Information Security, Manufacturing and Passwords

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” The U.K. ” The U.K.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. ” As a proof of the hack Adrastea shared a link to a password-protected linked archive containing internal documents related to projects and correspondence. Pierluigi Paganini.

Manufacturing

Manufacturing Hacking Passwords Cybersecurity

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions. In this case, it could take attackers as long as 22 years to crack a very strong admin password.

Passwords

Passwords Penetration Testing Engineering Manufacturing

Agencies Warn of Pro-Russia Hackers Targeting OT Control Systems

SecureWorld News

MAY 7, 2024

According to a new joint cybersecurity alert , the hacktivists have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed human-machine interfaces (HMIs) and using default or weak passwords.

Passwords

Passwords Manufacturing Technology Authentication

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” The analysis of a subset of ~500 stolen credentials revealed that victims belong to a wide range of target industries, including IT, healthcare, real estate, and manufacturing.

Phishing

Phishing Passwords Manufacturing Healthcare

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords

Passwords Manufacturing Advertising Firmware

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. “Some of the security issues were detected more than once. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here.

Manufacturing

Manufacturing IoT Firmware VPN

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies.

Surveillance

Surveillance Manufacturing Passwords Internet

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Attackers may have exploited leaked credentials to brute force access to the repository, since they only needed a password, which is faster than guessing both a username and password.

Retail

Retail Manufacturing Passwords Phishing

QNAP urges users to take action to protect devices against Brute-Force attacks

Security Affairs

MARCH 28, 2021

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. “With increasing reports of brute-force attacks, QNAP urges its users to take immediate action to enhance the security of their devices.”

Manufacturing

Manufacturing Passwords Accountability Hacking

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Healthcare Education

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. The offenders use stolen email passwords to log into the smart devices and take over them, is some cases they hijacked the live-stream camera and device speakers. Users should update their passwords on a regular basis.

Passwords

Passwords Surveillance Manufacturing Accountability

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

“ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. ” wrote Google TAG Security Engineer Billy Leonard. ” wrote Google TAG Security Engineer Billy Leonard.

Manufacturing

Manufacturing Government Phishing Passwords

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. .”

Hacking

Hacking Internet Internet Passwords

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

The state of IoT is poor enough as it is, security wise. But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training.

Ransomware

Ransomware Manufacturing Passwords Internet

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. ” concludes the advisory.

Firmware

Firmware Authentication Passwords Manufacturing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Ransomware

Ransomware Passwords Backups Firmware

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

” The MiCODUS MV720 GPS Tracker is a popular vehicle GPS tracker manufactured in China, which is used by consumers for theft protection and location management, and by organizations for vehicle fleet management. There is no mandatory rule to change the password nor is there any claiming process.

Manufacturing

Manufacturing Passwords Mobile Authentication

BMW exposes data of clients in Italy, experts warn

Security Affairs

MARCH 9, 2023

Original post at: [link] Hackers have been enjoying their fair share of the spotlight by breaching car manufacturers’ defenses. out of 10 on the the Common Vulnerability Scoring System (CVSS), since attackers can obtain sensitive information such as externally usable passwords by exploiting the flaw. It scored 7.5

Manufacturing

Manufacturing Hacking Banking Phishing

An educational robot security research

SecureList

FEBRUARY 27, 2024

Toy manufacturers are striving to keep up with these trends, releasing more and more models that can also be called “smart.” This was the first security-related issue we discovered. This was the first security-related issue we discovered. In fact, a valid token is returned even if we provide incorrect credentials.

Education

Education Manufacturing Firmware Internet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. ” state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT. Follow me on Twitter: @securityaffairs and Facebook.

IoT

IoT DNS Manufacturing Firmware

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. The researchers estimated that combined revenue surpasses US$550 million.

Ransomware

Ransomware Encryption Healthcare Education

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158 and CVE–2022–36159, impacting the Contec Flexlan FXA3000 and FXA2000 series LAN devices. The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless.

Wireless

Wireless Firmware Passwords Engineering

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

Check with the device manufacturers for available patches and update the device firmware to version to 3.5.19.0 The researchers also shared a video PoC of an attack to bypass the ASLR. Below are the recommendations provided by Microsoft: Apply patches to affected devices in your network.

Authentication

Authentication Firmware Hacking Passwords

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. The Flaws in Manufacturing Process. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Internet

Nice Suzuki, sport: shame dealer left your data up for grabs

Security Affairs

JULY 21, 2023

Files that should be secure and kept private were left publicly accessible. Anyone could have retrieved passwords and secret tokens for accessing user data, business management tools, or managing websites. Rarely do car manufacturers sell their cars directly. We’ve grown to trust our local car sellers.

Manufacturing

Manufacturing Phishing Insurance Media

Misconfigured Apache Airflow servers leak thousands of credentials

Security Affairs

OCTOBER 5, 2021

Researchers from security firm Intezer have discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information, including credentials, from several tech companies. Experts explained that it is quite common to find hardcoded passwords stored in these variables.

Passwords

Passwords Manufacturing Risk Media

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

According to the flash alert published by the FBI, the Mamba ransomware was employed in attacks against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Encryption Passwords Malware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

But the password to the Gunnebo RDP account — “password01” — suggests the security of its IT systems may have been lacking in other areas as well. In the video, the REvil representative stated that the most desirable targets for the group were agriculture companies, manufacturers, insurance firms, and law firms.

Hacking

Hacking Ransomware Banking Accountability

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Financial Services Passwords VPN

7 Ways Enterprises are Taking Advantage of Biometrics

Security Boulevard

AUGUST 11, 2023

It's harder, for example, to replicate or fake biometrics than it is to steal a password, forge a signature, or use credit card or Social Security numbers. Faster and more secure transactions The use of biometric authentication makes digital transactions more secure by removing the leading cause of breaches: compromised credentials.

Healthcare

Healthcare Authentication Passwords IoT

Avaddon ransomware gang shuts down their operations and releases decryption keys

Security Affairs

JUNE 11, 2021

This morning, BleepingComputer received a message from a source that was pretending to be the FBI that included a password and a link to a password-protected ZIP archive. BleepingComputer shared the decryption keys with the security firm Emsisoft, which has released in the past free decryptors for multiple pieces of ransomware. .”

Ransomware

Ransomware Passwords Manufacturing Healthcare

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Both tools could be used to target SOHO and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik. If MFA is unavailable, enforce password complexity requirements [ D3-SPP ]. ” reads the advisory published by the US agencies. Enforce MFA on all VPN connections [ D3-MFA ].

Telecommunications

Telecommunications Authentication Passwords Accountability

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Security Affairs

AUGUST 10, 2021

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks.

Ransomware

Ransomware Encryption Firmware Passwords

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” ” reads the flash alert.

Ransomware

Ransomware Firmware Antivirus Accountability

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

SEPTEMBER 11, 2019

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. manufacturing company. ” read the analysis of the experts.

Manufacturing

Manufacturing Phishing Advertising Malware

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

The campaign flew under the radar since at least 2019, it was attributed by the experts to the China-linked Winnti group and targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” reads the report published by Cybereason.

Manufacturing

Manufacturing Passwords Malware Hacking

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

Ransomware

Ransomware Hacking Malware Encryption

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks.

Ransomware

Ransomware Encryption Manufacturing Hacking

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Accountability

Accountability VPN Manufacturing Firewall

NCSC: New UK law bans default passwords on smart devices

Threat actor claims to have hacked European manufacturer of missiles MBDA

Webinars

Trending Sources

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Webinars

Defense contractor Belcan leaks admin password with a list of flaws

Agencies Warn of Pro-Russia Hackers Targeting OT Control Systems

Passwords stolen via phishing campaign available through Google search

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

3.5m IP cameras exposed, with US in the lead

Security Affairs newsletter Round 377

Volvo retailer leaks sensitive files

QNAP urges users to take action to protect devices against Brute-Force attacks

FBI and CISA warn of attacks by Rhysida ransomware gang

FBI warns swatting attacks on owners of smart devices

China-linked APT Curious Gorge targeted Russian govt agencies

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

FBI warns of ransomware threat to food and agriculture

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Avoslocker ransomware gang targets US critical infrastructure

FBI warns of ransomware attacks targeting the food and agriculture sector

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

BMW exposes data of clients in Italy, experts warn

An educational robot security research

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Experts spotted a variant of the Agenda Ransomware written in Rust

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Nice Suzuki, sport: shame dealer left your data up for grabs

Misconfigured Apache Airflow servers leak thousands of credentials

FBI published a flash alert on Mamba Ransomware attacks

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

7 Ways Enterprises are Taking Advantage of Biometrics

Avaddon ransomware gang shuts down their operations and releases decryption keys

China-linked threat actors have breached telcos and network service providers

New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors

Ranzy Locker ransomware hit tens of US companies in 2021

LokiBot info stealer involved in a targeted attack on a US Company

China-linked Winnti APT steals intellectual property from companies worldwide

Cuba ransomware gang hacked 49 US critical infrastructure organizations

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

China-linked APT Volt Typhoon targets critical infrastructure organizations

Stay Connected