malware 82

Malware Banking Healthcare Penetration Testing 82

Security Boulevard

JUNE 1, 2021

report claimed millions of UK people could be at risk of being hacked due to using outdated home routers. Use of weak passwords was a common theme with the investigation, which concluded: weak default passwords cyber-criminals could hack were found on most of the routers. SolarWinds Hack: Russian Denial 'unconvincing’.

Ransomware 105

Ransomware Passwords Scams Cyber Attacks 105

SecureWorld News

JUNE 13, 2023

It's estimated LockBit had nearly 1,100 victims in 2022 alone. BlackLotus is a stealthy Unified Extensible Firmware Interface (UEFI) bootkit, a type of malware that can circumvent Secure Boot defenses. Clasiopa is a sophisticated threat actor that utilizes a distinct toolset that includes custom-developed malware and hacking tools.

Cyber threats 68

Cyber threats Malware Phishing Penetration Testing 68

Security Affairs

MAY 19, 2023

The researchers first uncovered the operation of the Lemon Group in February 2022. ” The Guerrilla malware has a modular structure, each plugin was designed to support a specific feature, including: SMS Plugin : Intercepts one-time passwords sent via SMS. It targets various platforms, including WhatsApp, JingDong, and Facebook.

Mobile 82

Mobile Advertising Malware Cybercrime 82

Security Boulevard

MAY 30, 2022

Mon, 05/30/2022 - 12:04. Many legacy IoT devices have poor security settings, and some healthcare departments let these vulnerabilities slip by not segmenting network access or not changing default passwords, which are common among many IoT devices, and are very easy to find. Change all default passwords. brooke.crothers.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

eSecurity Planet

MARCH 23, 2022

Advanced persistent threats come from skilled attackers possessing advanced hacking tools, sophisticated techniques, and possibly large teams. Threat groups have been tolerated in Russia, for example, in exchange for assurances that their hacking activity will be conducted in other countries. Use strong passwords. What Are APTs?

Firewall 107

Firewall Malware Phishing Software 107

Kali Linux

MAY 15, 2022

Hacking as shown in popular media, has ranged from really fun to completely absurd, so we saw the opportunity to do a tribute to some of our favourite instances (and get a little nostalgic). 1kali1 (2022-04-01) ┌──(kali㉿kali)-[~] └─$ uname -r 5.16.0-kali7-amd64 Quarter #2 - Kali Linux 2022.2. " VERSION_ID="2022.2"

Wireless 52

Wireless Firmware Architecture Media 52