Hacking, Information Security, Internet and Manufacturing

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. It is the second-largest contract laptop manufacturer in the world behind Quanta Computer. “According to the Internet PTT, 30% of the computers have been hit. . Pierluigi Paganini.

Manufacturing

Manufacturing Computers and Electronics Ransomware Media

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? SecurityAffairs – Windows 7, hacking).

Manufacturing

Manufacturing IoT Malware Cryptocurrency

VNC instances exposed to Internet pose critical infrastructures at risk

Security Affairs

AUGUST 15, 2022

Researchers from Cyber looked for VNC exposed over the internet and discovered over 8000 VNC instances with authentication disabled, most of them in China, Sweden, and the United States. Exposing VNCs to the internet, increases the likelihood of a cyberattack. connected via VNC and exposed over the internet. Pierluigi Paganini.

Internet

Internet Internet Risk Cybercrime

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. ” reads the press statement published by the company.

Ransomware

Ransomware Manufacturing Hacking Insurance

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

The platform allows remote access and management of connected devices to manufacturers through an agent is installed on devices. The impact of these flaws is widespread, experts determine that the issues impact more than 150 device models from over 100 manufacturers. SecurityAffairs – hacking, IoT). Pierluigi Paganini.

Manufacturing

Manufacturing IoT Authentication Financial Services

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. SecurityAffairs – hacking, DrayTek Vigor).

Hacking

Hacking Internet Internet Passwords

A cyberattack halted operations at Varta production plants

Security Affairs

FEBRUARY 15, 2024

On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration.

Manufacturing

Manufacturing Cyber Attacks Ransomware Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Despite FocacciaBoard is extremely useful during my night-to-night hardware hacking needs… there is another set of tools I cannot live without: pin enumeration ones. UART, JTAG, SWD, SPI, I2C).

IoT

IoT Hacking Firmware Advertising

Ransomware attacks break records in 2023: the number of victims rose by 128%

Security Affairs

JANUARY 19, 2024

Based on Ransomlooker, a free Cybernews tool for monitoring the dark web and other hidden areas of the internet, more ransomware attacks occurred in spring and summer, with 1253 and 1275 victims, compared to winter and autumn, which had 611 and 1052 incidents, respectively. Winter was the least active time (14.6%

Ransomware

Ransomware Manufacturing Retail Insurance

B. Braun Infusomat pumps could be hacked to alter medication doses

Security Affairs

AUGUST 27, 2021

Braun ‘s Infusomat Space Large Volume Pump and SpaceStation that could be remotely hacked. The flaws were privately reported to the medical manufacturer on January 11 that addressed in B. “Could this attack take place over the internet? SecurityAffairs – hacking, B. ” reads the advisory published by B.

Hacking

Hacking Authentication Internet Internet

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

how are they connected to the Internet (hint: they aren't, they are… [link] — Robᵉʳᵗ Graham ? ErrataRob) February 7, 2024 Several experts explained that electric toothbrushes have no direct connections to the internet, they relies on Bluetooth to connect to mobile apps. what was the brand of toothbrushes?

DDOS

DDOS IoT Media Internet

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Security Affairs

AUGUST 8, 2023

The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. designs, manufactures, sells, and services medical devices and software products for treating cancer and other medical conditions worldwide. Varian Medical Systems, Inc.

Ransomware

Ransomware Manufacturing Healthcare IoT

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking

Hacking VPN Advertising Financial Services

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. ” reported The New Paper.”

IoT

IoT Internet Internet Hacking

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. To mitigate the risk of the exploitation of the above flaws, it is recommended to disable internet connectivity for vulnerable Nexx devices or protect them with a firewall.

Manufacturing

Manufacturing Media Firewall Education

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria. pw was their domain.

Scams

Scams DDOS Cryptocurrency Accountability

Space and defense tech maker Exail Technologies exposes database access

Security Affairs

SEPTEMBER 21, 2023

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. The publicly accessible.env file, hosted on the exail.com website, was exposed to the internet, meaning that anyone could have accessed it.

Technology

Technology Internet Internet Manufacturing

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Hacking Ransomware Malware

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication

Authentication Firmware Hacking Passwords

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. “If only 153,414 devices on the internet are patched, that leaves 335,923 / 489,337 = 69% unpatched.” states the report published by Fortinet.

Firewall

Firewall VPN Firmware Internet

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Major Belgium’s telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei. One of the major Belgium telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei. Pierluigi Paganini.

Mobile

Mobile Manufacturing Wireless Internet

Toyota Italy accidentally leaked sensitive data

Security Affairs

MARCH 28, 2023

Threat actors could abuse this information to gain access to Toyota clients’ phone numbers and email addresses and abuse them to launch phishing attacks. Cybernews has reached out to the car manufacturer, and, at the time of writing, the dataset has been secured. env) hosted on the official Toyota Italy website.

Marketing

Marketing Manufacturing Phishing IoT

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the Internet without any protection. QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices.”

Internet

Internet Internet Ransomware Encryption

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

The FBI is working with private sector partners who manufacture smart devices to advise customers about the scheme and how to avoid being victimized. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Swatting). Pierluigi Paganini.

Passwords

Passwords Surveillance Manufacturing Accountability

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 357 by Pierluigi Paganini appeared first on Security Affairs. If you want to also receive for free the newsletter with the international press subscribe here. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches

Data breaches Firmware Hacking Ransomware

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Siemens Metaverse, a virtual space built to mirror real machines, factories, and other highly complex systems, has exposed sensitive data, including the company’s office plans and internet of things (IoT) devices. The most worrying discovery was that of exposed office management platform ComfyApp user credentials.

Manufacturing

Manufacturing IoT Technology Authentication

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

ETL 2023 identified public administration as the most targeted sector (~19%), followed by targeted individuals (~11%), health (~8%), digital infrastructure (~7%) and manufacturing, finance and transport. Information manipulation has been as a key element of Russia’s war of aggression against Ukraine has become prominent.

Social Engineering

Social Engineering Artificial Intelligence Engineering Ransomware

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. A hacker managed to identify a weak spot in a security camera model. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet.

IoT

IoT Cybersecurity Manufacturing Internet

Swedish court suspended the ban on Huawei equipment

Security Affairs

NOVEMBER 12, 2020

Recently Belgian telecoms operators Orange Belgium and Proximus announced that it will gradually replace the equipment from the Chinese manufacturer Huawei. The Chinese giant was already excluded by several countries from building their 5G internet networks. SecurityAffairs – hacking, Chrome zero-day). Pierluigi Paganini.

Wireless

Wireless Internet Internet Manufacturing

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Small Business

Small Business Technology VPN Manufacturing

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

Recently Belgian telecoms operators Orange Belgium and Proximus announced that it will gradually replace the equipment from the Chinese manufacturer Huawei. The Chinese giant was already excluded by several countries from building their 5G internet networks. SecurityAffairs – hacking, 5G). Pierluigi Paganini.

Wireless

Wireless Internet Internet Advertising

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and other verticals. . SecurityAffairs – hacking, malware).

Banking

Banking Malware Manufacturing Business Services

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

” The IoT radio devices are manufactured by Imperial & Dabman (Series I and D) and are distributed in Germany by Telestar, but experts pointed out that it is possible to buy them via Ebay and Amazon by resellers. . SecurityAffairs – IoT radio devices, hacking). . Pierluigi Paganini.

IoT

IoT Hacking Firmware Advertising

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.

Firmware

Firmware Manufacturing Software Authentication

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

We identified at least 65 different affected vendors with close to 200 unique fingerprints, thanks both to Shodan’s scanning capabilities and some misconfiguration by vendors and manufacturers who expose those devices to the Internet. SecurityAffairs – hacking, InkySquid). SecurityAffairs – hacking, Realtek).

IoT

IoT Firmware Internet Internet

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

When FortiManager was not exposed to the Internet, the threat actors deployed a traffic redirector (Tableflip) and a passive backdoor (Reptile) to circumvent the new ACLs. ” concludes Mandiant.

Firewall

Firewall Manufacturing Government Firmware

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Security Affairs

DECEMBER 14, 2023

According to Shodan, more than 3,000 on-premises servers are exposed to the Internet. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT29) reads the post published by Sonar. The attack does not require any user interaction.” ” concludes the report.

Antivirus

Antivirus Software Authentication Internet

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies. The SiennaBlue variant evolved over time by implementing multiple encryption options, string obfuscation, public key management, and support for the internet and intranet. Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Government Small Business

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

. “We’re publishing the details of a new vulnerability (tracked under CVE-2022-30563) affecting the implementation of the Open Network Video Interface Forum (ONVIF) WS-UsernameToken authentication mechanism in some IP cameras developed by Dahua, a very popular manufacturer of IP-based surveillance solutions.” Pierluigi Paganini.

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

NCSC: New UK law bans default passwords on smart devices

Trending Sources

IoT devices at major Manufacturers infected with crypto-miner

VNC instances exposed to Internet pose critical infrastructures at risk

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Access:7 flaws impact +150 device models from over 100 manufacturers

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

A cyberattack halted operations at Varta production plants

3.5m IP cameras exposed, with US in the lead

Hacking IoT & RF Devices with BürtleinaBoard

Ransomware attacks break records in 2023: the number of victims rose by 128%

B. Braun Infusomat pumps could be hacked to alter medication doses

Unraveling the truth behind the DDoS attack from electric toothbrushes

LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

Iran-linked APT group Pioneer Kitten sells access to hacked networks

An RCE in Annke video surveillance product allows hacking the device

Hackers claim to have compromised 50,000 home cameras and posted footage online

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Updated Kmsdx botnet targets IoT devices

Interview With a Crypto Scam Investment Spammer

Space and defense tech maker Exail Technologies exposes database access

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Belgium telecom operators Proximus and Orange drop Huawei

Toyota Italy accidentally leaked sensitive data

How to secure QNAP NAS devices? The vendor’s instructions

FBI warns swatting attacks on owners of smart devices

Security Affairs newsletter Round 357 by Pierluigi Paganini

Siemens Metaverse exposes sensitive corporate data

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Swedish court suspended the ban on Huawei equipment

China-linked APT Volt Typhoon linked to KV-Botnet

Sweden bans Huawei and ZTE from building its 5G infrastructure

TinyNuke banking malware targets French organizations

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

NI CompactRIO controller flaw could allow disrupting production

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Realtek SDK flaws exploited to deliver Mirai bot variant

China-linked APT likely linked to Fortinet zero-day attacks

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Holy Ghost ransomware operation is linked to North Korea

A flaw in Dahua IP Cameras allows full take over of the devices

Stay Connected