Encryption, Firmware, Information Security and VPN

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. . SecurityAffairs – hacking, Fortinet VPN).

VPN

VPN Ransomware Antivirus Firmware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

.” Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services. com, sscompany[.]net,

Malware

Malware VPN Internet Internet

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware DDOS Passwords Backups

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Security Affairs

SEPTEMBER 22, 2021

Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root. The flaw, tracked as CVE-2021-40847, resides in the source of a third-party component included in the firmware of many Netgear devices.

DNS

DNS Firmware VPN Risk

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” ” The ransomware appends the.checkmate extension to the filenames of encrypted files, it drops a ransom note named !CHECKMATE_DECRYPTION_README

Ransomware

Ransomware Encryption Passwords Internet

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

Security Affairs

SEPTEMBER 6, 2022

today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet. QNAP Product Security Incident Response Team (QNAP PSIRT) had made the assessment and released the patched Photo Station app for the current version within 12 hours.”

Ransomware

Ransomware Internet Internet Encryption

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. The threat actors deactivate security protection on the network, exfiltrate files, and upload the stolen data to Mega.nz, a cloud-storage and file-sharing service. Consider installing and using a VPN.

Education

Education Ransomware Phishing Passwords

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Files are encrypted with a combination of AES-256 and RSA-4096 via the Microsoft CryptoAPI , as per CrowdStrike. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

CISA is warning of vulnerabilities in GE Power Management Devices

Security Affairs

MARCH 23, 2021

The flaws could be exploited to access sensitive information, reboot the device, trigger a denial-of-service condition, and gain privileged access. “Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.”

Firmware

Firmware VPN Firewall Risk

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. Update software , including operating systems, applications, and firmware on IT network assets, in a timely manner.

Ransomware

Ransomware Healthcare Phishing Risk

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” continues the advisory. hard drive, storage device, the cloud).

Passwords

Passwords Government Firmware Accountability

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

As an example, we could use communications between systems that are not properly encrypted. Improper encryption. Hackers or other malicious sources can intercept poorly encrypted communications on the web. IoT devices on public Wi-Fi and encrypted networks are especially vulnerable to this type of attack. Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Ransomware: Encryption, Exfiltration, and Extortion. Ransomware perpetrators of the past presented a problem of availability through encryption. Nickels suggests organizations follow this guidance: Also Read: How Zero Trust Security Can Protect Against Ransomware. Detect Focus on encryption Assume exfiltration.

Software

Software Firmware DNS VPN

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. Use AES encryption. link] [link] Have a software/firmware update mechanism. Encrypt in transit.

IoT

IoT Firmware Mobile Manufacturing

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks. Russian govn blocked Tutanota service in Russia to stop encrypted communication. Russian govn blocked Tutanova service in Russia to stop encrypted communication. Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack.

Artificial Intelligence

Artificial Intelligence eCommerce Firmware Hacking

Cyber Security Informer

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

Trending Sources

FBI published a flash alert on Mamba Ransomware attacks

Webinars

Avoslocker ransomware gang targets US critical infrastructure

CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

Daixin Team targets health organizations with ransomware, US agencies warn

New Checkmate ransomware target QNAP NAS devices

QNAP warns new Deadbolt ransomware attacks exploiting zero-day

FBI warns of ransomware attacks targeting the food and agriculture sector

FBI warns of increase in PYSA ransomware attacks targeting education

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

CISA is warning of vulnerabilities in GE Power Management Devices

US CISA and FBI publish joint alert on DarkSide ransomware

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

The Biggest Lessons about Vulnerabilities at RSAC 2021

IoT Secure Development Guide

Security Affairs newsletter Round 252

Stay Connected