Encryption, Firmware, Information Security and Malware

Firmware attacks, a grey area in cybersecurity of organizations

Security Affairs

APRIL 5, 2021

A new report published by Microsoft revealed that 80% of global enterprises were victims of a firmware-focused cyberattack. The study pointed out that only 29% of the targeted organizations have allocated budgets to protect firmware. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.”

Firmware

Firmware Cybersecurity Encryption Financial Services

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

While the AgeLocker ransomware continues to target QNAP NAS systems, the Taiwanese vendor urges customers to update the firmware and apps. Taiwanese vendor QNAP is urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections.

Firmware

Firmware Encryption Ransomware Advertising

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. To nominate, please visit:? Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. xHelper , a new strain of Android malware is able to re-install itself on infected devices even after victims delete it or force a factory reset. and Russia. ” continues the report.

Malware

Malware Firmware Manufacturing Mobile

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.

Malware

Malware Firmware Advertising Manufacturing

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

The ATM black box attacks are quite popular in the cybercrime underground and several threat actors offer the hardware equipment and malware that could be used to compromise the ATMs. The vulnerabilities discovered by the security duo impacts the Wincor Cineo ATMs with the RM3 and CMD-V5 dispensers. Both issues received a CVSSv3.0

Hacking

Hacking Firmware Encryption Manufacturing

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” continues the alert.

Ransomware

Ransomware Encryption Passwords Malware

Downfall Intel CPU side-channel attack exposes sensitive data

Security Affairs

AUGUST 9, 2023

Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. ” Intel informed customers that is releasing firmware updates to address the vulnerability.

Firmware

Firmware Encryption Software Banking

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware

Ransomware Firmware Encryption Engineering

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware DDOS Passwords Backups

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

Security Affairs

OCTOBER 8, 2020

Recently QNAP published a security advisory urging its customers to update the firmware and apps installed on their network-attached storage (NAS) devices to prevent AgeLocker ransomware infections. Security experts are observing the new strain of ransomware that is targeting QNAP devices since June.

Encryption

Encryption Firmware Advertising Ransomware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The botnet uses the WSS (WebSocket over TLS) protocol for C2 communication to circumvent the typical Mirai traffic detection and provide secure encrypted communication for command and control. “Two zero days, 12 remote access functions for the router, encrypted traffic protocol, and infrastructure IP that that moves around.

IoT

IoT Firmware DNS Advertising

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

Security Affairs newsletter Round 347

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Banking

Banking Firmware Malware Ransomware

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

Security Affairs

MARCH 22, 2022

Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide , its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, the ransomware appends. It was looking like this problem was behind us.”

Ransomware

Ransomware Firmware Internet Internet

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. The Taiwanese vendor published a security advisory to warn its customers of the ongoing attacks and is urging them to install the latest Malware Remover version and scan their devices for indicators of compromise.

Ransomware

Ransomware Backups Media Malware

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. The US agencies recommend not paying the ransom because there is no guarantee to recover the encrypted files and paying the ransomware will encourage the illegal practice of extortion. ” reads the joint advisory. “The

Ransomware

Ransomware Encryption Firmware Backups

Infecting Canon EOS DSLR camera with ransomware over the air

Security Affairs

AUGUST 12, 2019

. “Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware. The expert was able to access the keys for verifying the authenticity of the firmware and for encrypting it. Pierluigi Paganini.

Firmware

Firmware Ransomware Wireless Encryption

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

Tails OS version 4.5 supports the Secure Boot

Security Affairs

APRIL 10, 2020

The Tails OS allows to use the Internet anonymously and circumvent censorship by using the Tor Network, it leaves no trace on the computer users are using and uses the state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. it the first version that supports the UEFI Secure Boot. Tails OS version 4.5

Firmware

Firmware Advertising Encryption Internet

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. The threat actors deactivate security protection on the network, exfiltrate files, and upload the stolen data to Mega.nz, a cloud-storage and file-sharing service.

Education

Education Ransomware Phishing Passwords

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

Security Affairs

JULY 10, 2020

The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. The security duo, composed of Pierre Kim and Alexandre Torres, disclosed seven vulnerabilities in the firmware of FTTH OLT devices manufactured by C-Data. ” reads the analysis published by the experts.

Firmware

Firmware Accountability Advertising Manufacturing

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

“They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks , and to develop an incident response plan which they regularly test.” ” reads the advisory. backup servers, network shares, servers, auditing devices). PowerShell) to easily deploy tooling or ransomware.

Education

Education Ransomware Antivirus Backups

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. According to the joint report, APT28 exploited the known vulnerability to carry out reconnaissance and reploy malware on unpatched Cisco routers. SNMP v2 doesn’t support encryption and so all data, including community strings, is sent unencrypted.”

Malware

Malware Firmware Government Education

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” ” The ransomware appends the.checkmate extension to the filenames of encrypted files, it drops a ransom note named !CHECKMATE_DECRYPTION_README

Ransomware

Ransomware Encryption Passwords Internet

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends.encrypt extension to filenames of encrypted files. Create complex login passwords to make brute-forcing more difficult for attackers.

Ransomware

Ransomware Encryption Firmware Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

This type of malware attack is called a botnet attack. It’s powered by hundreds of bots carrying malware and infecting thousands of IoT devices simultaneously. Malware, phishing, and web. Nowadays, malware is an indispensable part of the internet (even if we do not like it). Improper encryption. Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.”

VPN

VPN Ransomware Antivirus Firmware

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

BleepingComputer also reported that dozens of ransom notes and encrypted files have been submitted to the ID-Ransomware service by affected QNAP users. Up to date apps and firmware seem not to help either.” The malicious code appends.encrypt extension to filenames of encrypted files.

Ransomware

Ransomware Encryption Backups Firmware

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S. X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S.

Data breaches

Data breaches Cybercrime Ransomware Passwords

Deadbolt Ransomware targets Asustor and QNap NAS Devices

Security Affairs

FEBRUARY 24, 2022

Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide, its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, the ransomware appends. The encrypted files have a ‘.deadbolt’

Ransomware

Ransomware Encryption Internet Internet

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet. QNAP Product Security Incident Response Team (QNAP PSIRT) had made the assessment and released the patched Photo Station app for the current version within 12 hours.”

Ransomware

Ransomware Internet Internet Encryption

Cloud Security: The Shared Responsibility Model

eSecurity Planet

OCTOBER 20, 2022

Its table illustration also goes into more detail and notes Google’s responsibility for hardware, boot, hardened kernel and interprocess communication (IPC), audit logging, network, and storage and encryption of data. However, the customer must secure that data when the environment is active. Malware defense.

Backups

Backups Firewall Encryption Software

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

Security Affairs

MAY 20, 2022

.” Since January, DeadBolt ransomware operators are targeting QNAP NAS devices worldwide , its operators claim the availability of a zero-day exploit that allows them to encrypt the content of the infected systems. Once encrypted the content of the device, the ransomware appends.

Ransomware

Ransomware Internet Internet Firmware

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11.

Hacking

Hacking Firmware Media Authentication

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Files are encrypted with a combination of AES-256 and RSA-4096 via the Microsoft CryptoAPI , as per CrowdStrike. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. If you use Remote Desktop Protocol (RDP), secure and monitor it. Implementing HIPAA security measures can prevent the introduction of malware on the system. administrative?accounts,

Ransomware

Ransomware VPN Cybercrime Accountability

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.” Once gained access to the network, threat actors deployed tools to perform lateral movements and escalate privileges before exfiltrating and encrypting files.

Ransomware

Ransomware Accountability Firmware Antivirus

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. The web form for uploading a new firmware exists in SoftwareUpgradeRpm.htm.”

Firmware

Firmware Encryption Government Malware

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

The good news is that the leaked files doesn’t contain sensitive data about customers or employees of the chip maker. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Engineering Hacking

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. Update software , including operating systems, applications, and firmware on IT network assets, in a timely manner.

Ransomware

Ransomware Healthcare Phishing Risk

Firmware attacks, a grey area in cybersecurity of organizations

QNAP urges users to update NAS firmware and app to prevent infections

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Experts show how to run malware on chips of a turned-off iPhone

xHelper, the Unkillable Android malware that re-Installs after factory reset

QSnatch malware infected over 62,000 QNAP NAS Devices

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

FBI published a flash alert on Mamba Ransomware attacks

Downfall Intel CPU side-channel attack exposes sensitive data

QNAP force-installs update against the recent wave of DeadBolt ransomware infections

Avoslocker ransomware gang targets US critical infrastructure

QNAP addresses 2 critical flaws that can allow hackers to take over NASs

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 347

A new wave of DeadBolt Ransomware attacks hit QNAP NAS devices ?

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Infecting Canon EOS DSLR camera with ransomware over the air

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Tails OS version 4.5 supports the Secure Boot

FBI warns of increase in PYSA ransomware attacks targeting education

Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

New Checkmate ransomware target QNAP NAS devices

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

FBI warns of ransomware attacks targeting the food and agriculture sector

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Deadbolt Ransomware targets Asustor and QNap NAS Devices

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Cloud Security: The Shared Responsibility Model

QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

USBAnywhere BMC flaws expose Supermicro servers to hack

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Daixin Team targets health organizations with ransomware, US agencies warn

BlackByte ransomware breached at least 3 US critical infrastructure organizations

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Intel investigates security breach after the leak of 20GB of internal documents

US CISA and FBI publish joint alert on DarkSide ransomware

Stay Connected