Advertising, Firmware, Information Security and Passwords

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. Pierluigi Paganini.

Passwords

Passwords Software Firmware Malware

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Milisic discovered pre-loaded malware into its firmware. Milisic purchased the T95 Android TV box to run Pi-hole , which is a Linux network-level advertisement and Internet tracker blocking application. The malicious code embedded in the firmware of the device acts like the Android CopyCat malware. ” continues the expert.

Malware

Malware DNS Firmware Internet

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. There are 7,584 apps with secret access keys, 501 apps that embed master passwords, and 6,013 apps with secret commands. Moreover, these security risks hold generally across all of our data sources.

Mobile

Mobile Passwords Advertising Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware DDOS Passwords Backups

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

WAGO Industrial Switches affected by multiple flaws

Security Affairs

JUNE 13, 2019

The company has already fixed the issues with the release of firmware versions 1.2.2.S0, “The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. ” reads the security advisory. ” reads the security advisory.

Firmware

Firmware Passwords Advertising IoT

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” Frustratingly, Lumen was not able to determine how the SOHO devices were being infected with AVrecon.

Malware

Malware VPN Internet Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The experts observed that once a device has been infected, the malicious code can prevent the installation of firmware updates.

Malware

Malware Firmware Advertising Manufacturing

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Security Affairs

JUNE 14, 2019

The security advisory published by the company states that the issue impacts YubiKey series devices running versions 4.4.2 of the firmware. The weakness impacts PIV smart card applications, Universal 2nd Factor (U2F) authentication, OATH one-time passwords, and OpenPGP. there is no released firmware version 4.4.3)

Firmware

Firmware Advertising Authentication Passwords

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

“A use of hard-coded cryptographic key vulnerability in FortiSIEM may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user “tunneluser” by leveraging knowledge of the private key from another installation or a firmware image.” reads the advisory. Pierluigi Paganini.

Advertising

Advertising Firmware Authentication Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Regularly back up data, air gap, and password-protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Antivirus Passwords Malware

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices.

Architecture

Architecture DDOS Advertising DNS

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking

Hacking Firmware Media Authentication

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

“One of the screenshots seems to consist of LG Electronics official firmware or software update releases that assist their hardware products to work more efficiently.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

Infected devices were used for multiple malicious activities, including traffic redirections through mobile proxies, info-stealing, click fraud, and social media and online messaging accounts and monetization via advertisements. It will launch intrusive advertisements when victims are using legitimate applications.

Mobile

Mobile Advertising Malware Cybercrime

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

A router CSRF attack could be launched by tricking victims into visiting a compromised website with malicious advertising ( malvertising ) typically served through third-party ad networks to the site. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. concludes Avast.

DNS

DNS Passwords Advertising Banking

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . The telnetd service is being deactivated and old and weak passwords are as well being removed or changed. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. Poor credentials. What does this mean? Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Unlike some other underground cybercriminal gangs, Wizard Spider doesn’t openly advertise on underground forums, perhaps for security reasons. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts. Implement network segmentation.

Healthcare

Healthcare Ransomware Encryption Passwords

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

“The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.” The attacker could then download the database and disclose login information, then use it to gain full access to the system. ” concludes the CISA advisory.

Backups

Backups Authentication Advertising Firmware

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. The CoP includes the following recommendations for manufacturers: No default passwords.

IoT

IoT Firmware Mobile Manufacturing

What is Incident Response? Ultimate Guide + Templates

eSecurity Planet

JULY 25, 2023

Phishing attacks: Deceptive techniques, such as fraudulent emails or websites, trick individuals into revealing sensitive information like credit card and payment information, passwords, or login credentials. Assessing impact: Techniques for assessing an incident’s immediate impact on systems, data, and operations.

Software

Software Data breaches DDOS Ransomware

Cyber Security Roundup for June 2021

Security Boulevard

JUNE 1, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, May 2021. The UK National Cyber Security Centre (NCSC) published its Smart Cities (connected places) guidance for UK local authorities. UK Smarties Cities Cybersecurity Warning.

Ransomware

Ransomware Passwords Scams Cyber Attacks

The Hacker Mind Podcast: Reverse Engineering Smart Meters

ForAllSecure

MAY 13, 2022

And so, what I didn't want to do is is make it that I'm just completely rogue, and I dumped the firmware and I posted on for everybody to see and you do these things that you're not that legally, you know, as kind of a society we say we don't want to do, but we still need to look at these things. But so I've looked at those.

Engineering

Engineering Energy and Utilities Computers and Electronics Firmware

Cyber Security Informer

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

TP-Link Archer routers allow remote takeover without passwords

Trending Sources

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

3.5m IP cameras exposed, with US in the lead

T95 Android TV Box sold on Amazon hides sophisticated malware

Experts uncovered hidden behavior in thousands of Android Apps

Avoslocker ransomware gang targets US critical infrastructure

Expert found multiple critical issues in MoFi routers

WAGO Industrial Switches affected by multiple flaws

Who and What is Behind the Malware Proxy Service SocksEscort?

QSnatch malware infected over 62,000 QNAP NAS Devices

Yubico is replacing for free YubiKey FIPS devices due to security weakness

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

BlackCat Ransomware gang breached over 60 orgs worldwide

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

USBAnywhere BMC flaws expose Supermicro servers to hack

Mozi Botnet is responsible for most of the IoT Traffic

Maze ransomware operators claim to have breached LG Electronics

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

For nearly a year, Brazilian users have been targeted with router attacks

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

CISA warns of critical flaws in Prima FlexAir access control system

IoT Secure Development Guide

What is Incident Response? Ultimate Guide + Templates

Cyber Security Roundup for June 2021

The Hacker Mind Podcast: Reverse Engineering Smart Meters

Stay Connected