Firmware, Information Security, Malware and Passwords

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The website ruexfil.com provided detailed information about the attacks against Moscollector, the hackers also published screenshots of monitoring systems, servers, and databases they claim to have compromised.

Malware

Malware Firmware IoT Hacking

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords

Passwords Software Firmware Malware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

T95 Android TV Box sold on Amazon hides sophisticated malware

Security Affairs

JANUARY 16, 2023

Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. ” the expert wrote on Reddit.

Malware

Malware Firmware DNS Internet

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

US and UK cybersecurity agencies issued a joint advisory about the spread of QSnatch Data-Stealing Malware that already infected over 62,000 QNAP NAS devices. The QSnatch malware implements multiple functionalities, such as: . The experts were alerted about the malware in October and immediately launched an investigation.

Malware

Malware Firmware Advertising Manufacturing

Expert found a secret backdoor in Zyxel firewall and VPN

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. “Firmware version 4.60

Firewall

Firewall VPN Firmware Passwords

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. ” reads the security advisory published by the vendor.

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence

Artificial Intelligence Firmware Data breaches Hacking

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Firmware version 4.60

Firmware

Firmware Passwords Accountability VPN

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.”

Hacking

Hacking Firmware Authentication DNS

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323.

IoT

IoT DDOS Malware Firmware

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

The malware moves all files stored on the device to password-protected 7zip archives and demand the payment of a $550 ransom. QNAP strongly urges that all users immediately install the latest Malware Remover version and run a malware scan on QNAP NAS.” “QNAP® Systems, Inc.

Ransomware

Ransomware Backups Media Malware

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The BlackCat/ALPHV a Ransomware was first discovered in December by malware researchers from Recorded Future and MalwareHunterTeam. The malware is the first professional ransomware strain that was written in the Rust programming language. Regularly back up data, air gap, and password-protect backup copies offline.

Ransomware

Ransomware Antivirus Passwords Malware

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. No username or password needed nor any actions need to be initiated by the camera owner. wrote the expert. “.

Hacking

Hacking Firmware Internet Internet

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Backups Firmware

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system.” ” states the report published by Eye security. ” reads the description of the vulnerability.

Firmware

Firmware Passwords Authentication Wireless

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. The alert provides a list of mitigations to stay protected from ransomware families: Recommended Mitigations • Regularly back up data, air gap, and password protect backup copies offline.

Ransomware

Ransomware Encryption Passwords Malware

Downfall Intel CPU side-channel attack exposes sensitive data

Security Affairs

AUGUST 9, 2023

Malware can carry out a Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. ” Intel informed customers that is releasing firmware updates to address the vulnerability.

Firmware

Firmware Encryption Software Banking

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. There are 7,584 apps with secret access keys, 501 apps that embed master passwords, and 6,013 apps with secret commands. Moreover, these security risks hold generally across all of our data sources. Pierluigi Paganini.

Mobile

Mobile Passwords Advertising Firmware

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Organizations using Netgear, Huawei, and ZTE network devices are recommended to keep their firmware up to date and use strong passwords. Pierluigi Paganini.

IoT

IoT DNS Manufacturing Firmware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Rise in malware. As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Manufacturing Passwords Internet

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

Security Affairs

MAY 21, 2023

X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S. X Master Password Dumper (CVE-2023-32784) Malware RapperBot DDoS Botnet Expands into Cryptojacking Newly identified RA Group compromises companies in U.S.

Data breaches

Data breaches Cybercrime Ransomware Passwords

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use up-to-date anti-virus and anti-malware software on all hosts.

Education

Education Ransomware Phishing Passwords

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

In April 2023, FortiGuard Labs researchers observed a hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The court order allowed authorities to use the Moobot malware to copy and delete stolen and malicious data and files from compromised routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Report Reveals Top Cyber Threats, Trends of 2023 First Half

SecureWorld News

JUNE 13, 2023

Two-step phishing attacks are on the rise, with attackers using convincing emails that resemble legitimate vendor communications, often related to electronic signatures, orders, invoices, or tracking information. The new Beep malware is top of mind for organizations and individuals.

Cyber threats

Cyber threats Malware Phishing Penetration Testing

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Mozi Botnet relies on the DHT protocol to build a P2P network, and uses ECDSA384 and the xor algorithm to ensure the integrity and security of its components and P2P network.”

IoT

IoT DDOS Architecture Passwords

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Security Affairs

AUGUST 2, 2021

An attacker could also push an insecure firmware upgrade to fully compromise the devices. .” The flaws include privilege escalation, memory corruption, remote-code execution, and denial-of-service issues. Swisslog has released Nexus Control Panel version 7.2.5.7 that addresses most of the above vulnerabilities.

Healthcare

Healthcare Firmware Manufacturing Ransomware

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

Threat actors can also compromise a data center by establishing a backdoor and abuse systems and devices spread malware on a large scale. The researchers presented their findings at the DEFCON security conference today. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5)

Hacking

Hacking Firmware Authentication Software

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. 231 banking malware.

Mobile

Mobile Advertising Malware Cybercrime

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

This type of malware attack is called a botnet attack. It’s powered by hundreds of bots carrying malware and infecting thousands of IoT devices simultaneously. Simple or reused passwords are still a problem. Instead, people come up with passwords that are comfortable. Malware, phishing, and web. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Go to Control Panel > System > Firmware Update.

Ransomware

Ransomware Encryption Passwords Internet

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches

Data breaches DDOS Artificial Intelligence Ransomware

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Regularly back up data, air gap, and password protect backup copies offline. Implement a recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location (e.g., Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. •

Passwords

Passwords Government Firmware Accountability

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of Supermicro server boards: the X9, X10, and X11. ” continues the analysis.

Hacking

Hacking Firmware Media Authentication

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords. Researchers provided the following recommendations for protecting home offices from ransomware attacks: Update device firmware to keep attacks of this nature at bay.

Ransomware

Ransomware Encryption Firmware Passwords

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.” ” reads the joint advisory.

Ransomware

Ransomware Encryption Firmware Backups

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control.

Architecture

Architecture DDOS Advertising Firmware

Dell Wyse ThinOS flaws allow hacking think clients

Security Affairs

DECEMBER 21, 2020

The researchers also discovered the update process for the firmware and packages doesn’t rely on digital signature of the code. “Dell advises creating an FTP server using Microsoft IIS (no specific guidance), then giving access to firmware, packages, and INI files accessible through the FTP server.

Hacking

Hacking Firmware DNS Healthcare

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords [ T1098 ] for ESXi servers in the environment. Below are the mitigations provided in the alert: Install updates for operating systems, software, and firmware as soon as they are released. ” reads the alert.

Ransomware

Ransomware VPN Cybercrime Accountability

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Webinars

Trending Sources

Who and What is Behind the Malware Proxy Service SocksEscort?

Webinars

T95 Android TV Box sold on Amazon hides sophisticated malware

QSnatch malware infected over 62,000 QNAP NAS Devices

Expert found a secret backdoor in Zyxel firewall and VPN

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Avoslocker ransomware gang targets US critical infrastructure

A new Zerobot variant spreads by exploiting Apache flaws

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

BlackCat Ransomware gang breached over 60 orgs worldwide

Over 80,000 Hikvision cameras can be easily hacked

FBI warns of ransomware attacks targeting the food and agriculture sector

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

FBI published a flash alert on Mamba Ransomware attacks

Downfall Intel CPU side-channel attack exposes sensitive data

Experts uncovered hidden behavior in thousands of Android Apps

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

FBI warns of ransomware threat to food and agriculture

Security Affairs newsletter Round 420 by Pierluigi Paganini – International edition

FBI warns of increase in PYSA ransomware attacks targeting education

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Report Reveals Top Cyber Threats, Trends of 2023 First Half

Mozi Botnet is responsible for most of the IoT Traffic

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Expert found multiple critical issues in MoFi routers

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

New Checkmate ransomware target QNAP NAS devices

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

USBAnywhere BMC flaws expose Supermicro servers to hack

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Dell Wyse ThinOS flaws allow hacking think clients

Ranzy Locker ransomware hit tens of US companies in 2021

For nearly a year, Brazilian users have been targeted with router attacks

Daixin Team targets health organizations with ransomware, US agencies warn

Stay Connected