Information Security and Manufacturing - Cyber Security Informer

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

GreyNoise worked with VulnCheck to disclose the two vulnerabilities responsibly. “The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics. ” reads the analysis published by GreyNoise.

Firmware

Firmware Manufacturing IoT Healthcare

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

Doctor Web warns that the attackers gained access to the supply chain of a number of Chinese manufacturers of Android-based smartphones. A third of the models listed below are manufactured under the SHOWJI brand.“ The kits analyzed by the company are commercialized by many manufacturers including Huawei, Lenovo and Xiaomi.

Malware

Malware Manufacturing Mobile Spyware

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

Experts discovered an undocumented hidden feature in the ESP32 microchip manufactured by Espressif, which is used in over 1 billion devices. At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif.

IoT

IoT Manufacturing Firmware Mobile

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.”

Manufacturing

Manufacturing Cybercrime Authentication Hacking

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

Security Affairs

NOVEMBER 6, 2024

0795 or above) Taiwanese manufacturer QNAP also patched three zero-day vulnerabilities that were exploited by security researchers during the recent Pwn2Own Ireland 2024. .” Below is the list of affected versions: BeePhotos for BeeStation OS 1.0 (Upgrade to 1.0.2-10026 10053 or above) Synology Photos 1.6

Firmware

Firmware Manufacturing Hacking Media

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

OCTOBER 31, 2024

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024.

Backups

Backups Manufacturing Hacking Information Security

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

The DOE said it assesses risks but faces challenges due to manufacturers’ poor disclosure. The DOE said it assesses risks, but faces challenges due to manufacturers’ poor disclosure. supply chains and integrate trusted equipment into the power grid as domestic manufacturing grows.

Energy and Utilities

Energy and Utilities Manufacturing Government Hacking

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics

Computers and Electronics Ransomware Manufacturing Data breaches

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Security Affairs

APRIL 13, 2025

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Hacking

Hacking Manufacturing Education Government

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

These compromised devices are used for criminal activity after attackers gain unauthorized access through security flaws. “Most of the infected devices were manufactured in China. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 ” BADBOX 2.0

IoT

IoT Internet Internet Advertising

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

Hardware manufacturers do not always issue patches for retired devices, and the manufacturer itself may sometimes be defunct. Therefore, in circumstances in which security patches are unavailable and unlikely to come, we recommend upgrading vulnerable devices to a newer model.” ” concludes the report.

Manufacturing

Manufacturing Malware Firmware IoT

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. . “A physically present attacker could exploit these vulnerabilities by connecting a specially crafted USB device – such as an iPod or mass storage device – to the target system. x) may also be vulnerable.

Hacking

Hacking Firmware Software Manufacturing

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Security Affairs

DECEMBER 3, 2024

Bootkitty exploits LogoFAIL via tampered BMP files to inject shellcode, bypass Secure Boot, and target specific devices from different manufacturers, including Acer, HP, Fujitsu, and Lenovo. Despite a security patch was released, several devices are still vulnerable. ” reads the report.

Firmware

Firmware Manufacturing Malware Authentication

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

. “The incident has caused disruptions and limitation of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.”

Ransomware

Ransomware Manufacturing Malware Hacking

Cartier disclosed a data breach following a cyber attack

Security Affairs

JUNE 4, 2025

Cartier ( @Cartier ) has confirmed unauthorized access to its systems, compromising sensitive customer information. Cartier designs, manufactures, distributes, and sells jewelry, watches, leather goods, and accessories. Due to the data involved, the company warns customers to stay alert for unsolicited or suspicious communications.

Data breaches

Data breaches Cyber Attacks Manufacturing Banking

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack.

Technology

Technology Ransomware Manufacturing Engineering

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Security Affairs

JULY 24, 2025

Manufacturing: the traditional process of setting up manufacturing units costs Smart factories and predictive maintenance. Retail: the retail sector is a data-hungry powerhouse that needs personalized preferences to target customers effectively. AI is making the process seamless by providing hyper-personalized shopping experiences.

Marketing

Marketing Data privacy Cloud Migration Manufacturing

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

The financially-motivated group targeted organizations in the media, tourism, finance, insurance, manufacturing, energy, telecommunications, biotechnology and retail sectors. Hive0117 group has been active since February 2022, it is known for using DarkWatchman malware in phishing attacks across Russia, Belarus, Baltics and Kazakhstan.

Malware

Malware Phishing Telecommunications Antivirus

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

The group has extended its operations to countries in Asia and targets various sectors, including healthcare, real estate, construction, IT, food, and manufacturing.” . “Cloak primarily targets small to medium-sized businesses in Europe, with Germany as a key focus. ” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering Manufacturing

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government

Government Hacking Ransomware Manufacturing

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

VPN

VPN Government Malware Manufacturing

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023.

Data breaches

Data breaches Ransomware Cyber Attacks Manufacturing

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Security Affairs

FEBRUARY 28, 2025

Unfortunately, manufacturers often sell older OS versions as newer ones. Users may also mistakenly believe TV boxes are more secure than smartphones and are less likely to install antivirus software, increasing their risk when downloading third-party apps or unofficial firmware.

Antivirus

Antivirus Firmware Encryption Manufacturing

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. The ransomware attack took place in January as per a regulatory filing with the Indian National Stock Exchange. ” reads the filing.

Technology

Technology Ransomware Manufacturing Engineering

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 5, 2024

The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. used in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63 should take immediate action to patch the discovered vulnerabilities and secure their systems. concludes the report.

Firmware

Firmware Manufacturing Authentication IoT

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

Security Affairs

JULY 26, 2025

The BlackSuit ransomware targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing.

Ransomware

Ransomware Cybercrime Manufacturing Healthcare

Authorities released free decryptor for Phobos and 8base ransomware

Security Affairs

JULY 18, 2025

The group has been active since March 2022, it focused on small and medium-sized businesses in multiple industries, including finance, manufacturing, business services, and IT. The experts observed a massive spike in activity associated with this threat actor between May and June 2023.

Ransomware

Ransomware Encryption Malware Cybercrime

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

JANUARY 17, 2025

Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM).

Firmware

Firmware Technology Software Manufacturing

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Security Affairs

MARCH 12, 2025

Named after the ancient Roman weapon, Ballista targets TP-Link Archer routers and has affected manufacturing, healthcare, services, and tech sectors in the U.S., Cato links the Ballista botnet to an Italian-based threat actor, the attribution is based on an Italian IP address and strings in Italian in the code. Australia, China, and Mexico.

IoT

IoT Malware Encryption DDOS

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

The 8Base ransomware group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. Source Nation Thailand The gang compromised at least 17 Swiss companies using the Phobos ransomware between April 2023 and October 2024.

Ransomware

Ransomware Encryption Backups Malware

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing.” ” reads the joint advisory.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Security Affairs

JULY 10, 2025

In March 2025, PCA Cyber Security initiated responsible disclosure by sharing the content of the PerfektBlue advisory website with OpenSynergy, allowing them time to review the findings.

Hacking

Hacking Energy and Utilities Manufacturing Information Security

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) called buffer overflow vulnerabilities unforgivable defects that put national and economic security at risk. Buffer overflows happen when data written to a computers memory buffer exceeds the buffers capacity.

Banking

Banking Cybercrime Cybersecurity Ransomware

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT)

Internet

Internet Internet Engineering Malware

China-linked APT group MirrorFace targets Japan

Security Affairs

JANUARY 10, 2025

Campaign B (2023): Exploited software vulnerabilities in networking devices, focusing on semiconductor, manufacturing, and aerospace sectors. These campaigns highlight ongoing efforts to steal advanced technology and national security data. ” reads the report published by NPA.“This

Antivirus

Antivirus Malware System Administration Technology

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

However, delegating tasks also introduces new information security challenges. Kernel exploitation in Windows and Linux The two major operating systems power many of the world’s critical assets, including servers, manufacturing equipment, logistics systems and IoT devices.

Internet

Internet Internet Risk Social Engineering

New PumaBot targets Linux IoT surveillance devices

Security Affairs

MAY 28, 2025

“Notably, the malware checks for the presence of the string Pumatronix, a manufacturer of surveillance and traffic camera systems, suggesting potential IoT targeting or an effort to evade specific devices.” ” states the report.

Surveillance

Surveillance IoT Malware Manufacturing

Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise

Security Affairs

DECEMBER 16, 2024

Volkswagen Group does not manufacture its MIB3 infotainment systems but sources them from Tier-1 suppliers. The team led by Danila Parnishchev and Artem Ivachev discovered 12 vulnerabilities in the MIB3 infotainment systems, which appeared in 2021, and now being used in many VW Group cars.

Manufacturing

Manufacturing Hacking Cybersecurity Information Security

California Privacy Agency Enforcement, CCPA Rulemaking, and CIPA Reform

SecureWorld News

MAY 12, 2025

This provision mirrors the Agency's prior settlement with a major auto manufacturer, wherein it emphasized that contracting out privacy rights to a third-party consent management tool, without monitoring and oversight of that tool, is not a defense to liability.

Retail

Retail Advertising Manufacturing Technology

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

Security Affairs

FEBRUARY 20, 2025

Much of this pivoting included the use of network equipment from a variety of different manufacturers.” . “Some of these hop points were also used as a first hop for outbound data exfiltration operations.

Telecommunications

Telecommunications Malware Hacking Encryption

Russian disinformation campaign active ahead of 2024 US election

Security Affairs

NOVEMBER 4, 2024

At the end of October, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement : “The IC assesses that Russian actors manufactured and amplified a recent video that falsely depicted an individual ripping up (..)

Media

Media Manufacturing Cybersecurity Hacking

Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack

Security Affairs

MAY 27, 2025

In 2024, it also hit aerospace firms and high-tech manufacturers, likely to steal sensitive data about weapons production and deliveries to Ukraine. Laundry Bear mainly targets EU and NATO countries, focusing on entities linked to Russias war in Ukraine, such as defense ministries, armed forces, diplomats, and defense contractors.

Data breaches

Data breaches Government Hacking Manufacturing

Hiring – Senior Cybersecurity Consultant

BH Consulting

JULY 8, 2025

We provide a market leading range of information security services focused on cybersecurity, cyber risk management, ISO 27001, and data protection. Capable of acting as a Chief Information Security Officer (CISO) on a consulting/advisory basis for client organisations.

Cybersecurity

Cybersecurity CISO Healthcare Risk

Canada bans Hikvision over national security concerns

Security Affairs

JUNE 30, 2025

following a national security review under the Investment Canada Act: pic.twitter.com/Gvl6aWRxyQ — Mélanie Joly (@melaniejoly) June 28, 2025 The ban includes its business and technology use. The risk is related to the use of security cameras manufactured by Chinese-owned companies Dahua and Hikvision.

Surveillance

Surveillance Government Manufacturing Technology

PTZOptics cameras zero-days actively exploited in the wild

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Trending Sources

Undocumented hidden feature found in Espressif ESP32 microchip

XE Group shifts from credit card skimming to exploiting zero-days

Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Mazda Connect flaws allow to hack some Mazda vehicles

BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Cartier disclosed a data breach following a cyber attack

Ransomware attack hit Indian multinational Tata Technologies

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Cloak ransomware group hacked the Virginia Attorney General’s Office

Rhysida Ransomware gang claims the hack of the Government of Peru

China’s Volt Typhoon botnet has re-emerged

Port of Seattle ‘s August data breach impacted 90,000 people

Enhanced capabilities sustain the rapid growth of Vo1d botnet

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

Authorities released free decryptor for Phobos and 8base ransomware

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

North Korea-linked APT37 exploited IE zero-day in a recent attack

China-linked APT group MirrorFace targets Japan

Story of the Year: global IT outages and supply chain attacks

New PumaBot targets Linux IoT surveillance devices

Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise

California Privacy Agency Enforcement, CCPA Rulemaking, and CIPA Reform

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

Russian disinformation campaign active ahead of 2024 US election

Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack

Hiring – Senior Cybersecurity Consultant

Canada bans Hikvision over national security concerns

Stay Connected