eSecurity Planet

MARCH 17, 2025

Since its emergence in 2021, Medusa has targeted over 300 victims across various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing. Attackers employ a double extortion strategy, encrypting victim data and threatening to publicly release it if the ransom is unpaid.

Ransomware 75

Ransomware Backups Firmware Insurance 75

Malwarebytes

MARCH 10, 2023

The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware checked for the presence of a firmware upgrade every ten seconds. The malware was able to steal user credentials and provide shell access.

Firmware 98

Firmware Malware Encryption Authentication 98

SecureList

MAY 10, 2021

Q1 2021 saw the appearance of two new botnets. Cybercriminals exploited several critical vulnerabilities in programs installed on victim devices, including the newly discovered CVE-2021-3007. In Q1 2021, cybercriminals also found a host of new tools for amplifying DDoS attacks. News overview.

DDOS 141

DDOS Cryptocurrency Media Marketing 141

CyberSecurity Insiders

JULY 16, 2021

Therefore, customers using Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products are being urged to disconnect those devices from internet as they are on the verge of getting cyber attacked and injected with file encrypting malware as its 8.x x firmware is going to reach its EOL aka End of Life.

Ransomware 145

Ransomware Firmware Cyber Attacks Firewall 145

eSecurity Planet

MAY 28, 2021

We look at three RSAC 2021 sessions and some of the most daunting vulnerabilities presented by the SANS Institute, Cybersecurity and Infrastructure Security Agency (CISA), and Varonis Systems. Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities.

Software 120

Software DNS Firmware VPN 120

SecureList

NOVEMBER 26, 2021

IT threat evolution Q3 2021. IT threat evolution in Q3 2021. IT threat evolution in Q3 2021. While tracking this threat actor in spring 2021, we discovered a newer version. Targeted attacks exploiting CVE-2021-40444. PC statistics. Mobile statistics. Targeted attacks. WildPressure targets macOS.

Malware 134

Malware Banking Energy and Utilities Accountability 134

SecureList

APRIL 7, 2025

sys driver, which contains the CVE-2021-36276 vulnerability. This is a utility driver used to update PC drivers, BIOS and firmware. Our analysis of the tool code found that the data in the payload file is encrypted using AES-128. Snippet of decompiled code for installing the TCESB driver TCESB uses the Dell DBUtilDrv2.sys

Software 88

Software Encryption Malware Firmware 88

Security Affairs

OCTOBER 15, 2021

In all the attacks the ransomware encrypting files on the infected systems and in one of the security incidents threat actors compromised a system used to control the SCADA industrial equipment. RDP accesses); Exploitation of vulnerabilities affecting control systems running vulnerable firmware versions. Pierluigi Paganini.

Ransomware 105

Ransomware Cyber threats Firmware Backups 105

Security Affairs

JANUARY 29, 2022

QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt ransomware. QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. ” states the vendor.

Ransomware 116

Ransomware Firmware Encryption Engineering 116

SecureWorld News

AUGUST 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) providing details on the top malware strains of 2021. The top malware strains in 2021 included remote access Trojans (RATs), banking Trojans, information stealers, and ransomware.

Malware 98

Malware Banking Penetration Testing Healthcare 98

Security Affairs

JANUARY 16, 2022

The threat actors behind the attacks were exploiting an improper authorization vulnerability, tracked as CVE-2021-28799 , that could allow them to log in to a NAS device. “A A ransomware campaign targeting QNAP NAS began the week of April 19th, 2021. Up to date apps and firmware seem not to help either.”

Ransomware 139

Ransomware Encryption Backups Firmware 139

Security Affairs

AUGUST 10, 2021

The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. The malicious code appends.encrypt extension to filenames of encrypted files. ” reads the report published by Palo Alto Researchers.

Ransomware 138

Ransomware Encryption Firmware Passwords 138

CyberSecurity Insiders

NOVEMBER 25, 2021

From backdoors- As the Korean giant creates, validates and manufactures its computing devices all on its own, its every piece of hardware, wiring and firmware is securely drafted at its high secure R&D plants & factories in the world. Gift yourself a Samsung device from this Thanksgiving 2021 or Black Friday 2021 deals.

Mobile 132

Mobile Firmware Manufacturing Passwords 132

Security Affairs

APRIL 23, 2021

(QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021.

Ransomware 144

Ransomware Backups Media Malware 144

Malwarebytes

JULY 22, 2021

The vulnerability has been listed as CVE-2021-3438 and it is a potential buffer overflow in the software drivers that can be abused to achieve an escalation of privilege. But once they have access they can use the vulnerability to get permissions to install programs, view, change, or delete data, and encrypt files.

Software 145

Software Firmware Manufacturing Engineering 145

Webroot

OCTOBER 31, 2024

A pivotal moment came when the FBI obtained over 7,000 decryption keys, allowing victims to unlock their encrypted data for free. Despite these setbacks, LockBit attempted to maintain its operations, quickly adapting by changing encryption methods and shifting its leak site strategy.

Malware 108

Malware Ransomware Passwords Healthcare 108

Security Affairs

JUNE 3, 2021

The researchers demonstrated a proof-of-concept (PoC) exploit that sees the attacker masquerading as a legitimate access point, running a modified open-source hostapd , and sending a malicious encrypted group temporal key (GTK) to any client that connects to it via WPA2. ” continues the report. Pierluigi Paganini.

Wireless 126

Wireless IoT Encryption Firmware 126

Thales Cloud Protection & Licensing

APRIL 20, 2021

Organizations Need a New NetSec Approach, Reveals Verizon’s 2021 Mobile Security Index. Tue, 04/20/2021 - 11:33. In the MSI 2021, more than half of respondents told Verizon that their organizations allowed employees to access corporate IT assets over public Wi-Fi. Verizon’s MSI 2021, page 72. Verizon’s MSI 2021, page 73.

Mobile 71

Mobile Architecture Data breaches Authentication 71

Security Affairs

JANUARY 2, 2022

Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber stories of 2021 PulseTV discloses potential credit card breach The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched How to implant a malware in hidden (..)

Banking 116

Banking Firmware Malware Ransomware 116

Malwarebytes

JULY 10, 2022

New to [link] : @CISAgov joined partners @FBI & @USTreasury to provide TTPs and IOCs for #Maui ransomware, which North Korean state-sponsored cyber actors have used to target Public Health Sector orgs since May 2021. The FBI started responding to incidents involving Maui in May 2021. Check it out @ [link].

Healthcare 102

Healthcare Ransomware Encryption Firmware 102

Malwarebytes

DECEMBER 16, 2021

In 2021’s final Patch Tuesday, Microsoft included a total of 67 fixes for security vulnerabilities. CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution vulnerability. CVE-2021-43905 Microsoft Office app Remote Code Execution vulnerability. CVE-2021-43905 Microsoft Office app Remote Code Execution vulnerability.

Wireless 101

Wireless Passwords Firmware Authentication 101

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. mike [link] pic.twitter.com/fkU2USEZis — Swisscom CSIRT (@swisscom_csirt) January 26, 2021. CRING a new strain deployed by human operated ransomware actors. ” reads the post published by Kaspersky.

VPN 130

VPN Ransomware Antivirus Firmware 130

eSecurity Planet

APRIL 5, 2023

Tens of thousands of new security vulnerabilities are discovered each year; the value of CISA’s KEV catalog is that it helps organizations prioritize the software and firmware flaws that threat groups are actively exploiting — and many of those exploited flaws are older ones that users have failed to apply patches for.

Ransomware 129

Ransomware Firmware Cybersecurity Healthcare 129

Malwarebytes

OCTOBER 28, 2021

According to a flash alert issued by the FBI , unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021, including victims in the construction, academic, government, IT, and transportation sectors. All encrypted files have extension: ranzy - How to restore my files? - Mitigation.

Ransomware 117

Ransomware Backups Encryption Accountability 117

Security Affairs

MARCH 23, 2021

The types of vulnerabilities affecting the devices are Inadequate Encryption Strength, Session Fixation, Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Insecure Default Variable Initialization, Use of Hard-coded Credentials. ” continues the alert.

Firmware 102

Firmware VPN Firewall Risk 102

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 119

Ransomware DDOS Passwords Backups 119

Security Affairs

FEBRUARY 15, 2022

NAS devices are privileged targets of cybercriminals, a couple of weeks ago QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. In December 2021, experts also observed ech0raix ransomware attacks targeting QNAP network-attached storage (NAS) devices.

Firmware 98

Firmware Ransomware Encryption Hacking 98

Security Affairs

FEBRUARY 14, 2022

As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware 100

Ransomware Accountability Firmware Encryption 100

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware 119

Ransomware Passwords Backups Firmware 119

SecureWorld News

FEBRUARY 2, 2022

The attacks target a Zero-Day vulnerability that was patched in December 2021 which allows the threat actor to run arbitrary code on vulnerable devices exposed to the internet. DeadBolt ransomware was recently used to target customers of QNAP, a Taiwanese company that produces network attached storage (NAS) devices. January 30, 2022.

Ransomware 98

Ransomware Firmware Encryption Internet 98

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Upgrade to the latest firmware version. ” concludes the report.

Energy and Utilities 132

Energy and Utilities Government Firewall Malware 132

Security Affairs

AUGUST 17, 2022

Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. “A potential security vulnerability in some Intel® Processors may allow information disclosure.Intel is releasing firmware updates to address this potential vulnerability.”

Architecture 100

Architecture Firmware Software Information Security 100

SecureWorld News

AUGUST 24, 2022

If malware were installed on the device, it could control the LEDs by blinking and changing colors with firmware commands. The infection of a device can be achieved via supply chain attacks, social engineering techniques, or the use of hardware with installed software or firmware. encryption keys, biometric information).

Firmware 98

Firmware Social Engineering Surveillance Malware 98

eSecurity Planet

FEBRUARY 15, 2022

The ransomware encrypts files on compromised Windows host systems, including physical and virtual servers, the advisory noted, and the executable leaves a ransom note in all directories where encryption occurs, including ransom payment instructions for obtaining a decryption key. The 15 Vulnerabilities Explained.

Ransomware 129

Ransomware Encryption Backups Accountability 129

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare 125

Healthcare Ransomware Encryption Passwords 125

Malwarebytes

OCTOBER 5, 2021

United Extensible Firmware Interface (UEFI). UEFI is a specification for the firmware that controls the first stages of booting up a computer, before the operating system is loaded. (It’s No discussion about security in 2021 would be complete without somebody mentioning Zero Trust, so here it is.

Firmware 127

Firmware Technology Software Social Engineering 127

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released.

Education 111

Education Ransomware Phishing Passwords 111