2015, Communications and Manufacturing - Information Management Today

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. The experts reported that several IoT devices at some major manufacturers have been infected with a cryptocurrency miner in October 2019. Pierluigi Paganini. SecurityAffairs – Windows 7, hacking).

Manufacturing

Manufacturing IoT Communications Risk

ICS-CERT warns of several flaws in the GE Communicator software

Security Affairs

MAY 6, 2019

ICS-CERT is warning of several vulnerabilities in the GE Communicator software, including hardcoded credentials and privilege escalation bugs. ICS-CERT is warning of five flaws affecting the GE Communicator software, including privilege escalation issues and hardcoded credentials. SecurityAffairs – GE Communicator, hacking).

Communications

Communications Manufacturing Access Security

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. The PortReuse backdoor has a modular architecture, experts discovered that its components are separate processes that communicate through named pipes. Pierluigi Paganini.

Manufacturing

Manufacturing Paper Communications IT

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Two of these malware strains are remote access trojans (RATs), respectively tracked as NineRAT and “DLRAT” The former relies on Telegram bots and channels for C2 communications. The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity.

Agriculture

Agriculture Data collection Access Manufacturing

Building a sustainable automotive supply chain

IBM Big Data Hub

JUNE 30, 2023

For example, the chip shortage has been a call to action for both original equipment manufacturers (OEMs) and suppliers. Supply shortages can lead to line outages, manufacturing delays, out of stock issues and lost revenue.

B2B

B2B Manufacturing Blockchain Retail

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

Visser Precision is a parts maker for many companies in several industries, including aerospace, automotive, industrial and manufacturing. Some documents provide details about the SpaceX’s manufacturing partner program. Other companies impacted by the security incident did not provide any official communication.

Ransomware

Ransomware Manufacturing Military Cybersecurity

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

Huawei can secretly tap into communications through the networking equipment, states a U.S. “Independent cybersecurity experts say the intelligence services of global powers including the United States routinely exploit vulnerabilities in networking equipment — regardless of the manufacturer — for espionage purposes.”

Manufacturing

Manufacturing Access Government Communications

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Major Belgium’s telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei. One of the major Belgium telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei.

Manufacturing

Manufacturing Risk Communications Security

High Severity DoS bug affects Several Yokogawa products

Security Affairs

JANUARY 5, 2019

A serious DoS flaw affects several industrial automation products manufactured by the Yokogawa Electric. The DoS vulnerability in several Yokogawa Electric products affects the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. ” reads the security advisory published by the company.

Agriculture

Agriculture Manufacturing Communications Paper

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

“IT officials are working to get the communication systems back online.” The list of the victims of the Ryuk ransomware is very long and includes the US government contractor Electronic Warfare Associates (EWA) , US railroad company Railworks , Croatian petrol station chain INA Group , and parts manufacturer Visser Precision.

Ransomware

Ransomware IT Computer and Electronics Mining

ATM vendors Diebold and NCR fixed deposit forgery bugs

Security Affairs

AUGUST 22, 2020

The ATM manufacturer giants, Diebold Nixdorf and NCR, have released software updates to fix a flaw that could have been exploited for ‘deposit forgery’ attacks. The ATM manufacturers Diebold Nixdorf and NCR have addressed a bug that could have been exploited for ‘deposit forgery’ attacks. and 05.01.00

Manufacturing

Manufacturing Communications Encryption Authentication

UK NCSC releases the Vulnerability Disclosure Toolkit

Security Affairs

SEPTEMBER 15, 2020

The guideline is organized into three main sections, Communication, Policy, and Security.txt. The process for communicating a vulnerability must be clear and well defined, it could be useful to set up a specific path for disclosing the issues (email address or secure web form).

Communications

Communications Risk Manufacturing Government

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Krebs on Security

APRIL 19, 2019

Title 18, Section 2512 , which involves the manufacture, distribution, possession and advertising of devices for intercepting online communications. 2015, Hutchins helped create and sell Kronos and a related piece of malware called UPAS Kit. The government says between July 2012 and Sept.

Manufacturing

Manufacturing Government Communications Ransomware

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

Security Affairs

FEBRUARY 26, 2020

A high-severity hardware vulnerability, dubbed Kr00k , in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k , that affects Wi-Fi chips manufactured by Broadcom and Cypress.

Encryption

Encryption Manufacturing Paper Communications

The US Gov is testing high-altitude balloons for surveillance

Security Affairs

AUGUST 4, 2019

The US government is testing high-altitude balloons manufactured by Sierra Nevada to conduct surveillance over American soil. ” In July Sierra Nevada obtained a Special Temporary Authorization by the US Federal Communications Commission (FCC) for the use of several radio frequencies over the area for communications from the balloons.

Military

Military Manufacturing Communications Government

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The use of MSP is increasing the attack surface for attackers, the DHS’ alert TA18-276B , is related to activity that was uncovered by DHS’ National Cybersecurity and Communications Integration Center (NCCIC) in April 2017. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Communications

Communications Manufacturing Cybersecurity Phishing

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

As a result, you will prevent unauthorized access or communication interception. As an example, we could use communications between systems that are not properly encrypted. Hackers or other malicious sources can intercept poorly encrypted communications on the web. The Flaws in Manufacturing Process. Poor credentials.

IoT

IoT Cybersecurity Manufacturing Passwords

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

It’s normal that … we want a European solution” because of the importance of “the security of our communication,” Macron told reporters. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported the Associated Press agency. Pierluigi Paganini. SecurityAffairs – hacking, Huawei).

IT

IT Military Manufacturing Risk

Medtronic’s implantable heart defibrillators vulnerable to hack

Security Affairs

MARCH 22, 2019

Security firm Clever Security discovered that heart defibrillators manufactured by Medtronic are affected by two serious vulnerabilities. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.” ” continues the advisory. Pierluigi Paganini.

Communications

Communications Encryption Access Manufacturing

Hackers bypassed vein based authentication with a fake hand

Security Affairs

DECEMBER 30, 2018

If you consider vein based authentication totally secure, you have to know that a group of researchers demonstrated the opposite at the Chaos Communication Congress hacking conference. The manufacturers improve their systems, the hackers come and break it and then it goes back on.” Pierluigi Paganini.

Authentication

Authentication Communications Manufacturing Security

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

NOVEMBER 27, 2018

The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called Zengge and could be controlled using both Android and iOS apps. The experts focused their study on devices using the Low Energy Attribute Protocol ( ATT ) to communicate.

Communications

Communications Manufacturing Security IT

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

Recently Belgian telecoms operators Orange Belgium and Proximus announced that it will gradually replace the equipment from the Chinese manufacturer Huawei. In September, the US Federal Communications Commission (FCC) estimated the cost of a full replacement of all Huawei and ZTE hardware on American wireless networks at $1.837bn.

IT

IT Military Manufacturing Risk

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Upon the installation, the malicious app registers itself as a foreground service and extracts an encrypted payload that gathers information about the victim’s device (android_id, manufacturer, model, firmware version, etc.) Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the report.

Manufacturing

Manufacturing Libraries Access Encryption

Hackers target German Task Force for COVID-19 PPE procurement

Security Affairs

JUNE 9, 2020

. “The remaining half belong to executives at third-party partners, including European and American companies associated with chemical manufacturing, aviation and transport, medical and pharmaceutical manufacturing, finance, oil and gas, and communications.” Pierluigi Paganini.

Phishing

Phishing Healthcare Manufacturing Government

Nefilim ransomware gang published Luxottica data on its leak site

Security Affairs

OCTOBER 20, 2020

As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware IT Retail Manufacturing

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Experts pointed out that the bot mainly uses the IRC protocol to communicate with the command and control (C&C) servers. “Once the communication lines are established, Momentum can use various commands to attack using the compromised devices.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications

Communications Manufacturing Security IT

Critical unfixed flaws affect ABB Safety PLC Gateways

Security Affairs

DECEMBER 18, 2018

Researchers at Applied Risk discovered serious flaws in some PLC gateways manufactured by industrial tech company ABB. The ABB gateway solutions allow ABB PLCs to communicate with other control systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. GATE-E1 and GATE-E2 from ABB. Pierluigi Paganini.

Authentication

Authentication Manufacturing Risk Communications

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . With each new version, the malware adds new features like dynamic library loading, encryption, and adjustments to different locales and manufacturers.” ” concludes the report. Pierluigi Paganini.

Financial Services

Financial Services Libraries Encryption Authentication

New U.S. defense bill targets drones, raises potential privacy and security concerns

Data Protection Report

JANUARY 30, 2018

These provisions allow the Department of Defense (DOD) to access communications from any UAV in limited circumstances. Commercial manufacturers or commercial users of UAVs in the United States should consider how this law will impact future design or operation of UAVs. Law Clerk–not admitted to practice law. [1] Circuit case, Taylor v.

Privacy

Privacy Manufacturing Communications Security

Australia banned Huawei from 5G network due to security concerns

Security Affairs

AUGUST 25, 2018

The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks. The US was the first country that warned of the security risks associated with the usage of the products manufactured by the Chinese telecommunications giant. Pierluigi Paganini.

Security

Security Military Manufacturing Retail

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

” PIONEER KITTEN operations leverage on SSH tunneling, through open-source tools such as Ngrok, they also used the custom tool SSHMinion to communication with malware deployed in the target networks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

Security Affairs

DECEMBER 3, 2018

According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company. ” Which is the Spark’s opinion on the ban?

Security

Security Government Communications Manufacturing

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including the defense, high tech, energy, government, aerospace, and manufacturing. Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum.

Communications

Communications Manufacturing Encryption Security

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Security Affairs

JANUARY 10, 2020

The reason for this is that the vulnerability originated in reference software, which has seemingly been copied by different cable modems manufacturers when creating their cable modem firmware. A ‘DNS Rebinding’ attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost.

Manufacturing

Manufacturing Paper Risk Communications

Cranes, drills and other industrial machines exposed to hack by RF protocols

Security Affairs

JANUARY 15, 2019

Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines. Pierluigi Paganini.

Communications

Communications Mining Risk Manufacturing

The CallStranger UPnP vulnerability affects billions of devices

Security Affairs

JUNE 9, 2020

To mitigate the issue manufacturers should disable the UPnP SUBSCRIBE capability in default configurations, and ensure that explicit user consent is required to enable SUBSCRIBE with any appropriate network restrictions. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Manufacturing

Manufacturing Communications Access Security

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors. To make hard the analysis of the malware, backdoor DLLs are heavily obfuscated and C2 communication encrypted. Pierluigi Paganini.

Libraries

Libraries Encryption Communications Manufacturing

Aluminum producer Norsk Hydro hit by a massive cyber attack

Security Affairs

MARCH 19, 2019

“Some operations at plants where metal is fashioned into finished products for use in cars, planes and other manufactured goods, have been temporarily stopped, said spokesman Halvor Molland.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported Bloomberg. Pierluigi Paganini.

Manufacturing

Manufacturing Ransomware Communications Cybersecurity

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

DECEMBER 21, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Department of Energy’s Lawrence Berkeley National Laboratory. ” continues the DoJ’s Press release. The Chinese hackers are accused of targeting and compromising Managed Service Providers to steal sensitive business information from their customers.

Computer and Electronics

Computer and Electronics Healthcare Manufacturing Government

USB Drives shipped with Schneider Solar Products were infected with malware

Security Affairs

SEPTEMBER 6, 2018

ComBox is a communications and monitoring device for installers and operators of Conext solar systems. Schneider revealed that the USB drives were infected with a malware during manufacturing at a third-party supplier’s facility. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Manufacturing Communications Security

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

BUSSide is a software framework developed for ESP8266 , running on a NodeMCU board which allows a python client on your laptop to communicate (mostly through bit-banging) with different hardware components through different protocols (i.e. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Manufacturing Communications Security

China installs a surveillance app on tourists’ phones while crossing in the Xinjiang

Security Affairs

JULY 3, 2019

Researchers at German cybersecurity firm Cure53 found evidence that the app was developed by a unit of FiberHome, a Chinese telecom manufacturer that is partly owned by the government. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the NYT. Pierluigi Paganini.

Manufacturing

Manufacturing Government Communications Cybersecurity

Bluetooth BIAS attack threatens billions of devices

Security Affairs

MAY 19, 2020

.” Experts explained that combining the BIAS attack with other attacks, such as the KNOB (Key Negotiation of Bluetooth) attack , the attacker van brute-force the encryption key and use it to decrypt communications. The SIG recommends Bluetooth users to install the latest updates from the device and operating system manufacturers.

Authentication

Authentication Encryption Paper Manufacturing

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

These unexpected reboots resulted in brief communications outages (i.e., The attack caused brief communications outages between the control center and the sites, and the field devices at the sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the document. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Communications Manufacturing Risk

IoT devices at major Manufacturers infected with crypto-miner

ICS-CERT warns of several flaws in the GE Communicator software

Trending Sources

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Building a sustainable automotive supply chain

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

US officials claim Huawei Equipment has secret backdoor for spying

Belgium telecom operators Proximus and Orange drop Huawei

High Severity DoS bug affects Several Yokogawa products

The City of Durham shut down its network after Ryuk Ransomware attack

ATM vendors Diebold and NCR fixed deposit forgery bugs

UK NCSC releases the Vulnerability Disclosure Toolkit

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Kr00k Wi-Fi Encryption flaw affects more than a billion devices

The US Gov is testing high-altitude balloons for surveillance

DHS issued an alert on attacks aimed at Managed Service Providers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

France will not ban Huawei from its upcoming 5G networks

Medtronic’s implantable heart defibrillators vulnerable to hack

Hackers bypassed vein based authentication with a fake hand

Experts demonstrate how to exfiltrate data using smart bulbs

Sweden bans Huawei and ZTE from building its 5G infrastructure

xHelper, the Unkillable Android malware that re-Installs after factory reset

Hackers target German Task Force for COVID-19 PPE procurement

Nefilim ransomware gang published Luxottica data on its leak site

Trend Micro observed notable malware activity associated with the Momentum Botnet

Critical unfixed flaws affect ABB Safety PLC Gateways

EventBot, a new Android mobile targets financial institutions across Europe

New U.S. defense bill targets drones, raises potential privacy and security concerns

Australia banned Huawei from 5G network due to security concerns

Iran-linked APT group Pioneer Kitten sells access to hacked networks

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

China-Linked APT15 group is using a previously undocumented backdoor

Cable Haunt flaw exposes 200M+ Broadcom-based cable modems at remote hijacking

Cranes, drills and other industrial machines exposed to hack by RF protocols

The CallStranger UPnP vulnerability affects billions of devices

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Aluminum producer Norsk Hydro hit by a massive cyber attack

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

USB Drives shipped with Schneider Solar Products were infected with malware

Hacking IoT & RF Devices with BürtleinaBoard

China installs a surveillance app on tourists’ phones while crossing in the Xinjiang

Bluetooth BIAS attack threatens billions of devices

DoS attack the caused disruption at US power utility exploited a known flaw

Stay Connected