Cybercrime and Firmware - Cyber Security Informer

Conti ransomware targeted Intel firmware for stealthy attacks

Bleeping Computer

JUNE 2, 2022

Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [.].

Firmware

Firmware Ransomware Cybercrime Hacking

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Security Affairs

DECEMBER 30, 2021

iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out ( iLO ) server management technology to tamper with the firmware modules and wipe data off the infected systems. This malware has been used by hackers for some time and we have been monitoring its performance.

Firmware

Firmware Malware System Administration Technology

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit

Dark Reading

JULY 25, 2022

The firmware threat offers ultimate stealth and persistence -- and may be distributed via tainted firmware components in a supply-chain play, researchers theorize.

Firmware

Firmware Cybercrime

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.” Patch 0 through ZLD V4.35 Patch 0 through ZLD V4.35

Firewall

Firewall Firmware VPN IoT

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”. The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. reads the alert published by the company.

Ransomware

Ransomware Firmware Mobile InfoSec

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs. The two vulnerabilities, tracked as CVE-2018-9099 and CVE-2018-9100 , resides in the firmware of the CMD-V5 dispenser and RM3/CRS dispenser respectively.

Hacking

Hacking Firmware Encryption Manufacturing

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One FBI warns of dual ransomware attacks Progress Software fixed two critical severity flaws in WS_FTP Server Child abuse site taken down, organized child exploitation crime suspected – exclusive A still unpatched zero-day RCE impacts more than 3.5M

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. The attackers’ research vector is now shifting from software vulnerabilities to those located at the hardware and firmware level. Pierluigi Paganini.

Cybercrime

Cybercrime Hacking Banking Phishing

DeadBolt ransomware gang tricked into giving victims free decryption keys

Malwarebytes

OCTOBER 19, 2022

As a countermeasure, QNAP pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers' DeadBolt ransomware, which annoyed part of its userbase. It is important to file a complaint if you are a victim of a cybercrime. Each of them received instructions to pay 0.05

Ransomware

Ransomware Firmware VPN Cybercrime

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center New NKAbuse malware abuses NKN decentralized P2P network protocol Snatch ransomware gang claims the hack of the food giant Kraft Heinz Multiple flaws in pfSense firewall can lead to arbitrary code execution BianLian, White Rabbit, and Mario Ransomware Gangs Spotted (..)

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2020-9054 Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m

IoT

IoT Firmware Malware Wireless

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. WHO’S BEHIND SOCKSESCORT? com, super-socks[.]com,

Malware

Malware VPN Internet Internet

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

Five Cybersecurity Trends that Will Affect Organizations in 2023

CyberSecurity Insiders

DECEMBER 6, 2022

Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. To combat cybercrime, organizations keep investing into IT security.

Cybersecurity

Cybersecurity Cybercrime Social Engineering Firmware

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

The vulnerability impacts devices running firmware versions 7.3.15.0 Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019. Additionally, the P660HN-T1A running the latest generic firmware, version 3.40(BYF.11), 0)b31 or older.

Firmware

Firmware Hacking Cybercrime Information Security

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybercrime Ransomware Passwords

Suspected LAPSUS$ group member arrested in Brazil

Malwarebytes

OCTOBER 20, 2022

LAPSUS$ is a relative newcomer to the cybercrime scene that first appeared in the summer of 2021. In the case of the Nvidia breach, LAPSUS$ claimed it was mainly after the removal of the lite hast rate (LHR) limitations in all GeForce 30 series firmware—apparently all to help out gamers and the mining community. Organized crime.

Cybercrime

Cybercrime Firmware Encryption Internet

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification.

Malware

Malware Wireless Firmware Mobile

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

“The largest share belongs to the version of firmware previous to the current stable one.” . “The spectrum of RouterOS versions we see across this botnet varies from years old to recent,” the company wrote. ” Qrator’s breakdown of Meris-infected MikroTik devices by operating system version.

IoT

IoT DDOS Internet Internet

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

. “The actor has so far primarily deployed Cyclops Blink to WatchGuard devices, but it is likely that Sandworm would be capable of compiling the malware for other architectures and firmware.” The malware leverages the firmware update process to achieve persistence.

Malware

Malware Firmware Architecture Firewall

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security Affairs

SEPTEMBER 2, 2021

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” ” reads the post published by the researchers. ” continue the researchers.

Firmware

Firmware Manufacturing IoT Technology

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” After QNAP forced the firmware security update, the number of infections dropped to less than 300 in March. It was looking like this problem was behind us.”

Ransomware

Ransomware Firmware Internet Internet

‘Updates for Samsung’, the scam app with 10M+ downloads

Security Affairs

JULY 5, 2019

Experts discovered a malicious app on Google Play, named Updates for Samsung , that was downloaded by over ten million users that poses as firmware updates. Over ten million users have installed a fake Samsung app named “ Updates for Samsung ” that poses as firmware updates. com via HTTPS. ” concludes the expert.

Scams

Scams Firmware Advertising Software

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos experts investigated an infection of DirectLogic PLCs from Automation Direct, they performed reverse engineering of the password cracking tool and discovered it did not crack the password at all, rather, it exploited a vulnerability in the firmware to retrieve the password on command. ” reads the advisory published by Dragos.

Passwords

Passwords Software Firmware Malware

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. Healthcare and Public Health sector with ransomware.

Ransomware

Ransomware VPN Cybercrime Accountability

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. Realtek published a security advisory on August 15 to warn customers about security updates to address vulnerabilities in its software developers kits (SDK) which is used by at least 65 separate vendors. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices.

Mobile

Mobile Advertising Malware Cybercrime

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. While OS updates are now commonly practiced, router firmware updates remain an overlooked aspect. Opt for strong, hard-to-crack passwords.

Firmware

Firmware IoT Accountability Passwords

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

In order to protect Dahua devices, users have to install the latest firmware version. It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication

Authentication Firmware Hacking Engineering

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit since early December. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. hard drive, storage device, the cloud). Use multifactor authentication where possible.

Ransomware

Ransomware Antivirus Passwords Malware

Security Affairs newsletter Round 341

Security Affairs

NOVEMBER 20, 2021

If you want to also receive for free the newsletter with the international press subscribe here.

Banking

Banking Small Business Data breaches Firmware

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

The Last Watchdog

APRIL 28, 2020

That, of course, presents the perfect environment for cybercrime that pivots off social engineering. What people will eventually come to realize, the sooner the better, is that we will need to flatten the X factor represented by cybercrime. Sadly, coronavirus phishing and ransomware hacks already are in high gear. Always remember.

Social Engineering

Social Engineering Cyber Attacks Scams Engineering

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

MSI is urging users to obtain firmware/BIOS updates only from its official website fearing that threat actors could circulate malware-laced versions of the company’s BIOS. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

DeadBolt Ransomware Decryption Key Released

SecureWorld News

FEBRUARY 2, 2022

Thankfully, Emsisoft CTO Fabian Wosar came to the rescue and shared this tweet: QNAP users who got hit by DeadBolt and paid the ransom are now struggling to decrypt their data because a forced firmware update issued by @QNAP_nas removed the payload that is required for decryption. If you are affected, please use our tool instead.

Ransomware

Ransomware Firmware Encryption Internet

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Security Affairs

MARCH 21, 2021

According to BleepingComputer , Kottmann has performed reverse engineering of the firmware used by Verkada and discovered hardcoded credentials for a super admin account. SecurityAffairs – hacking, cybercrime). ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Identity Theft

Identity Theft Computers and Electronics Surveillance Hacking

Report Reveals Top Cyber Threats, Trends of 2023 First Half

SecureWorld News

JUNE 13, 2023

Cybercrime has become the world's third-largest economy, estimated to generate $8 trillion by the end of 2023—equivalent to about $25,000 per person in the United States. BlackLotus is a stealthy Unified Extensible Firmware Interface (UEFI) bootkit, a type of malware that can circumvent Secure Boot defenses.

Cyber threats

Cyber threats Malware Phishing Penetration Testing

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Implement network segmentation, such that all machines on your network are not accessible from every other machine. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware Firmware Antivirus Accountability

Conti ransomware targeted Intel firmware for stealthy attacks

Android devices shipped with backdoored firmware as part of the BADBOX network

Webinars

Trending Sources

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

Webinars

Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit

Zyxel 0day Affects its Firewall Products, Too

HelloKitty ransomware gang targets vulnerable SonicWall devices

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

DeadBolt ransomware gang tricked into giving victims free decryption keys

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

BotenaGo botnet targets millions of IoT devices using 33 exploits

Who and What is Behind the Malware Proxy Service SocksEscort?

Widespread exploitation by botnet operators of Zyxel firewall flaw

Five Cybersecurity Trends that Will Affect Organizations in 2023

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Suspected LAPSUS$ group member arrested in Brazil

Experts show how to run malware on chips of a turned-off iPhone

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

MoonBounce: the dark side of UEFI firmware

US and UK link new Cyclops Blink malware to Russian state hackers?

Interview With a Crypto Scam Investment Spammer

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

‘Updates for Samsung’, the scam app with 10M+ downloads

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Daixin Team targets health organizations with ransomware, US agencies warn

Realtek SDK flaws exploited to deliver Mirai bot variant

Beastmode Mirai botnet now includes exploits for Totolink routers

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

PoC exploit for 2 flaws in Dahua cameras leaked online

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs newsletter Round 341

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

MY TAKE: Why COVID-19 ‘digital distancing’ is every bit as vital as ‘social distancing’

MSI confirms security breach after Money Message ransomware attack

DeadBolt Ransomware Decryption Key Released

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft

Report Reveals Top Cyber Threats, Trends of 2023 First Half

Ranzy Locker ransomware hit tens of US companies in 2021

Stay Connected