Access, Information Security and Manufacturing - Information Management Today

Access:7 flaws impact +150 device models from over 100 manufacturers

Security Affairs

MARCH 8, 2022

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked as Access:7, in the widely used Axeda platform of IIoT solutions provider PTC.

Manufacturing

Manufacturing Access IoT Authentication

German Federal Office for Information Security (BSI) investigates Chinese mobile phones

Security Affairs

SEPTEMBER 26, 2021

German Federal Office for Information Security is launching an investigation into the cybersecurity of certain Chinese mobile phones. German Federal Office for Information Security (BSI) is launching an investigation into the cybersecurity of mobile phones of certain Chinese manufacturers. Pierluigi Paganini.

Information Security

Information Security Manufacturing Security Communications

How your staff make security decisions: The psychology of information security

IT Governance

JANUARY 20, 2021

Perhaps there’s a new face in the office that they don’t recognise, or a new password they need to remember, or a database of sensitive information that they need to upload onto the Cloud. For example, he found that employees usually don’t have a solid understanding of information security or their obligations to protect information.

Information Security

Information Security Security Passwords Encryption

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. We found critical vulnerabilities in your network infrastructure and gained access to the company’s files and confidential data. Currently, the volume of downloaded data is approximately 60 GB.”

Manufacturing

Manufacturing Military Archiving Cybersecurity

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Security awareness Cybersecurity

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing IoT Retail

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Security Affairs

FEBRUARY 24, 2021

Hackers posted data stolen from manufacturer of business jets Bombardier on Clop ransomware leak site following alleged FTA hack. The investigation indicates that the attackers had access only to data stored on the specific servers. Bombardier pointed out that manufacturing and customer support operations have not been impacted.

Manufacturing

Manufacturing Security Ransomware Cybersecurity

Space and defense tech maker Exail Technologies exposes database access

Security Affairs

SEPTEMBER 21, 2023

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. Exail, a French high-tech industrial group, left exposed a publicly accessible environment (.env) What Exail data was exposed?

Access

Access Manufacturing IT Security

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

Experts found vulnerabilities in HID Mercury Access Controllers can be exploited by attackers to remotely unlock doors. Researchers from security firm Trellix discovered some critical vulnerabilities in HID Mercury Access Controllers that can be exploited by attackers to remotely unlock doors. ” continues the post.

Access

Access Authentication Manufacturing Cybersecurity

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Related: Privacy rules for vehicles As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows. Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats.

Manufacturing

Manufacturing Cybersecurity IoT Risk

California Enacts New Requirements for Internet of Things Manufacturers

Hunton Privacy

OCTOBER 1, 2018

According to Bloomberg Law, the Bills’ non-specificity regarding what “reasonable” features include is intentional; it is up to the manufacturers to decide what steps to take. On September 28, 2018, California Governor Jerry Brown signed into law two identical bills regulating Internet-connected devices sold in California. 327 and A.B.

Manufacturing

Manufacturing Privacy Access Security

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0206 is an access broker tracked by Microsoft, which uses malvertising campaigns to compromise networks worldwide. The discovery made by Microsoft is very interesting because it is the first time that researchers found evidence that worm operators leverage an access broker to compromise enterprise networks. Pierluigi Paganini.

Ransomware

Ransomware Access Encryption Manufacturing

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

MAY 14, 2024

Automotive, healthcare, and manufacturing), including critical infrastructure. ” EMB3D was designed as a dynamic framework that will continuously evolve over time, including new threats and mitigations as they are identified by threat actors and security researchers.

Manufacturing

Manufacturing IoT Security Access

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Access

Access Financial Services Retail Insurance

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. It is a subsidiary of the partially state-owned Chinese company Wingtech Technology.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs

MARCH 3, 2024

Camera doorbells manufactured by the Chinese company Eken Group Ltd under the brands EKEN and Tuck are affected by major vulnerabilities. Researchers from Consumer Reports (CR) discovered severe vulnerabilities in doorbell cameras manufactured by the Chinese company Eken Group Ltd. ” reads the report published by CR.

Manufacturing

Manufacturing Retail Sales Communications

Experts found undocumented access feature in Siemens SIMATIC PLCs

Security Affairs

NOVEMBER 17, 2019

Researchers discovered an undocumented access feature in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could be exploited by attackers to execute arbitrary code on affected devices. The teams of researchers discovered that the hardware undocumented access mode was present in the bootloader code since 2013.

Access

Access Manufacturing Risk Security

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. The company designs and develops digital imaging products for use in mobile phones, laptops, netbooks and webcams, security and surveillance cameras, entertainment, automotive and medical imaging systems.

Data breaches

Data breaches Ransomware Manufacturing Encryption

Black Basta ransomware gang hacked Hyundai Motor Europe

Security Affairs

FEBRUARY 9, 2024

Hyundai Motor Europe only reported the discovery of unauthorized access to a limited part of its network. Threat actors had access to the email addresses, physical addresses, telephone numbers, and vehicle chassis numbers of the impacted individuals. Te company also notified relevant local authorities.

Ransomware

Ransomware Data breaches Manufacturing Sales

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

MAY 24, 2024

This system consists of two main components: a DDNS client installed on the device that needs to be accessible and a DDNS server managed by a service provider. For instance, suppose firewall manufacturer ACME Inc. QNAP QNAP offers the “myQNAPcloud” service to simplify remote access to its NAS products.

Manufacturing

Manufacturing Encryption Communications Cybersecurity

Volvo Cars suffers a data breach. Is it a ransomware attack?

Security Affairs

DECEMBER 10, 2021

Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. ” reads the notice of cyber security breach published by Volvo. kronor ($8.00, 7.06

Data breaches

Data breaches Ransomware IT Manufacturing

NHTSA Publishes Final Cybersecurity Best Practices

Hunton Privacy

SEPTEMBER 26, 2022

The 2022 Best Practices describe steps manufacturers can take to improve vehicle cybersecurity in light of emerging risks, taking into account both technological developments as well as other voluntary industry information security standards.

Cybersecurity

Cybersecurity Manufacturing Risk Information Security

Counting Down to the EU NIS2 Directive

Thales Cloud Protection & Licensing

MAY 22, 2024

On 17 October 2024, European Union Member States must adopt and publish the measures necessary to comply with the Network and Information Security Directive (NIS2). Supply chain security. Network and information systems security. Access control policies and asset management. Cybersecurity risk management.

Compliance

Compliance Authentication Healthcare Cybersecurity

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. SAP redirect vulnerability is a security issue that affects web application servers for SAP products (SAP NetWeaver Application Server Java).

Phishing

Phishing Manufacturing Access Information Security

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Exposed sensitive files On February 17, 2023, the Cybernews research team discovered public access to sensitive files hosted on dimasvolvo.com.br The issue causing the leak has been fixed.

Retail

Retail Manufacturing Communications Passwords

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Passwords

Passwords Manufacturing Authentication Government

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” reads the alert. . “the U.S. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

Security Affairs

DECEMBER 21, 2022

CyberNews researchers reported that Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Ecco, a global shoe manufacturer and retailer, exposed millions of documents. The team has identified that Ecco left 50 indices exposed to the public, with over 60GB of data accessible since June 2021. What happened?

Retail

Retail Manufacturing Sales Phishing

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server.

Ransomware

Ransomware Manufacturing Access Security

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

CISA published a security advisory to warn of multiple critical vulnerabilities affecting in Prima FlexAir access control system. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of critical flaws affecting access control systems manufactured by Prima Systems.

Access

Access Authentication File names Manufacturing

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Education Passwords

BMW exposes data of clients in Italy, experts warn

Security Affairs

MARCH 9, 2023

Original post at: [link] Hackers have been enjoying their fair share of the spotlight by breaching car manufacturers’ defenses. If a malicious hacker were to discover the flaw, they could exploit it to access customer data, steal the company’s source code, and look for other vulnerabilities to exploit.

Manufacturing

Manufacturing Access Phishing Passwords

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs).

Agriculture

Agriculture Data collection Access Manufacturing

Toyota Italy accidentally leaked sensitive data

Security Affairs

MARCH 28, 2023

A Japanese multinational accidentally leaked access to its marketing tools, enabling attackers to launch phishing campaigns against its vast pool of customers in Italy. Threat actors could abuse this information to gain access to Toyota clients’ phone numbers and email addresses and abuse them to launch phishing attacks.

Manufacturing

Manufacturing Marketing Phishing Cloud

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. OpenSSH is also used for external access. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. carmaker with spear-phishing attacks.

Phishing

Phishing Manufacturing Libraries IT

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs

OCTOBER 1, 2023

The ransomware group accused the organization of has attempted to cover up the security breach. The ransomware gang also added that they have still access to the network of the organization. The cyber security researcher Dominic Alvieri reported that ALPHV BlackCat Ransomware has breached 15 more US hospitals & 2 HMOs.

Ransomware

Ransomware Manufacturing Privacy Security

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Most of the victims are in the manufacturing, engineering and construction, and retail sectors. Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.

Ransomware

Ransomware Blockchain Retail Insurance

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions. US Government and defense contractor Belcan left its super admin credentials open to the public, Cybernews research team reveals.

Passwords

Passwords Military Manufacturing Analytics

Belden discloses data breach as a result of a cyber attack

Security Affairs

NOVEMBER 25, 2020

Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. “Our IT professionals were able to detect the unusual activity and believe we have stopped further unauthorized access of personal data on our servers.”

Data breaches

Data breaches Manufacturing Insurance Access

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Security

Security Manufacturing Passwords Ransomware

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

Mandiant researchers linked a series of attacks that took place in mid-2022 to a China-linked threat actor tracked as UNC3886 by the security firm. ” The attackers exploted the CVE-2022-41328 zero-day to write files to FortiGate firewall disks outside of the normal bounds allowed with shell access., ” concludes Mandiant.

Manufacturing

Manufacturing Access Government Communications

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware

Ransomware Security Manufacturing Cybersecurity

Nice Suzuki, sport: shame dealer left your data up for grabs

Security Affairs

JULY 21, 2023

In the latest discovery by the Cybernews research team, two Suzuki-authorized dealer websites were found to be leaking sensitive information. Files that should be secure and kept private were left publicly accessible. Rarely do car manufacturers sell their cars directly. We’ve grown to trust our local car sellers.

Manufacturing

Manufacturing Phishing Access Insurance

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

When enforced, the regulation will mandate manufacturers to prioritize security from the design stage and throughout the product's entire lifecycle. The Act is expected to enter into force in 2024, and manufacturers must apply the rules 36 months after they enter into force.

Compliance

Compliance Cybersecurity Risk Manufacturing

Access:7 flaws impact +150 device models from over 100 manufacturers

German Federal Office for Information Security (BSI) investigates Chinese mobile phones

Trending Sources

How your staff make security decisions: The psychology of information security

Threat actor claims to have hacked European manufacturer of missiles MBDA

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

NCSC: New UK law bans default passwords on smart devices

Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

Space and defense tech maker Exail Technologies exposes database access

HID Mercury Access Controller flaws could allow to unlock Doors

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

California Enacts New Requirements for Internet of Things Manufacturers

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

MITRE released EMB3D Threat Model for embedded devices

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Eken camera doorbells allow ill-intentioned individuals to spy on you

Experts found undocumented access feature in Siemens SIMATIC PLCs

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Black Basta ransomware gang hacked Hyundai Motor Europe

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Volvo Cars suffers a data breach. Is it a ransomware attack?

NHTSA Publishes Final Cybersecurity Best Practices

Counting Down to the EU NIS2 Directive

Don’t trust links with known domains: BMW affected by redirect vulnerability

Volvo retailer leaks sensitive files

3.5m IP cameras exposed, with US in the lead

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

CISA warns of critical flaws in Prima FlexAir access control system

FBI and CISA warn of attacks by Rhysida ransomware gang

BMW exposes data of clients in Italy, experts warn

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Toyota Italy accidentally leaked sensitive data

FIN7 targeted a large U.S. carmaker phishing attacks

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Defense contractor Belcan leaks admin password with a list of flaws

Belden discloses data breach as a result of a cyber attack

Security Affairs newsletter Round 377

China-linked APT likely linked to Fortinet zero-day attacks

MSI confirms security breach after Money Message ransomware attack

Nice Suzuki, sport: shame dealer left your data up for grabs

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Stay Connected