Analysis, Information Security and Manufacturing

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

FEBRUARY 8, 2020

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? Pierluigi Paganini.

Manufacturing

Manufacturing IoT Communications Risk

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. It is a subsidiary of the partially state-owned Chinese company Wingtech Technology.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. ” continues the analysis. The organizations is major mobile hardware and software manufacturer based in Asia, experts contacted it to alert the company of the infection.

Manufacturing

Manufacturing Paper Communications IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

It is one of the largest pharmaceutical companies globally, engaged in the research, development, manufacturing, and marketing of a wide range of healthcare products. The analysis conducted on the ransomware revealed it was designed to look like ransomware but was wiper malware designed for sabotage purposes. Merck & Co.,

Insurance

Insurance Healthcare Manufacturing Ransomware

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The campaign targeted organizations in many sectors, including the high-tech, finance, legal services and manufacturing industries. ” The latest StrelaStealer variant uses a packer that employs a control flow obfuscation technique to render analysis more difficult.

Encryption

Encryption Manufacturing Archiving Phishing

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 are actively exploited in targeted attacks. Please contact your device manufacturer for more information on the patch status about specific devices.” ” reads the advisory.

Authentication

Authentication Manufacturing Security Information Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Who is behind the Mozi Botnet kill switch?

Security Affairs

NOVEMBER 2, 2023

[link] — 360 Netlab (@360Netlab) July 28, 2021 Earlier in August 2021, Microsoft researchers reported that the Mozi botnet was improved by implementing new capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. ” reads the analysis published by ESET. ” concludes the report. .

IoT

IoT Manufacturing IT Security

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Passwords

Passwords Manufacturing Authentication Government

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis.

Artificial Intelligence

Artificial Intelligence Ransomware Cybersecurity Manufacturing

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. ” reads the analysis published by Trend Micro. ” reads the analysis published by Trend Micro. ” continues the analysis. AGENDA.THIAFBB.” AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Education Passwords

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

Security Affairs

APRIL 10, 2020

Visser Precision is a parts maker for many companies in several industries, including aerospace, automotive, industrial and manufacturing. an antenna in an anti-mortar defense system), billing and payment forms, supplier information, data analysis reports, and legal paperwork. ” reads the statement published by El Reg.

Ransomware

Ransomware Manufacturing Military Cybersecurity

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

Security Affairs

JULY 5, 2023

Once inside the system, this malicious variant stealthily extracts sensitive information and proceeds to encrypt the compromised files.” ” reads the analysis published by Zscaler. ” continues the analysis. The malware communicates with the command and control servers through HTTPS.

Ransomware

Ransomware Energy and Utilities Encryption Manufacturing

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. ” reads the analysis published by Morphisec. to lure victims into downloading a malicious file.

Government

Government Manufacturing Authentication Cybersecurity

Surveillance vendor exploited Samsung phone zero-days

Security Affairs

NOVEMBER 9, 2022

“The chain merited further analysis because it is a 3 vulnerability chain where all 3 vulnerabilities are within Samsung custom components, including a vulnerability in a Java component.” “The analysis of this exploit chain has provided us with new and important insights into how attackers are targeting Android devices.

Manufacturing

Manufacturing Access IT Security

Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack

Security Affairs

APRIL 27, 2022

“The forensic analysis has been completed and the result has shown that this was a targeted professional cyber attack.” .” reads the press release published by the company. ” Deutsche Windtechnik did not disclose details about the attack, but experts believe that the company was hit with ransomware.

Manufacturing

Manufacturing Ransomware Cybersecurity Security

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Security Affairs

AUGUST 5, 2022

The attack took place in May and lasted seven days, the analysis of the network logs suggests TAC-040 exfiltrated around 700MBs of data from the victim system. “ATI’s thorough analysis determined that the attack occurred during the end of May over a seven day period. ” reads the analysis published by Deepwatch.

Manufacturing

Manufacturing Cybersecurity IT Access

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. continues the analysis. The malware uses TOR exit nodes as a backup C2 infrastructure. Initial access is typically through infected removable drives, often USB devices.

Manufacturing

Manufacturing Libraries Communications Cybersecurity

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Education

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. and Brazil.

Ransomware

Ransomware Encryption Metadata Manufacturing

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Security Affairs

FEBRUARY 1, 2022

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. ” reads the analysis published by Binarly. ” continues the post.

Manufacturing

Manufacturing Security Access IT

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Accenture security researchers published an analysis of the latest Hades campaign, which is ongoing since at least December 2020. . Experts discovered that threat actors targeted a large US transportation & logistics organization, a large US consumer products organization, and a global manufacturing organization.

Ransomware

Ransomware Encryption File names Manufacturing

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America. ” reads the analysis published by Symantec. Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases.

File names

File names Encryption Manufacturing Libraries

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

Security Affairs

SEPTEMBER 2, 2022

The malware was first spotted on September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. Now IBM Security X-Force researchers announced to have found evidence that Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks. ” reported IBM.

Security awareness

Security awareness Manufacturing Ransomware Cybersecurity

TinyNuke banking malware targets French organizations

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and other verticals. .

Manufacturing

Manufacturing Business Services Communications IT

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. ” reads the analysis published by Talos. Talos believes that NineRAT was built around May 2022, but was first spotted on March 2023 as part of Operation Blacksmith.

Agriculture

Agriculture Data collection Access Manufacturing

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

Security Affairs

DECEMBER 1, 2023

. “Our analysis suggests that Black Basta has received at least $107 million in ransom payments since early 2022, across more than 90 victims. ” Most of the victims are in the manufacturing, engineering and construction, and retail sectors. The average ransom payment was $1.2 61,9% of the victims are in the US, 15.8%

Ransomware

Ransomware Blockchain Retail Insurance

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

reads the advisory The vulnerability is a heap-based buffer overflow issue and according to the vendor it may have been exploited in a limited number of attacks aimed at government, manufacturing, and critical infrastructure sectors. ” states the analysis published by Bishop Fox. states the report published by Fortinet. .

Manufacturing

Manufacturing Authentication Risk Security

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs

FEBRUARY 11, 2024

The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The analysis of the samples before October, revealed that the operators also used an exploit for CVE-2023-29360. The malware uses TOR exit nodes as a backup C2 infrastructure.

Communications

Communications Manufacturing Libraries Cybersecurity

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

Manufacturing

Manufacturing Passwords Blockchain Cloud

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. ” reads the post published by Zscaler. ” concludes the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Archiving

Archiving Phishing Communications Manufacturing

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

” continues the analysis. Kaspersky reported attacks against entities in multiple industries, including education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers and telecommunications.

Manufacturing

Manufacturing Education Encryption IT

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

Security Affairs

JANUARY 4, 2023

Cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in the vehicles manufactured by tens of carmakers and services implemented by vehicle solutions providers. ” reads the analysis published by Curry.

Sales

Sales Access Manufacturing Authentication

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

Cisco Talos and the Citizen Lab researchers have published a technical analysis of the powerful Android spyware Predator. Security researchers at Cisco Talos and the Citizen Lab have shared technical details about a commercial Android spyware named Predator that is sold by the surveillance firm Intellexa (formerly known as Cytrox).

IT

IT Communications Access Manufacturing

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

It’s normal that … we want a European solution” because of the importance of “the security of our communication,” Macron told reporters. In July, the French information security agency ANSSI announced that Huawei Technologies Ltd. .'” reported the Associated Press agency.

IT

IT Military Manufacturing Risk

Experts warn of a spike in May and June of 8Base ransomware attacks

Security Affairs

JUNE 28, 2023

The group has been active since March 2022, it focused on small and medium-size businesses in multiple industries, including finance, manufacturing, business services, and IT. ” Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. and Brazil. and Brazil. ” reported NCC.

Ransomware

Ransomware Encryption Manufacturing Business Services

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)

Security Affairs

JANUARY 26, 2023

It has been estimated that the flaw CVE-2021-35394 affects almost 190 models of devices from 66 different manufacturers. The analysis of the attacks in the wild revealed the use of the following three types of payloads: A script executes a shell command on the targeted server (mostly from the Mirai).

IoT

IoT Manufacturing IT Security

RansomExx Ransomware upgrades to Rust programming language

Security Affairs

NOVEMBER 24, 2022

RansomExx operation has been active since 2018, the list of its victims includes government agencies, the computer manufacturer and distributor GIGABYTE , and the Italian luxury brand Zegna. ” reads the analysis published by IBM Security X-Force.

Ransomware

Ransomware Encryption Manufacturing Government

DHS warns of cyber attacks against small airplanes

Security Affairs

JULY 31, 2019

A few hours ago, I have written about an interesting analysis of the possible hack of avionics systems, not DHS warns of cyber attacks against small airplanes. Patrick Kiley, a senior security consultant at Rapid7 conducted an investigation into the security of avionics systems inside small airplanes. Pierluigi Paganini.

Computer and Electronics

Computer and Electronics Manufacturing Access Authentication

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

“Their analysis shows that the civil aviation sector of terrorist Russia is on the verge of collapse.” The state-sponsored hackers claimed to have stolen sensitive documents that contained proof of a crisis in Russia’s aviation industry. ” continues the announcement.

Military

Military Manufacturing Government Authentication

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

Tens of router models from Taiwanese SOHO manufacturer DrayTek are affected by a critical, unauthenticated, remote code execution vulnerability, tracked as CVE-2022-32548, that can be exploited to fully compromise a vulnerable device and gain unauthorized access to the broader network. . ” continues the analysis.

Passwords

Passwords Manufacturing Access IT

Audio equipment maker Bose Corporation discloses a ransomware attack

Security Affairs

MAY 25, 2021

The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Performed detailed forensics analysis on impacted server to analyse the impact of the malware/ransomware.

Ransomware

Ransomware Manufacturing Encryption Passwords

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

” Threat actors employed anti-analysis and evasion techniques, including, code obfuscation and performing some checks for sandbox or debugger environments. At the time of the analysis, the hard-coded target URL of the malware was not reachable making it impossible to attribute the Kraken technique to a specific threat actor.

Phishing

Phishing Manufacturing Archiving Government

IoT devices at major Manufacturers infected with crypto-miner

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Webinars

Trending Sources

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Webinars

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

StrelaStealer targeted over 100 organizations across the EU and US

Chipmaker Qualcomm warns of three actively exploited zero-days

China-linked APT Curious Gorge targeted Russian govt agencies

Who is behind the Mozi Botnet kill switch?

3.5m IP cameras exposed, with US in the lead

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Experts spotted a variant of the Agenda Ransomware written in Rust

FBI and CISA warn of attacks by Rhysida ransomware gang

DoppelPaymer crew leaked internal confidential documents belonging to aerospace companies

RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild

SYS01 stealer targets critical government infrastructure

Surveillance vendor exploited Samsung phone zero-days

Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Microsoft: Raspberry Robin worm already infected hundreds of networks

Cybersecurity agencies published a joint LockBit ransomware advisory

8Base ransomware operators use a new variant of the Phobos ransomware

Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Hades ransomware gang targets big organizations in the US

China-linked APT41 group targets Hong Kong with Spyder Loader

Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

TinyNuke banking malware targets French organizations

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Raspberry Robin spotted using two new 1-day LPE exploits

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Grandoreiro banking malware targets Mexico and Spain

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

Researchers analyzed the PREDATOR spyware and its loader Alien

France will not ban Huawei from its upcoming 5G networks

Experts warn of a spike in May and June of 8Base ransomware attacks

Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394)

RansomExx Ransomware upgrades to Rust programming language

DHS warns of cyber attacks against small airplanes

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Audio equipment maker Bose Corporation discloses a ransomware attack

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Stay Connected