Security Affairs

MAY 1, 2025

Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6.

Malware 88

Malware Phishing Telecommunications Antivirus 88

The Hacker News

MARCH 14, 2024

The threat actor known as Blind Eagle has been observed using a loader malware called Ande Loader to deliver remote access trojans (RATs) like Remcos RAT and NjRAT. The attacks, which take the form of phishing emails, targeted Spanish-speaking users in the manufacturing industry based in North America, eSentire said.

Manufacturing 132

Manufacturing Malware Phishing 132

Security Affairs

SEPTEMBER 9, 2024

Trend Micro spotted an allegedly China-linked threat actor, tracked TIDRONE, targeting drone manufacturers in Taiwan. The group, which was previously undocumented, uses enterprise resource planning (ERP) software and remote desktops to deploy advanced malware, including CXCLNT and CLNTEND. ” concludes the report.

Manufacturing 139

Manufacturing Antivirus Malware Software 139

Security Affairs

JUNE 9, 2025

malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. “Most of the infected devices were manufactured in China. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 ” BADBOX 2.0

IoT 145

IoT Internet Internet Advertising 145

Security Affairs

MAY 18, 2025

The discovery raises fears China may have installed covert malware in critical energy infrastructure across the US and Europe, enabling remote attacks during conflicts. The DOE said it assesses risks but faces challenges due to manufacturers’ poor disclosure. ” reported Reuters.

Energy and Utilities 145

Energy and Utilities Manufacturing Government Hacking 145

Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. The government says between July 2012 and Sept.

Banking 234

Banking Malware Government Advertising 234

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. That meant the malware could directly tamper with every installed app.

Firmware 278

Firmware Manufacturing Malware Mobile 278

The Last Watchdog

MAY 15, 2023

These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware. Rising regulations As the attack surface broadens, original equipment manufacturers (OEMs) find themselves in a unique position.

Malware 230

Malware Manufacturing IoT Software 230

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai. in newer ones.

Manufacturing 91

Manufacturing Malware Firmware IoT 91

Security Affairs

NOVEMBER 8, 2024

” Newpark Resources pointed out that its manufacturing and field operations remain largely unaffected, continuing with established downtime procedures despite the ransomware attack. The company did not share details about the attack either the family of malware that infected its systems.

Ransomware 125

Ransomware Manufacturing Malware Hacking 125

SecureList

APRIL 23, 2025

The campaign, dubbed “Operation SyncHole”, has impacted at least six organizations in South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, and we are confident that many more companies have actually been compromised. The software has since been updated with patched versions.

Malware 143

Malware Software Encryption Internet 143

Schneier on Security

APRIL 7, 2022

The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. The botnet “targets network devices manufactured by WatchGuard Technologies Inc. WatchGuard) and ASUSTek Computer Inc. Those devices are still vulnerable.

Manufacturing 275

Manufacturing Firewall Malware Internet 275

Security Affairs

OCTOBER 30, 2022

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. The post BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider appeared first on Security Affairs. Asahi Group Holdings, Ltd.

Manufacturing 142

Manufacturing Ransomware Hacking Data breaches 142

Malwarebytes

JUNE 28, 2024

Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.” The online webshop pressures manufacturers to lower their prices even further to appease discount-seeking customers, leaving those manufacturers with little to no profit in return.

Malware 145

Malware Manufacturing Spyware Mobile 145

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. “The malware is fully automated, simplifying its deployment and operation.”

Malware 145

Malware Banking Advertising Cybercrime 145

Security Affairs

SEPTEMBER 13, 2024

Researchers uncovered an Android malware, dubbed Vo1d, that has already infected nearly 1.3 Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 Unfortunately, often manufacturers sell older OS versions as newer ones. million Android devices in 197 countries.

Malware 142

Malware Firmware Antivirus Manufacturing 142

Schneier on Security

SEPTEMBER 1, 2021

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. More on this here.

Spyware 333

Spyware Manufacturing Government Hacking 333

Graham Cluley

MARCH 6, 2024

Chinese mini PC manufacturer ACEMAGIC has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.

Malware 136

Malware Manufacturing 136

The Hacker News

OCTOBER 16, 2024

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.

Banking 129

Banking Phishing Malware Retail 129

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. million malware, adware, and riskware attacks on mobile devices. Last month, we wrote a total of four private crimeware reports on Android malware, three of which are summarized below. In 2023 , our technologies blocked 33.8 and sends it to the C2.

Malware 130

Malware Mobile Firmware Spyware 130

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors. dll), allowing type confusion to occur.

Internet 143

Internet Internet Engineering Malware 143

Adam Levin

JUNE 8, 2020

Japanese automotive manufacturer Honda is investigating a possible ransomware attack that has caused company-wide network outages. ” EKANS (snake spelled backwards) is what is known as an Industrial Control System, or ICS, malware variant that specifically targets and disables factories and heavy equipment. .

Ransomware 283

Ransomware Manufacturing Malware Data breaches 283

Adam Levin

MARCH 23, 2020

Update your camera’s firmware and software: Whether it’s an external camera or one built into your laptop or tablet, check for manufacturer updates and always keep your camera’s software and firmware fully up to date because patches are often released specifically to patch security vulnerabilities.

Firmware 219

Firmware Manufacturing Passwords Software 219

SecureWorld News

JUNE 6, 2025

This year's report is a must-read for practitioners defending OT-heavy sectors like manufacturing, energy, logistics, and critical infrastructure. The growing sophistication of malware and attacker objectives means OT-focused organizations must rethink how they segment, detect, and respond to threats," the report states.

Media 85

Media Social Engineering Malware Engineering 85

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. This quick compromise allows vehicles to be targeted during valet service, ride-sharing, or through USB malware. x) may also be vulnerable. ” concludes the report.

Hacking 132

Hacking Firmware Software Manufacturing 132

The Hacker News

MAY 1, 2025

Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. The activity is assessed to be the work of a

Malware 112

Malware Insurance Retail Manufacturing 112

Krebs on Security

JUNE 25, 2019

” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware. com — were implicated in propagating the Triada malware. “Yehuo” ( ? ? ) Two of those domains registered to tosaka1027@gmail.com — elsyzsmc[.]com

Mobile 278

Mobile Technology Manufacturing Malware 278

Security Affairs

FEBRUARY 10, 2025

. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.” ” reads the analysis published by Intezer.

Manufacturing 113

Manufacturing Cybercrime Authentication Passwords 113

Heimadal Security

DECEMBER 13, 2023

Researchers warn Lazarus threat actors still exploit known Log4j vulnerability to infect devices with new DLang malware strains. Hackers target manufacturing, agricultural, and physical security companies that failed to apply existing patches against Log4Shell vulnerability.

Malware 114

Malware Manufacturing Cybersecurity 114

Security Affairs

MAY 28, 2025

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. ” states the report.

Surveillance 75

Surveillance IoT Malware Manufacturing 75

SecureList

OCTOBER 15, 2024

It uses the CPUID instruction to obtain information about the processor manufacturer. The malware uses different strings to load libraries and functions required for execution. In particular, Avast and AVG solutions are of interest to the malware. If the CPU is not from Intel or AMD, it terminates execution. dll” library.

Malware 143

Malware Encryption Architecture Phishing 143

Security Affairs

FEBRUARY 12, 2025

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025.

Computers and Electronics 80

Computers and Electronics Ransomware Manufacturing Data breaches 80

Security Affairs

DECEMBER 12, 2023

Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families. Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications.

Malware 133

Malware Data collection Manufacturing Healthcare 133

Security Affairs

MAY 3, 2025

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the gangs Tor leak site, at least 182 companies are victims of the operation. The victims of the group are targets of opportunity.

Government 128

Government Hacking Ransomware Manufacturing 128

Security Boulevard

JANUARY 20, 2025

How cars became the worst product category for privacy Session Covers the extensive data collection (and subsequent sharing with car manufacturers and their affiliates) enabled by modern vehicles; they can collect way beyond location data. Malware campaigns covered generally target/affect the end user.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

The Hacker News

SEPTEMBER 15, 2023

The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology

Accountability 140

Accountability Manufacturing Malware Technology 140

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

DNS 319

DNS Penetration Testing Malware Hacking 319