2018, Architecture and Information Security

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386. reads the report published by Black Lotus Labs. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture

Architecture Internet Internet Malware

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware

Malware Cryptocurrency Mobile Firmware

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint.

Firmware

Firmware Government Firewall Malware

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched. The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. We have knowingly and willingly built the architecture of a police state, just so companies can show us ads.

Surveillance

Surveillance Wireless Accountability Architecture

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) infotainment system, which was first presented by the carmaker in 2018.

Software

Software Architecture Media Engineering

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows. To escalate privileges, Sodin leverages the vulnerability in win32k.sys, then it executes of two shellcode options contained in the Trojan body depending on the processor architecture.

Ransomware

Ransomware Encryption Advertising Malware

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Security Affairs

AUGUST 18, 2024

Both networks used a deep convolutional GAN architecture and were trained adversarially with a Wasserstein loss function and RMSProp optimizer at a learning rate of 0.00005. The researchers trained two generator networks using the Wasserstein GAN (WGAN) algorithm to create synthetic fingerprints.

Architecture

Architecture Hacking Risk Information Security

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. The flaw resides in WebKit and impacts macOS version 10.13.3

Spyware

Spyware Malware Surveillance Mobile

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The Judge, however, decided that NSO Group would not be forced to reveal the names of its clients or information about its server architecture. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware

Spyware Surveillance Software Architecture

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion.

DDOS

DDOS Architecture Malware Cybercrime

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Millions of computers powered by Intel chips are affected by MDS flaws

Security Affairs

MAY 14, 2019

. “MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms.” “Refer to the MDS table in Deep dive: CPUID Enumeration and Architectural MSRs for a list of processors that may be affected by MDS.

Architecture

Architecture Advertising Encryption Passwords

Czech public radio says Huawei Czech Unit secretly collected data

Security Affairs

JULY 22, 2019

In December 2018, the Czech National Cyber and Information Security Agency warned against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. The Chinese firm was already excluded by several countries from building their 5G internet networks.

Manufacturing

Manufacturing Internet Internet Advertising

Czech cyber-security agency warns over Huawei, ZTE security threat

Security Affairs

DECEMBER 18, 2018

. “The main issue is a legal and political environment of the People’s Republic of China, where (the) aforementioned companies primarily operate,” reads a statement issued by the Czech National Cyber and Information Security Agency. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Advertising Internet Internet

NASA Audit: Cyber Risk Skyrockets with 'Work from Home'

SecureWorld News

MAY 27, 2021

In 2018, an account belonging to an external user was compromised and used to steal approximately 500 megabytes of data from a major mission system.". 6 key areas where NASA's information security is failing. NASA lacked an Agency-wide risk management framework for information security and an information security architecture.

Cyber Risk

Cyber Risk Risk Architecture Cyber threats

New FinFisher spyware used to spy on iOS and Android users in 20 countries

Security Affairs

JULY 11, 2019

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed by Kaspersky was used last month in Myanmar, where local government is accused of violating human rights. The implant analyzed by the experts contained binary files for ARMv7 and ARM64 CPU architectures.

Spyware

Spyware Advertising Mobile Architecture

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

the malware operators have removed CVE-2018-12613, a phpMyAdmin vulnerability that could allow threat actors to view or execute files. Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. . “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. LFI CVE-2018-16763 Fuel CMS 1.4.1 LFI CVE-2018-16763 Fuel CMS 1.4.1 The new variant of the bot includes exploits for the following security issues: CVE-2022-22954 : Critical RCE flaw in VMware Workspace ONE Access and VMware Identity Manager.

Malware

Malware DDOS IoT Cybercrime

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems.” Then determines whether it can write to various directories, checks the system architecture, and then makes three attempts to download and install a ‘kerberods’ dropper using wget or curl.

Architecture

Architecture Cryptocurrency Malware Advertising

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

FEBRUARY 13, 2020

In November 2018, the Wall Street Journal reported that the US Government was urging its allies to exclude Huawei from critical infrastructure and 5G architectures. Huawei issued a statement on Wednesday denying any accusation, it “has never and will never covertly access telecom networks, nor do we have the capability to do so.”.

Manufacturing

Manufacturing Advertising Surveillance Architecture

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. CISA and FBI have observed attacks carried out by APT actors that combined two the CVE-2018-13379 and CVE-2020-1472 flaws.

VPN

VPN Government Authentication Advertising

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. Since version 4.8 ” reads the advisory.

Authentication

Authentication Advertising Architecture Passwords

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. Then the malware contacts the C2 and sends system information (i.e. computer name, user name, OS version, architecture type, list of installed anti-malware products) to the operators.

Software

Software Malware Cybercrime VPN

Top cybersecurity certifications to consider for your IT career

Security Affairs

OCTOBER 11, 2019

The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Certified Information Security Manager – CISM. Cybersecurity professionals with Security+ know how to address security incidents – not just identify them.

Cybersecurity

Cybersecurity Information Security Penetration Testing Advertising

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Security Affairs

DECEMBER 17, 2018

In November 2018, the Wall Street Journal reported that the US Government is urging its allies, including Germany, to exclude Huawei from critical infrastructure and 5G architectures. US first, and many other countries after, have decided to ban network equipment manufactured by the Chinese telecom giant Huawei.

Technology

Technology Advertising Internet Internet

Mirai code re-use in Gafgyt

Security Affairs

APRIL 16, 2021

Gafgyt also uses some of the existing exploits (CVE-2017-17215, CVE-2018-10561) to download the next stage payloads, which we will discuss further on. Figure 8: GPON Router Exploit inside binary (CVE-2018-10561). Gafgyt malware variants have very similar functionality to Mirai, as a majority of the code was copied. in Figure 8).

Malware

Malware DDOS IoT Firmware

US and UK link new Cyclops Blink malware to Russian state hackers?

Security Affairs

FEBRUARY 23, 2022

Cyclops Blink is believed to be a replacement for the VPNFilter botnet, which was first exposed in 2018 and at the time was composed of more than 500,000 compromised routers and network-attached storage (NAS) devices. ” reads the advisory published by the UK National Cyber Security Centre.

Malware

Malware Firmware Architecture Firewall

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

The most interesting characteristic of the Triada Trojan apart is its modular architecture, which gives it theoretically a wide range of abilities. In 2018, researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices of several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.

Firmware

Firmware Mobile Malware Retail

A Spectre proof-of-concept for a Spectre-proof web

Google Security

MARCH 12, 2021

Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations.

Engineering

Engineering Architecture Software Firmware

New England Biolabs leak sensitive data

Security Affairs

OCTOBER 24, 2023

Keeping crucial.env files secure is essential, as they could be used to compromise services and applications. In 2018, Uber had to pay a high price of $148 million for exposing the personal information of 57 million people worldwide – including driver’s license information – after trying to pay the ransom and keep things quiet.

Data breaches

Data breaches Social Engineering Phishing DDOS

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

” Between 2018 and 2019 the researchers assessed 28 telecom operators in Europe, Asia, Africa, and South America and verifies the presence of the vulnerabilities in the GTP protocol. The second architectural flaw is related subscriber credentials that are checked on S-GW (SGSN) equipment by default. ” continues the report.

Mobile

Mobile Internet Internet Advertising

Dutch intelligence investigate alleged Huawei ‘backdoor’

Security Affairs

MAY 19, 2019

Since 2018, US Government has invitedd its allies to exclude Huawei equipment from critical infrastructure and 5G architectures. Dutch intelligence shares the concerns raised by other western governments about the risks of involving the Chinese telco giant in the creation of the new 5G mobile phone infrastructure.

Telecommunications

Telecommunications Government Advertising Mobile

US officials meet UK peers to remark the urgency to ban Huawei 5G tech

Security Affairs

JANUARY 13, 2020

Since November 2018, the US Government has invited its allies to exclude Chinese equipment from critical infrastructure and 5G architectures over security concerns.

Telecommunications

Telecommunications Government Advertising Architecture

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Security Affairs

DECEMBER 25, 2019

Additional information on the Mozi P2P botnet , including IoCs, are available in the Netlab report. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS Passwords Advertising Wireless

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. As for 2019, it has become the year of covert military operations in cyberspace.

Banking

Banking Telecommunications Marketing Internet

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

The goal of these attacks was to take full control of an SAP deployment in order to modify configurations and user accounts to exfiltrate business information. ” concludes the report.

Risk

Risk Architecture Accountability Cybersecurity

Digital Transformation starts with the Employees

Thales Cloud Protection & Licensing

FEBRUARY 6, 2018

Education is one solution to the skills gap, and more colleges are offering degrees and academic programs that cover information security management, privacy in the digital age, cybersecurity policy and governance, risk management, and cryptography. million by 2022. It is encouraging to see this type of adoption.

Digital transformation

Digital transformation Artificial Intelligence Technology IoT

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). Some web browsers, including Google Chrome and Mozilla Firefox also support the DoH.

DNS

DNS Malware Advertising DDOS

NK CARROTBALL dropper used in attacks on U.S. Govn Agency

Security Affairs

JANUARY 24, 2020

Experts pointed out that the campaign appears as a resemblance to the Fractured Block campaign first uncovered by Unit 42 in November 2018 , for this reason, the experts tracked this campaign as Fractured Statue. Both downloaders were used to deliver the second-stage SYSCON malware.

Malware

Malware Government Advertising Phishing

WhatsApp flaws allow the attackers to manipulate conversations

Security Affairs

AUGUST 8, 2019

Vanunu explained at the Black Hat conference in Las Vegas, Nevada, that the vulnerabilities were responsibly disclosed in 2018, but remained exploitable for a long time. Experts warn of possible abuse of the attack techniques to spread misinformation targeting trusted sources. ” reads the post published by CheckPoint.

Social Engineering

Social Engineering Advertising Engineering Architecture

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

Experts noticed that the PipeMon backdoor was signed with a certificate belonging to a video game company that was already hacked by Winnti in 2018. Its architecture is highly similar to the original variant, but its code was rewritten from scratch.

Malware

Malware Hacking Advertising Architecture

North Korea-linked Lazarus continues to target job seekers with macOS malware

Security Affairs

SEPTEMBER 28, 2022

The second stage in the Crypto.com variant is a bare-bones application bundle named “WifiAnalyticsServ.app”, it mirrors the same architecture employed in the Coinbase campaign. This has been a long-running theme going as far back as the AppleJeus campaigns that began in 2018. ” concludes the report.

Malware

Malware Cryptocurrency Architecture Advertising

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Security Affairs

NOVEMBER 14, 2019

In November 2018, The Wall Street Journal reported that the US Government urged its allies to exclude Huawei from critical infrastructure and 5G architectures. Canada, along with the US, the UK, New Zealand, and Australia formed the so-called Five Eyes intelligence-alliance.

Government

Government Telecommunications Wireless Security Intelligence

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

New Triada Trojan comes preinstalled on Android devices

Webinars

Trending Sources

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Webinars

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Google Responds to Warrants for “About” Searches

Experts found multiple flaws in Mercedes-Benz infotainment system

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Experts found a macOS version of the sophisticated LightSpy spyware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Enemybot, a new DDoS botnet appears in the threat landscape

Mozi Botnet is responsible for most of the IoT Traffic

Millions of computers powered by Intel chips are affected by MDS flaws

Czech public radio says Huawei Czech Unit secretly collected data

Czech cyber-security agency warns over Huawei, ZTE security threat

NASA Audit: Cyber Risk Skyrockets with 'Work from Home'

New FinFisher spyware used to spy on iOS and Android users in 20 countries

A new Zerobot variant spreads by exploiting Apache flaws

EnemyBot malware adds new exploits to target CMS servers and Android devices

WatchBog cryptomining botnet now uses Pastebin for C2

US officials claim Huawei Equipment has secret backdoor for spying

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Amadey malware spreads via software cracks laced with SmokeLoader

Top cybersecurity certifications to consider for your IT career

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Mirai code re-use in Gafgyt

US and UK link new Cyclops Blink malware to Russian state hackers?

Android devices shipped with backdoored firmware as part of the BADBOX network

A Spectre proof-of-concept for a Spectre-proof web

New England Biolabs leak sensitive data

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Dutch intelligence investigate alleged Huawei ‘backdoor’

US officials meet UK peers to remark the urgency to ban Huawei 5G tech

New Mozi P2P Botnet targets Netgear, D-Link, Huawei routers

Group-IB presents its annual report on global threats to stability in cyberspace

SAP systems are targeted within 72 hours after updates are released

Digital Transformation starts with the Employees

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

NK CARROTBALL dropper used in attacks on U.S. Govn Agency

WhatsApp flaws allow the attackers to manipulate conversations

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

North Korea-linked Lazarus continues to target job seekers with macOS malware

Canadian intelligence agencies CSE and CSIS are divided on Huawei 5G ban

Stay Connected