How To, Information Security and Manufacturing - Information Management Today

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. It is the second-largest contract laptop manufacturer in the world behind Quanta Computer. Acer, Lenovo, Dell, Toshiba, Hewlett-Packard and Fujitsu. It also licenses brands of its clients.

Manufacturing

Manufacturing Ransomware Computer and Electronics Information Security

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. More recently, Sultan Qasim Khan, a principal security adviser with a UK-based security firm, tricked a Tesla into thinking the driver was inside by rerouting communication between the automaker’s mobile app and the car.

Manufacturing

Manufacturing Cybersecurity IoT Risk

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The Flaws in Manufacturing Process. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. You don’t need to be super rich anymore to turn your entire household into a smart home.

IoT

IoT Cybersecurity Manufacturing Passwords

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. The vulnerabilities discovered by the security duo impacts the Wincor Cineo ATMs with the RM3 and CMD-V5 dispensers.

Encryption

Encryption Manufacturing Authentication Security

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

Depending on sensitive information is stored in the invalid data area, computer users can feel more or less alarmed by this” Experts pointed out that manufacturers of SSDs usually not erase the invalid data area to save on resources, they only break the link of the mapping table to prevent ill-intentione to access it.

Paper

Paper Access Manufacturing Security

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

NAS servers are a privileged target for hackers because they normally store large amounts of data.The ransomware was targeting poorly protected or vulnerable NAS servers manufactured by QNAP, threat actors exploited known vulnerabilities or carried out brute-force attacks. The post How to secure QNAP NAS devices?

Ransomware

Ransomware Security Encryption Systems administration

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

When the victim clicks on a link that appears to be legitimate, they’re redirected to the attacker’s website, where malicious JavaScript is executed in the client’s browser or where they are prompted to enter sensitive information. BMW is a German manufacturer of luxury vehicles headquartered in Munich.

Phishing

Phishing Manufacturing Access Information Security

LockBit ransomware group claims to have hacked Bridgestone Americas

Security Affairs

MARCH 13, 2022

LockBit ransomware gang claimed to have hacked Bridgestone Americas, one of the largest manufacturers of tires. LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company.

Ransomware

Ransomware Manufacturing Systems administration Information Security

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs

OCTOBER 1, 2023

Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun.” ” See you again…….” ” reads the message published by the ALPHV gang on its leak site. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware Manufacturing Privacy Security

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

When enforced, the regulation will mandate manufacturers to prioritize security from the design stage and throughout the product's entire lifecycle. The Act is expected to enter into force in 2024, and manufacturers must apply the rules 36 months after they enter into force.

Compliance

Compliance Cybersecurity Risk Manufacturing

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network. After looking at 28 of the most popular manufacturers, our research team found 3.5 The reign of a Chinese brand.

Passwords

Passwords Manufacturing Authentication Government

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Other research by Cybernews has revealed that BMW , a German luxury vehicle manufacturer producing around 2.5 How to protect your data? The issue causing the leak has been fixed.

Retail

Retail Manufacturing Communications Passwords

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. And SYS01 stealer at heart relies on a social engineering campaign, so it’s important to train users about the tricks adversaries use so they know how to spot them.”

Government

Government Manufacturing Authentication Cybersecurity

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. Below is a video demo published by the researcher that shows how to exploit the flaw CVE-2023–1748 to obtain users’ info.

Manufacturing

Manufacturing Cybersecurity Education Authentication

QNAP urges users to take action to protect devices against Brute-Force attacks

Security Affairs

MARCH 28, 2021

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. “With increasing reports of brute-force attacks, QNAP urges its users to take immediate action to enhance the security of their devices.”

Passwords

Passwords Manufacturing Security Access

NIST published updated guidance for supply chain risks

Security Affairs

MAY 8, 2022

“The purpose of this publication is to provide guidance to enterprises on how to identify, assess, select, and implement risk management processes and mitigating controls across the enterprise to help manage cybersecurity risks throughout the supply chain.”

Risk

Risk Manufacturing Cybersecurity Retail

NI CompactRIO controller flaw could allow disrupting production

Security Affairs

DECEMBER 12, 2020

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.

Manufacturing

Manufacturing Authentication Cybersecurity Security

Toyota Italy accidentally leaked sensitive data

Security Affairs

MARCH 28, 2023

Threat actors could abuse this information to gain access to Toyota clients’ phone numbers and email addresses and abuse them to launch phishing attacks. Cybernews has reached out to the car manufacturer, and, at the time of writing, the dataset has been secured. env) hosted on the official Toyota Italy website.

Manufacturing

Manufacturing Marketing Phishing Cloud

McLaren Health Care revealed that a data breach impacted 2.2 million people

Security Affairs

NOVEMBER 10, 2023

Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun.” The cyber security researcher Dominic Alvieri reported that ALPHV BlackCat Ransomware has breached 15 more US hospitals & 2 HMOs. ” See you again…….”

Data breaches

Data breaches Ransomware Insurance Manufacturing

The Hacker Mind Podcast: How To Get Paid To Hack

ForAllSecure

SEPTEMBER 29, 2022

The general topic of how to get started in InfoSec, that's a given. I mean, it's not clear how you get a job, or even experience for that matter. And the rest, they say is this as a reporter, I was in a position to learn as I wrote about information security. But what if you're on your own? I hope you'll stick around.

Mining

Mining IT Communications Marketing

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

The FBI is working with private sector partners who manufacture smart devices to advise customers about the scheme and how to avoid being victimized. The FBI is also working to alert law enforcement first responders to this threat so they may respond accordingly.”

Passwords

Passwords Manufacturing Authentication Access

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer.

Manufacturing

Manufacturing Passwords Blockchain Cloud

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. Microsoft also provided instructions on how to investigate suspected compromised accounts or affected systems.

Manufacturing

Manufacturing Education Access Government

DDoS Attacks Skyrocket, Kaspersky Researchers Say

eSecurity Planet

NOVEMBER 11, 2021

Hackers targeted a wide range of organizations, such as banks, mail services, Bitcoin sites, VoIP providers, vaccination registration portals, information security media, gaming platforms, government sites, and even security agencies. Also read: How to Stop DDoS Attacks: 6 Tips for Fighting DDoS Attacks.

Manufacturing

Manufacturing Communications IoT Passwords

A million at risk from user data leak at Korean beauty platform PowderRoom

Security Affairs

MARCH 23, 2023

Backed by beauty-product manufacturers, PowderRoom has hundreds of thousands of followers on social media, and its Android app has been downloaded more than 100,000 times on Google Play. The platform exposed full names, phone numbers, emails, Instagram usernames, and even home addresses.

Risk

Risk Metadata Manufacturing Personal data

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. “Information sharing is easy to talk about, and hard to do in practice,” Daniel said.

Cybersecurity

Cybersecurity Phishing Government Ransomware

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. “Security analysts and test engineers can use the list in preparing plans for security testing and evaluation.

Manufacturing

Manufacturing Education Access Security

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

Security Affairs

JANUARY 4, 2023

Cybersecurity researcher Sam Curry and his colleagues discovered many vulnerabilities in the vehicles manufactured by tens of carmakers and services implemented by vehicle solutions providers. BMW, Mercedes, Toyota, and other popular carmakers use vulnerable APIs that could have allowed attackers to perform malicious activities.

Sales

Sales Access Manufacturing Authentication

EUROPE: EU MDGC issues new guidance on Cybersecurity for medical devices

DLA Piper Privacy Matters

JANUARY 29, 2020

On 7 January 2020, the EU Medical Device Coordination Group published new guidance to help manufacturers fulfil all relevant cybersecurity requirements in Annex I to the new Medical Device Regulations (Regulations 2017/745 on medical devices and 2017/746 on in vitro diagnostic medical devices) (the Guidelines).

Cybersecurity

Cybersecurity Manufacturing GDPR Risk

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

Whether we put name ‘X’ or ‘Y’ on the adversary, we strongly believe that we are dealing with a Chinese actor whose long-term objectives are persistence in their victims’ networks and the acquisition of the intelligence needed to make political/strategic or manufacturing decisions.”. Access Through Compromised Web Server.

Military

Military Access Manufacturing Phishing

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

Now security experts from Kaspersky Lab have provided technical details about the malware shedding lights on its capabilities and the persistence mechanism implemented by the malicious code. The researchers also provided information on how to remove xHelper from an infected device. ” continues the report.

Manufacturing

Manufacturing Libraries Access Encryption

New RA Group ransomware gang is the latest group using leaked Babuk source code

Security Affairs

MAY 15, 2023

Compromised organizations operate in different business verticals, including manufacturing, wealth management, insurance providers, and pharmaceuticals. The researchers noticed that the path contains the same mutex name as the Babuk ransomware, a circumstance that suggests the malware borrows Babuk’s leaked source code.

Ransomware

Ransomware Encryption Healthcare Insurance

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Security Affairs

SEPTEMBER 19, 2022

Researchers from Necrum Security Labs discovered a couple of critical vulnerabilities, tracked as CVE–2022–36158 and CVE–2022–36159, impacting the Contec Flexlan FXA3000 and FXA2000 series LAN devices. The FXA3000 and FXA2000 Series are access points that are manufactured by Japan-based firm Contec that conform to IEEE 802.11n/a/b/g wireless.

Passwords

Passwords Manufacturing Access Security

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Security Affairs

MAY 2, 2021

A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic 2 drone equipped with a WIFI dongle. Automotive manufacturers can scale up their software testing and remediation pipelines by orders of magnitude by using KunnaEmu. The researchers Kunnamon, Inc.’s concluded Dr. Weinmann.

Manufacturing

Manufacturing Security Cloud IT

Hades ransomware gang targets big organizations in the US

Security Affairs

MARCH 26, 2021

Experts discovered that threat actors targeted a large US transportation & logistics organization, a large US consumer products organization, and a global manufacturing organization. At the time of this writing, it is unclear if the Hades gang operates a ransom-as-a-service model.

Ransomware

Ransomware Encryption File names Manufacturing

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

It also claims that VIP members will be taught how to “explore, watch live and even record” hacked cameras through tutorials and personalised sessions.” The news is not surprising, unfortunately in many cases IoT devices, including IP cameras, are deployed without proper security measures.

IoT

IoT Paper Manufacturing Access

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

How to hack IoT & RF Devices with BürtleinaBoard. How to Run BUSSide: # cd BUSSide/Client #./busside.py If you wonder how looks like a Bürtleina and how to make it, I left here the receipt: [link]. Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! busside.py /dev/ttyUSB0.

IoT

IoT Manufacturing Communications Security

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

Artificial intelligence is having a significant impact on various industries, such as health, finance, and manufacturing. It is important to explain to citizens how to identify these campaigns and invite them to be critical of the content they consume through the media and report suspicious activities to the platform managers.

Artificial Intelligence

Artificial Intelligence Government Manufacturing IT

The hidden threats facing your intellectual property

IT Governance

SEPTEMBER 4, 2018

For life sciences and pharmaceutical companies, this includes data on the development and testing of new therapies and details of how therapies are manufactured. Although the impact in this instance was not devastating, employees’ misuse of information can cause significant damage. ISO 27001 certified ISMS training courses.

Healthcare

Healthcare Insurance Manufacturing Risk

Google discovered a new variant of Rowhammer attack dubbed Half-Double

Security Affairs

MAY 26, 2021

In 2015, security researchers at Google’s Project Zero team demonstrated how to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips. ” concludes Google.

Manufacturing

Manufacturing Access Security IT

What Is an Insider Threat? Definition, Types, and Examples

IT Governance

APRIL 25, 2023

A malicious threat can be an employee, contractor or business partner who is liable to leak sensitive information. Preventing this from happening requires a nuanced approach to information security, and it’s one that organisations are increasingly struggling with. Examples of insider threats 1.

Data breaches

Data breaches Phishing Personal data Access

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

As of April 28, the site mentioned nine companies primarily from aviation, financial, education and manufacturing industries. As always, the document contains instructions on how to remove “protection”: Figure 2. Such emails are disguised to look like DocuSign notifications: Figure 1.

Ransomware

Ransomware Education Manufacturing Healthcare

Weekly podcast: Russia warning, RBKC fined and TaskRabbit breached

IT Governance

APRIL 20, 2018

and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. Network device manufacturers, ISPs, and their owners or operators should refer to the mitigation advice provided in the advisory. Until next time you can keep up with the latest information security news on our blog.

Personal data

Personal data Government Manufacturing Information Security

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

Webinars

Trending Sources

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Webinars

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

How to implant a malware in hidden area of SSDs with Flex Capacity feature

How to secure QNAP NAS devices? The vendor’s instructions

Don’t trust links with known domains: BMW affected by redirect vulnerability

LockBit ransomware group claims to have hacked Bridgestone Americas

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

3.5m IP cameras exposed, with US in the lead

Volvo retailer leaks sensitive files

SYS01 stealer targets critical government infrastructure

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Nexx bugs allow to open garage doors, and take control of alarms and plugs

QNAP urges users to take action to protect devices against Brute-Force attacks

NIST published updated guidance for supply chain risks

NI CompactRIO controller flaw could allow disrupting production

Toyota Italy accidentally leaked sensitive data

McLaren Health Care revealed that a data breach impacted 2.2 million people

The Hacker Mind Podcast: How To Get Paid To Hack

FBI warns swatting attacks on owners of smart devices

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

China-linked Flax Typhoon APT targets Taiwan

DDoS Attacks Skyrocket, Kaspersky Researchers Say

A million at risk from user data leak at Korean beauty platform PowderRoom

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other carmakers

EUROPE: EU MDGC issues new guidance on Cybersecurity for medical devices

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

xHelper, the Unkillable Android malware that re-Installs after factory reset

New RA Group ransomware gang is the latest group using leaked Babuk source code

Experts warn of critical flaws in Flexlan devices that provide WiFi on airplanes

Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle

Hades ransomware gang targets big organizations in the US

Hackers claim to have compromised 50,000 home cameras and posted footage online

Hacking IoT & RF Devices with BürtleinaBoard

Elections 2024, artificial intelligence could upset world balances

The hidden threats facing your intellectual property

Google discovered a new variant of Rowhammer attack dubbed Half-Double

What Is an Insider Threat? Definition, Types, and Examples

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Weekly podcast: Russia warning, RBKC fined and TaskRabbit breached

Stay Connected