Security Affairs

OCTOBER 15, 2021

RDP accesses); Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions. The three new incidents included in the advisory are: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 105

Ransomware Cyber threats Firmware Backups 105

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 98

Malware Banking Penetration Testing Healthcare 98

Security Affairs

JANUARY 16, 2022

The threat actors behind the attacks were exploiting an improper authorization vulnerability, tracked as CVE-2021-28799 , that could allow them to log in to a NAS device. “A A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. Up to date apps and firmware seem not to help either.”

Ransomware 139

Ransomware Encryption Backups Firmware 139

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. This type of backup and DR technology offers RPOs measured in hours. See the Best Backup Solutions for Ransomware Protection.

Backups 142

Backups Ransomware Technology Marketing 142

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. hard drive, storage device, the cloud).

Ransomware 118

Ransomware Passwords Backups Firmware 118

Security Affairs

MARCH 9, 2022

Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical systems. Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices.

Firmware 100

Firmware IoT Authentication Backups 100

Webroot

OCTOBER 31, 2024

This payment would be nearly double the previous record of $40 million paid by CNA Financial in 2021.The Adopt a Comprehensive Backup Strategy: Implement the 3-2-1 backup rule with immutable backups to protect against ransomware attacks. Implement regular, interactive cybersecurity simulations and scenario-based training.

Malware 108

Malware Ransomware Passwords Healthcare 108

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. hard drive, storage device, the cloud).

Ransomware 118

Ransomware DDOS Passwords Backups 118

Malwarebytes

OCTOBER 28, 2021

According to a flash alert issued by the FBI , unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021, including victims in the construction, academic, government, IT, and transportation sectors. Ranzy Locker is a successor of ThunderX and AKO ransomware. Ransomware-as-a-Service.

Ransomware 117

Ransomware Backups Encryption Accountability 117

Security Affairs

FEBRUARY 14, 2022

As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 100

Ransomware Accountability Firmware Encryption 100

Malwarebytes

JULY 10, 2022

New to [link] : @CISAgov joined partners @FBI & @USTreasury to provide TTPs and IOCs for #Maui ransomware, which North Korean state-sponsored cyber actors have used to target Public Health Sector orgs since May 2021. The FBI started responding to incidents involving Maui in May 2021. Check it out @ [link].

Healthcare 101

Healthcare Ransomware Encryption Firmware 101

Malwarebytes

JULY 20, 2022

The FBI started responding to incidents involving Maui in May 2021. According to court documents, in May 2021, North Korean hackers used a ransomware strain called Ransom.Maui to encrypt the files and servers of a medical center in the District of Kansas. Keep operating systems, applications, and firmware up to date.

Ransomware 97

Ransomware Cryptocurrency Healthcare Firmware 97

eSecurity Planet

FEBRUARY 15, 2022

The agencies offered some sound cybersecurity advice for BlackByte that applies pretty generally: Conduct regular backups and store them as air-gapped, password-protected copies offline. Update and patch operating systems, software, and firmware as soon as updates and patches are released. The 15 Vulnerabilities Explained.

Ransomware 129

Ransomware Encryption Backups Accountability 129

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Government 103

Government Passwords Accountability Firmware 103

McAfee

AUGUST 24, 2021

Though this partnership, our research led us to discover five previously unreported vulnerabilities in the medical system which include: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7). CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). Braun on January 11, 2021.

Computers and Electronics 145

Computers and Electronics Authentication Software Risk 145

Malwarebytes

MARCH 10, 2022

Observed since: July 2021 Ransomware note: BlackByteRestore.txt Ransomware extension: BlackByte Kill Chain: Some victims reported that attackers used known Microsoft Exchange Server vulnerabilities to gain access to their networks. > Observed since: January 2021 Ransomware note: BackFiles_encoded01.txt Mitigations.

Ransomware 83

Ransomware Phishing Accountability Technology 83

Security Boulevard

MAY 9, 2022

Either way, this ransomware-for-hire has been around far longer (in internet terms) than the bulletin may have some believe, having been first seen in September 2021. The ransomware targets virtual machines and snapshots, looking to escape containers, encrypt any possible persistence, and wipe out backups that weren’t carefully archived.

Ransomware 98

Ransomware Antivirus Passwords Backups 98

Malwarebytes

JANUARY 28, 2022

QNAP) pushed out an automatic, forced, update with firmware containing the latest security updates to protect against the attackers’ “DeadBolt” ransomware. Rather ironic, since many NAS owners use their devices to store backups in case their main systems become dislabed by things like ransomware.

Ransomware 79

Ransomware Firmware Encryption Backups 79

Malwarebytes

APRIL 28, 2022

Western Digital removed Netatalk from its firmware, released on January 10, 2022. The company says that users can continue to access local network shares and perform Time Machine backups via SMB, a different file-sharing protocol. TrueNAS says it fixed the vulnerabilities in TrueNAS Core 12.0-U8.1 on April 14, 2022.

Firmware 95

Firmware Backups Internet Internet 95

eSecurity Planet

MARCH 21, 2022

By using a misconfigured Cisco Duo MFA implementation to force enrollment of a new device, the hackers were then able to use the “PrintNightmare” Windows Print Spooler vulnerability ( CVE-2021-34527 and CVE-2021-36958 ) to obtain administrator privileges. Identify and create offline backups for critical assets.

VPN 118

VPN Accountability Authentication Passwords 118

Malwarebytes

JULY 13, 2022

Hive ransomware, a RaaS launched in June 2021, was also busy in March. The threat actors have been linked to numerous high-profile ransomware incidents, including arguably the biggest ransomware attack of all time—a supply-chain hit on Kaseya in July 2021 believed to have affected over 1,000 businesses. Noteworthy May attacks.

Ransomware 118

Ransomware Manufacturing Government Computers and Electronics 118

Malwarebytes

MAY 6, 2022

REvil (aka Sodinokibi) first appeared in May 2020 and has been responsible for numerous high-profile ransomware attacks, including arguably the biggest ransomware attack of all time—a supply-chain attack on Kaseya VSA in July 2021 that is thought to have affected over 1,000 businesses. Known ransomware attacks in April 2022 by country.

Ransomware 93

Ransomware Encryption Accountability Technology 93

SecureList

JUNE 3, 2024

The attackers were able to bypass this hardware-based security protection using another hardware feature of Apple-designed SoCs (System on a Chip): they did this by writing the data, destination address and data hash to unknown hardware registers of the chip that are not used by the firmware.

Banking 116

Banking Malware Computers and Electronics Mobile 116

eSecurity Planet

SEPTEMBER 9, 2024

One recent example that underscores this importance is the 2021 Colonial Pipeline ransomware attack. Patch management: Keeping software and firmware up to date to close security gaps. Firmware manipulation is particularly dangerous because it often remains undetected until significant damage occurs.

Firmware 110

Firmware Encryption Manufacturing Risk 110

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Install updates/patch operating systems, software, and firmware as soon as they are released.

Healthcare 124

Healthcare Ransomware Encryption Passwords 124

SecureList

JANUARY 31, 2024

However, they can learn to mitigate the impact more effectively (for example, through better securing the most confidential data, and with proper backup and incident response plans). Potential victims are unlikely to become immune to attacks any time soon. Vehicle manufacturers and service providers sometimes do likewise.

Ransomware 109

Ransomware Energy and Utilities Marketing Backups 109

Malwarebytes

FEBRUARY 1, 2023

A malformed software update also affected Kaseya's clients in 2021. And while approval is pending, a separate group creates offline backups of essential files that are needed in the event of an error and affected systems need restoring. Create and test offline backups Speaking of backups, never assume they work.

Software 86

Software Risk Backups Technology 86

Malwarebytes

APRIL 5, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) found that K–12 cyberattacks more than tripled over the pandemic, from 400 reported incidents in 2018 to over 1,300 in 2021. In 2021, 56 percent of K–12 schools and 64 percent of higher education institutions reported being hit by some type of ransomware.

Education 70

Education Ransomware Cybersecurity Risk 70

Kali Linux

MAY 31, 2021

release from February 2021 is: Releasing Kaboxer v1.0 - Introducing Kali Applications Boxer v1.0! This is due to bluez , bluez-firmware , and pi-bluetooth packages forked and patched Raspberry Pi kernel updated to 5.4.83 1kali1 (2021-04-12) ┌──(kali㉿kali)-[~] └─$ uname -r 5.10.0-kali7-amd64 " VERSION_ID="2021.2"

Engineering 52

Engineering Firmware Backups Architecture 52

ForAllSecure

APRIL 26, 2022

The updates are done through firmware, firmware updates that we get from the vendor. Vamosi: In June 2021, malware caused the colonial pipeline, which provides gas to the southeast corner of the United States, was shut down in an abundance of caution. Well, this is where we're going to start analyzing some firmware.

Hacking 52

Hacking Energy and Utilities Manufacturing Firmware 52

eSecurity Planet

NOVEMBER 7, 2022

In 2021, Connelly and other researchers presented a new paper outlining an approach to detecting rootkits similar to CloudSkulk. Firmware Rootkit. A firmware rootkit uses device or platform firmware to create a persistent malware image in the router, network card, hard drive or the basic input/output system (BIOS).

Firmware 118

Firmware Malware Antivirus Firewall 118

eSecurity Planet

OCTOBER 21, 2022

A report from IBM claims that 21% of all cyber attacks the company remediated in 2021 were ransomware, making it the most common type of attack in the report. To apply more pressure, the attacker might also encrypt backup files to render them inaccessible. Firmware rootkits are also known as “hardware rootkits.”.

Malware 75

Malware Adware Spyware Antivirus 75

SecureList

JULY 28, 2022

In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). Pangolin is private malware we discovered in 2021, exclusively used by ZexCone, the threat actor behind ExCone and DexCone.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

Veracode Security

JULY 19, 2021

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. One of NIST’s first orders of business was to define critical software by June 26, 2021. One of NIST’s first orders of business was to define critical software by June 26, 2021.

Software 106

Software Government Firmware Technology 106

Security Boulevard

JULY 19, 2021

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. One of NIST’s first orders of business was to define critical software by June 26, 2021. One of NIST’s first orders of business was to define critical software by June 26, 2021. Software components in boot-level firmware.

Software 98

Software Government Firmware Technology 98

SecureList

JANUARY 17, 2025

Firmware The MMB runs on Linux, and its filesystems are located on the eMMC. Custom IPC Inside the head unit, firmware services use custom IPC protocols for communication between their own threads, other services and other ECUs. Privilege escalation The head unit uses the outdated system Polkit, which is vulnerable to CVE-2021-4034.

Backups 121

Backups Architecture Firmware Software 121