SecureList

MARCH 13, 2025

This confirms the trend of hacktivists exploiting trusted relationships (T1199 Trusted Relationship and T1078 Valid Accounts). They use these accounts to connect to the server via RDP to transfer and execute tools interactively. In one incident, they exploited the Microsoft Exchange server vulnerability CVE-2021-26855 (ProxyLogon).

Energy and Utilities

Digital Shadows

DECEMBER 5, 2024

Figure 1: BreachForums post advertises data from US retailer recently acquired by another retailer Exploring the Patterns in M&A Incidents Manufacturing Most at Risk Our analysis of customer data from 2024 found the manufacturing sector faced the most M&A-related issues, accounting for 42% of customer M&A incidents.

Cybersecurity

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Cloud services alerts increased by 20% due to rising cloud account usage, while malicious file alerts in phishing attacks remain high, exploiting users’ tendencies to open files.

Cyber Attacks

Security Boulevard

MARCH 20, 2025

The surge was fueled by ChatGPT, Microsoft Copilot, Grammarly, and other generative AI tools, which accounted for the majority of AI-related traffic from known applications. Traditional security models rooted in firewalls and VPNs cannot keep up with the speed and sophistication of AI-powered threats.

Social Engineering

SecureWorld News

MARCH 5, 2025

That headache is real, of course, but accountants and lawyers will step up to sort it out," said Mike Wilkes , Former CISO, MLS; Adjunct Professor, NYU. While many cybersecurity companies operate on a SaaS model, a significant number still rely on on-premises hardware like firewalls, switches, routers, and SD-WAN devices.

Cyber Risk

Adam Levin

MARCH 23, 2020

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Your password should be include letters, numbers and special characters in a combination you haven’t used on other accounts. Update Account Passwords: Don’t reuse passwords from other accounts.

Manufacturing

Adam Levin

MARCH 19, 2020

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Use a Strong and Unique Password: Discourage employees from reusing passwords that are linked to other accounts.

Wireless

Krebs on Security

APRIL 26, 2019

iLnkP2P is designed to allow users of these devices to quickly and easily access them remotely from anywhere in the world, without having to tinker with one’s firewall: Users simply download a mobile app, scan a barcode or enter the six-digit ID stamped onto the bottom of the device, and the P2P software handles the rest.

IoT

Krebs on Security

MARCH 2, 2020

“It is possible that an infected computer is beaconing, but is unable to egress to the command and control due to outbound firewall restrictions.” ” There are also two different Skype accounts registered to the ing.equipepro.com email address, one for Yassine Majidi and another for Yassine Algangaf.

DNS

Adam Levin

MARCH 17, 2020

Change these default settings to something difficult for others to guess, and don’t re-use passwords from other accounts. Check to see if there are any updates or patches: If a manufacturer has discovered a vulnerability in their product, they’ll often release a software patch.

IoT

Cisco Security

FEBRUARY 6, 2023

The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 Securing devices can be cumbersome, requiring complex manufacturing partnerships and increasing unit prices, thereby reducing adoption. Additionally, Secure Firewall can be deployed in a containerized form, on-premises and in clouds.

IoT

Troy Hunt

NOVEMBER 25, 2020

There's no consistency across manufacturers or devices either in terms of defaulting to auto-updates or even where to find updates. But rightly or wrongly, the risk you take when using devices in a fashion they weren't designed for is that the manufacturer may break that functionality at some time. So, what's the right approach?

IoT

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Hacker Combat

JUNE 2, 2022

The factory specializes in manufacturing, consumer electronics, medical devices, and industrial operations. Based in Tijuana, Mexico, near the California border, the facility is an electronics manufacturing giant employing 5,000 people. Configure firewalls to prevent rogue IP addresses from gaining access. using the LockBit 2.0

Ransomware

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. PortStarter A back door script written in Go that provides functionality for modifying firewall settings and opening ports to pre-configured command and control (C2) servers.[

Ransomware

Security Affairs

MAY 25, 2021

The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration. Changed access keys for all service accounts.

Ransomware

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. The operation reversibly modified the routers’ firewall rules to block remote management access to the devices.

Energy and Utilities

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. He also determined that more than 20,000 individuals have active Nexx accounts. Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1749 , CVSS3.0:

Manufacturing

Cisco Security

MARCH 23, 2021

For example, those in the financial services industry may see more activity around information stealers; others in manufacturing may be more likely to encounter ransomware. These two categories alone accounted for 70 percent of the traffic for organizations in this sector. Manufacturing. percent lower in overall DNS traffic.

DNS

Security Affairs

NOVEMBER 19, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. Disable system recovery, backup and shadow copies and the Windows firewall. and Brazil. VMware researchers first noticed that Phobos ransomware uses the “.8base”

Ransomware

Security Affairs

OCTOBER 10, 2018

Security experts from security firm SEC Consult have identified over 100 companies that buy and re-brand video surveillance equipment (surveillance cameras, digital video recorders (DVRs), and network video recorders (NVRs)) manufactured by the Chinese firm Hangzhou Xiongmai Technology Co., Xiongmai hereinafter) that are open to hack.

Surveillance

Security Affairs

AUGUST 21, 2022

GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer. The ATM machines manufactured by the company are remotely controlled by a Crypto Application Server (CAS), which manages the operation of the devices. The attackers exploited the issue to create an admin user account via the CAS admin panel.

Manufacturing

SiteLock

OCTOBER 21, 2021

Moreover, even some representatives of companies manufacturing products positioned as NGFW commit this fault. "We Let us start with the abbreviations that define the categories of information security products: WAF stands for Web Application Firewall , NGFW stands for Next Generation Firewall. or "Why do we need WAF?"

Firewall

Security Affairs

AUGUST 27, 2020

Our selection was based on: Device location (to cover the entire globe) Device manufacturer Protocols used to access the printers. Taking this percentage into account, we can presume that out of 800,000 internet-connected printers across the world, at least 447,000 are unsecured. Use a firewall. The results.

Hacking

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Accountability

Security Affairs

MAY 16, 2023

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems. The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

Hacking

Malwarebytes

OCTOBER 19, 2021

A recent high-profile victim of BlackMatter was Japan-headquartered manufacturer Olympus which, among others, produces medical equipment. Passwords shouldn’t be reused across multiple accounts or stored on a system where an adversary may gain access. Implement time-based access for accounts set at the admin-level and higher.

Ransomware

Security Affairs

MAY 6, 2019

The application is used by organizations worldwide, including electric utilities and large manufacturers. “Two backdoor accounts with hardcoded credentials exist, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.”

Software

Digital Shadows

OCTOBER 23, 2024

Key Points In October 2024, ReliaQuest responded to an intrusion affecting a manufacturing sector customer. The attacker gained initial access to two employee accounts by carrying out social engineering attacks on the organization’s help desk twice. We identified “Scattered Spider” to be behind the incident.

Social Engineering

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Malwarebytes

AUGUST 16, 2022

The CSA mentions RDP exploitation , SonicWall firewall exploits, and phishing campaigns. Require all accounts with password logins to meet the required standards for developing and managing password policies. Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.

Ransomware

eSecurity Planet

FEBRUARY 23, 2022

Industries with very expensive operational technology (OT) and Internet of Things (IoT) devices, such as healthcare or industrial manufacturing, can be especially vulnerable. Here are a few examples of network segmentation in use: finance computers could be restricted to a user group defined as accounting employees.

Risk

Security Affairs

AUGUST 13, 2022

The ransomware was involved in attacks aimed at technology and healthcare, defense contractors, educational institutions, manufacturers, companies across Europe, the United States, and Canada. Zeppelin actors request ransom payments in Bitcoin, they range from several thousand dollars to over a million dollars.

Ransomware

Security Affairs

MAY 27, 2023

New Buhti ransomware operation uses rebranded LockBit and Babuk payloads New PowerExchange Backdoor linked to an Iranian APT group Dark Frost Botnet targets the gaming sector with powerful DDoS New CosmicEnergy ICS malware threatens energy grid assets D-Link fixes two critical flaws in D-View 8 network management suite Zyxel firewall and VPN devices (..)

Cybercrime

Security Affairs

NOVEMBER 1, 2018

The affected chips are also used in access points and other networking devices manufactured by Cisco and Aruba Networks. “The chips are embedded in, among other devices, certain access points that deliver Wi-Fi to enterprise networks manufactured by Cisco, Meraki and Aruba. .” ” reads the post published by Armis.

Firmware

eSecurity Planet

NOVEMBER 19, 2021

Broadcom also offers a location hub microcontroller and System-on-a-Chip (SoC) systems for embedded IoT security for organizations handling product manufacturing. In addition to Cyber Vision, the Cisco IoT Threat Defense also includes firewalls , identity service engines (ISE), secure endpoints, and SOAR.

IoT

Digital Shadows

JANUARY 14, 2025

To gain access to internal networks, Akira targeted local accounts with disabled multifactor authentication (MFA) and SonicOS firmware versions vulnerable to exploitation, often exposed to the internet for virtual private network (VPN) access. In addition, aligning PowerShell policies with user roles further minimizes abuse.

Ransomware