Analysis, Document, Manufacturing and Security - Information Management Today

Malicious PDF Analysis

Security Affairs

FEBRUARY 13, 2019

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Most security tools must always be adapted to this new reality of attack and infection. SecurityAffairs – PDF analysis, hacking). Twitter: [link].

Manufacturing

Manufacturing Analytics Cybersecurity Risk

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. Gb - NDA The group published a set of files as proof of the security breach and threatens leak all the stolen data if the victim will not pay the ransom. . - It is a subsidiary of the partially state-owned Chinese company Wingtech Technology.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

DoppelPaymer hackers leaked online internal confidential documents belonging to some of the largest aerospace companies in the world. The gang behind the DoppelPaymer ransomware has stolen internal confidential documents belonging to some of the largest aerospace companies in the world from the industrial contractor Visser Precision.

Ransomware

Ransomware Manufacturing Military Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. This actor was first spotted by PaloAlto’s UNIT42 in 2018 during wide scale operations against technology, retail, manufacturing, and local government industries in the US, Europe and Asia.

Manufacturing

Manufacturing e-Delivery IT Security

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. The campaign targeted organizations in many sectors, including the high-tech, finance, legal services and manufacturing industries. Attackers do this to evade detection by security vendors.”

Encryption

Encryption Manufacturing Archiving Phishing

NSO Group Hacked

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists. There’s a lot to read out there.

Manufacturing

Manufacturing IT

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis.

Artificial Intelligence

Artificial Intelligence Ransomware Cybersecurity Manufacturing

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

“The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the structural subdivision of the Russian Ministry of Transport – the Federal Air Transport Agency (Rosaviatsia) – is now acquired.”

Military

Military Manufacturing Government Authentication

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. and Brazil.

Ransomware

Ransomware Encryption Metadata Manufacturing

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Security Affairs

MAY 16, 2021

The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. The Avaddon ransomware gang is giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. ” reads the statement published by the group on its leak site.

Ransomware

Ransomware Manufacturing Communications Risk

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER) service. Upon opening the document, a macro is triggered, the malicious code uses a custom version of the CactusTorch VBA module to perform a fileless attack.

Phishing

Phishing Manufacturing Archiving Government

Experts warn of a spike in May and June of 8Base ransomware attacks

Security Affairs

JUNE 28, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. ” Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. and Brazil. and Brazil.

Ransomware

Ransomware Encryption Manufacturing Business Services

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices. Prioritize Data Protection The downfall of many security strategies is that they become too general and too thinly spread. But it requires different levels of security.

Data breaches

Data breaches Big data Cybersecurity Security

At least 31 US Businesses targeted with WastedLocker Ransomware

Security Affairs

JUNE 29, 2020

The malicious code was first documented by researchers from the NCC Group’s report and later Symantec published its own analysis. Security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. . Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Access Security

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the Microsoft Exchange ProxyShell and the Windows PetitPotam vulnerabilities to take over Windows domains. Instead, LockFile encrypts every other 16 bytes of a document. LOCKFILE-README-[hostname]-[id].hta’)

Encryption

Encryption Ransomware Financial Services Manufacturing

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A Webcam made by HiChip that includes the iLnkP2P software.

IoT

IoT Manufacturing Passwords Computer and Electronics

INFOSOURCE IS PARTICIPATING IN THE INDUSTRIAL PRINTING INTEGRATION (IPI) CONFERENCE 2023

Info Source

OCTOBER 16, 2023

During this time they have established long-lasting, trustworthy business relationships with all manufacturers as well as with thousands of individuals throughout the globe covering different industries, including Digital Color Press, Large Format Printers, B&W and Color Production Devices, Direct-to-Garment and Direct-to-Film Printers.

Manufacturing

Manufacturing Marketing Sales Access

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

Security Affairs

JANUARY 4, 2023

Cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in the vehicles manufactured by tens of carmakers and services implemented by vehicle solutions providers. The experts were able to access to internal dealer portals and retrieve sales documents for BMW by providing VIN numbers. Pierluigi Paganini.

Sales

Sales Access Manufacturing Authentication

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

JULY 17, 2020

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.” Pierluigi Paganini.

Business Services

Business Services Ransomware Manufacturing Archiving

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. . ” reads the analysis published by the experts. Victims of the group are located in North America, Europe, and Southeast Asia. .

Healthcare

Healthcare Phishing Manufacturing Government

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

The campaign flew under the radar since at least 2019, it was attributed by the experts to the China-linked Winnti group and targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” reads the report published by Cybereason. The technique was rarely seen in attacks.

Manufacturing

Manufacturing Archiving Cybersecurity Access

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

” states the analysis published by FireEye. “For example, UNC2529 used a unique username, masquerading as an account executive for a small California-based electronics manufacturing company, which Mandiant identified through a simple Internet search.” orgs with 3 malware appeared first on Security Affairs.

Manufacturing

Manufacturing Phishing Military Retail

SBOMs: Securing the Software Supply Chain

eSecurity Planet

OCTOBER 26, 2021

Threat intelligence can help scan IT environments for the latest malware, but that’s just one security layer against zero-day threats. Also read: How to Defend Common IT Security Vulnerabilities. SPDX files include software components, copyrights, licenses, and security references. The Problem with Software Supply Chains.

Security

Security Risk Compliance Cybersecurity

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

” reads the analysis published by Lookout. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. According to leaked documents published in WikiLeaks in 2015, RCS Lab was a reseller of the notorious Italian surveillance firm HackingTeam. Pierluigi Paganini.

Military

Military Manufacturing Government Security

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

SEPTEMBER 11, 2019

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. manufacturing company. ” read the analysis of the experts.

Manufacturing

Manufacturing Phishing Passwords Sales

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Security Affairs

JUNE 5, 2020

During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized to deliver such kind of malicious tool, uncovering a hidden malicious campaign designed to target Italian speaking victims. Technical Analysis. Figure 2: Overview of the malicious document. The Italian Dropper.

Manufacturing

Manufacturing File names IT Libraries

Gangnam Industrial Style APT campaign targets industrial firms worldwide

Security Affairs

DECEMBER 18, 2019

Experts from the CyberX’s threat intelligence team Section 52 uncovered an ongoing cyberespionage campaign, tracked as Gangnam Industrial Style, that targeted industrial, engineering, and manufacturing organizations, most of them in South Korea (60%). ” concludes the analysis. ” concludes the analysis.

Manufacturing

Manufacturing Phishing Paper Passwords

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

Once the victim double-clicked the HTML file, a blurred image with a preconfigured email within the document is opened in the browser. The analysis of a subset of ~500 stolen credentials revealed that victims belong to a wide range of target industries, including IT, healthcare, real estate, and manufacturing.

Phishing

Phishing Passwords Manufacturing Cybersecurity

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

Data Matters

FEBRUARY 14, 2019

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “ Medical Device and Health IT Joint Security Plan ” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers. Design Control.

Cybersecurity

Cybersecurity IT Manufacturing Risk

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

Security Affairs

NOVEMBER 20, 2020

The analysis of attacks where Egregor has been deployed revealed that the TTPs used by the threat actors are almost identical to the ones used by the ProLock operators, whose campaigns have been described in Group-IB blog post in May. Egregor’s favorite sectors are Manufacturing (28.9% ProLock = Egregor. of victims) and Retail (14.5%).

Ransomware

Ransomware Retail Encryption Manufacturing

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The TrickBoot functionality was documented by experts from Advanced Intelligence (AdvIntel) and Eclypsium. ” reads the joint analysis published by AdvIntel and Eclypsium. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM). Pierluigi Paganini.

Manufacturing

Manufacturing Security Ransomware IT

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” “At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company.

Cloud

Cloud Manufacturing Marketing Data breaches

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

As of April 28, the site mentioned nine companies primarily from aviation, financial, education and manufacturing industries. An example of spam email content Clicking the malicious link obviously leads to downloading a weaponized document. Original Analysis published @ [link]. About Group-IB. Pierluigi Paganini.

Ransomware

Ransomware Education Manufacturing Healthcare

Qbot uses a new email collector module in the latest campaign

Security Affairs

AUGUST 31, 2020

Most of the infections were observed in organizations in the US and Europe, the most targeted industries were in the government, military, and manufacturing sectors. . ” reads the analysis published by CheckPoint. The post Qbot uses a new email collector module in the latest campaign appeared first on Security Affairs.

Passwords

Passwords Military Manufacturing Encryption

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

SEPTEMBER 9, 2019

. “The unprecedented cyber disruption this spring did not cause any blackouts, and none of the signal outages at the “low-impact” control center lasted for longer than five minutes, NERC said in the “Lesson Learned” document posted to the grid regulator’s website.” ” states the NERC document.

Energy and Utilities

Energy and Utilities Communications Manufacturing Risk

Threat Model Thursday: 5G Infrastructure

Adam Shostack

JULY 1, 2021

I think the report from a Threat Model Working Panel of the Enduring Security Framework of CIPAC, but then there’s language like “identified by the ESF and 5G TM working panel… (emphasis added)” which implies its separate. Missing boundaries may be a flaw in the design of 5G, rather than a flaw in the analysis.

Manufacturing

Manufacturing Encryption IT Security

Proposed Changes to FDA Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: What you Should Know

HL Chronicle of Data Protection

OCTOBER 25, 2018

Department of Homeland Security (DHS) earlier this month. The new draft premarket cybersecurity guidance provides information designed to aid manufacturers in determining how to meet the agency’s expectations during premarket review of medical devices. Consistent with the U.S.

Cybersecurity

Cybersecurity Manufacturing Risk Communications

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

How to use this template: Comments intended to guide understanding and use of this template will be enclosed in brackets “[…]” and the ‘company’ will be listed as [eSecurity Planet] throughout the document. Overview Security vulnerabilities enable attackers to compromise a resource or data.

Risk

Risk Compliance Security IT

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Since March, the attackers have been trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The list of the necessary documents was reportedly attached to the email, an attempt to download it, however, let TinyPosh in to the user’s computer.

Ransomware

Ransomware Phishing Encryption Authentication

UK: New National Strategy for Health Data

DLA Piper Privacy Matters

JULY 13, 2022

The UK’s Department for Health and Social Care (“ DHSC ”) has published a major strategy document (‘ Data saves lives: reshaping health and social care with data ’) outlining the government’s plans for the regulation and use of data in healthcare. Secure Data Environments. Secure data environments are a hot topic in data circles.

Artificial Intelligence

Artificial Intelligence Privacy Government Access

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” “At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company.

Cloud

Cloud Manufacturing Marketing Data breaches

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

MARCH 5, 2019

“[In 2017] APT40 was observed masquerading as a UUV manufacturer, and targeting universities engaged in naval research. ” reads the analysis published by FireEye. ” continues the analysis. The post APT40 cyberespionage group supporting growth of China’s naval sector appeared first on Security Affairs.

Phishing

Phishing Passwords Manufacturing Government

Business process reengineering (BPR) examples

IBM Big Data Hub

APRIL 25, 2024

An early case study of BPR was Ford Motor Company, which successfully implemented reengineering efforts in the 1990s to streamline its manufacturing processes and improve competitiveness. Organizations of all sizes and industries implement business process reengineering. This can enable significant cost savings and improve profitability.

Analytics

Analytics Communications Marketing Manufacturing

Malicious PDF Analysis

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Webinars

Trending Sources

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Webinars

Cyber-Criminal espionage Operation insists on Italian Manufacturing

StrelaStealer targeted over 100 organizations across the EU and US

NSO Group Hacked

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

8Base ransomware operators use a new variant of the Phobos ransomware

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Experts warn of a spike in May and June of 8Base ransomware attacks

How to Prevent Data Breaches: Data Breach Prevention Tips

At least 31 US Businesses targeted with WastedLocker Ransomware

LockFile Ransomware uses a new intermittent encryption technique

P2P Weakness Exposes Millions of IoT Devices

INFOSOURCE IS PARTICIPATING IN THE INDUSTRIAL PRINTING INTEGRATION (IPI) CONFERENCE 2023

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

Orange Business Services hit by Nefilim ransomware operators

Balikbayan Foxes group spoofs Philippine gov to spread RATs

China-linked Winnti APT steals intellectual property from companies worldwide

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

SBOMs: Securing the Software Supply Chain

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

LokiBot info stealer involved in a targeted attack on a US Company

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Gangnam Industrial Style APT campaign targets industrial firms worldwide

Passwords stolen via phishing campaign available through Google search

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

TrickBoot feature allows TrickBot bot to run UEFI attacks

Tracing the Supply Chain Attack on Android

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Qbot uses a new email collector module in the latest campaign

6 Best Threat Intelligence Feeds to Use in 2023

DoS attack the caused disruption at US power utility exploited a known flaw

Threat Model Thursday: 5G Infrastructure

Proposed Changes to FDA Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: What you Should Know

Vulnerability Management Policy Template

Group-IB detects a series of ransomware attacks by OldGremlin

UK: New National Strategy for Health Data

Tracing the Supply Chain Attack on Android

APT40 cyberespionage group supporting growth of China’s naval sector

Business process reengineering (BPR) examples

Stay Connected