Architecture, Hacking and Internet - Cyber Security Informer

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In this latest campaign, our investigation also uncovered prebuilt Hiatus binaries that target new architectures such as Arm, Intel 80386, and x86-64 and previously targeted architectures such as MIPS, MIPS64, and i386.

Architecture

Architecture Internet Internet Malware

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Meanwhile, while business logic hacks, supply chain holes, and cyber extortion continue to loom large. Attackers arent hacking in theyre logging in. With adversaries destroying backups to increase extortion payouts, recovery will grow harder and slower, emphasizing the need for stronger security controls and architecture.

Cyber threats

Cyber threats CISO IoT Phishing

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Security Affairs

FEBRUARY 19, 2025

The company warns that the risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall

Firewall Authentication Architecture Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

Security Affairs

FEBRUARY 15, 2025

The company warns that the risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. “Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs! .

Firewall

Firewall Authentication Architecture Risk

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

The second architectural flaw is related subscriber credentials that are checked on S-GW (SGSN) equipment by default. phone number) of a real subscriber and impersonate him to access the Internet. “On all tested networks, it was possible to use mobile Internet at the expense of both other subscribers and the operator.”

Mobile

Mobile Internet Internet Advertising

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP).

Software

Software Architecture Media Engineering

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Instead, the browser has become the primary way through which employees conduct work and interact with the internet. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. A Safer Internet of Things. The post The Internet of Things Is Everywhere.

Internet

Internet Internet IoT Software

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

However, when your DMZ network includes a proxy server, administrators also have the option to filter all internal internet usage through the DMZ. DMZ network architecture DMZ Architecture There are two main layout options to choose from when developing a DMZ subnetwork: a single firewall layout and a dual firewall layout.

Architecture

Architecture Firewall Network Security Technology

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

JANUARY 4, 2022

A big reason why APIs haven’t gotten the attention they deserve may be that, from a security standpoint, they fall into a category of hacking tactics known as Living off the Land, or LotL. Legacy security architectures just don’t fit this massively complex, highly dynamic environment. Here are my key takeaways: Manipulating APIs.

Digital transformation

Digital transformation Hacking Architecture Cyber Risk

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

APRIL 27, 2020

“The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed.” SecurityAffairs – water facilities, hacking).

Energy and Utilities

Energy and Utilities Government Cyber Attacks Architecture

150,000 Verkada security cameras hacked—to make a point

Malwarebytes

MARCH 12, 2021

Swiss hacker and member of the hacking collective “APT-69420 Arson Cats,” Tillie Kottmann, claimed credit for the Verkada hack. The hack raises serious questions about who had access to what, and why, and highlights both the security and privacy risks that come with admin and super-admin accounts. The attack.

Hacking

Hacking Surveillance Computers and Electronics Accountability

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 18, 2025

The company warns that the risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall

Firewall Firmware Authentication VPN

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. Pierluigi Paganini.

Hacking

Hacking Mobile Risk Advertising

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts noticed that the malware supports multiple CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, it is written in the Go open-source programming language. The malware is able to wipe content from home routers, Internet of Things (IoT) smart devices, and Linux servers. ” concludes the post.

Architecture

Architecture IoT Malware Advertising

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture

Architecture Internet Internet Media

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

JULY 19, 2021

Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale it on multiple hacking forums. SecurityAffairs – hacking, Saudi Aramco). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Engineering

Engineering Data breaches Telecommunications Wireless

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

For this reason, it is essential to disconnect these devices from the internet, disable remote access, and use a strong, unique password. “My Cloud OS 5 is a major and fundamental security release that provides an architectural revamp of our older My Cloud firmware and adds new defenses to thwart common classes of attacks.

Firmware

Firmware Architecture Internet Internet

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Joseph Steinberg

JULY 13, 2022

the firm’s Head of Security Engineering and Architecture, is quoted as saying that Apple “makes the most secure mobile devices on the market.”. Also concerning is the fact that in Apple’s Lockdown announcement, Ivan Krsti?, Is that really true?

Cybersecurity

Cybersecurity Artificial Intelligence Government Social Engineering

Google Android to simplify mobile security with Enterprise Essentials

CyberSecurity Insiders

FEBRUARY 10, 2021

As Google’s open source architecture helps in encouraging a wide range of device ecosystem ranging from tablets to high-end devices, it helps create a wide range of opportunities to administrators and users. But in reality it is a malware that is suspected to be developed by a North Korean hacking group.

Mobile

Mobile Cyber threats Architecture Software

Largest DDoS attack ever reported gets hoovered up by Cloudflare

Malwarebytes

AUGUST 20, 2021

If hacking is opening a door by picking its lock, then DDoS is blocking the door by boarding it up from the outside. For Internet devices, the network edge is where the device, or the local network containing the device, communicates with the Internet. The target. Vulnerabilities.

DDOS

DDOS IoT Internet Internet

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

These are the carriers that provide Internet access to rural areas all across America. Loucaides One type of common firmware vulnerability isn’t so much a coding flaw as it is an architectural soft spot, if you will. telecoms by Chinese tech giant Huawei. Asus promised to strengthen security of its firmware update process.

Firmware

Firmware Cybersecurity Technology Engineering

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

NOVEMBER 30, 2021

API hacking escapades. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out.

Big data

Big data Digital transformation Accountability Hacking

Eagerbee backdoor targets govt entities and ISPs in the Middle East

Security Affairs

JANUARY 6, 2025

Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs) and government entities in the Middle East. dll , gathers system information, including NetBIOS name, OS details, processor architecture, and IP addresses. The backdoor, named dllloader1x64.dll

Malware

Malware Architecture Government Hacking

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Pierluigi Paganini.

Architecture

Architecture DDOS Advertising DNS

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

TPLINK #cybersecurity #rce #cve #hacking #routerhacking #kpmghungary I found an RCE vulnerability in a TP-Link TL-WR840N EU V5 router (CVE-2021-41653). Like the Mirai botnet, Dark Mirai determines the victim’s architecture to fetch and download the matching payload. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

Firmware

Firmware Architecture Malware Hacking

Cryptojacking campaign targets exposed Docker APIs

Security Affairs

JUNE 19, 2024

The attack begins with the threat actor scanning the internet to find hosts with Docker’s default port 2375 open. Researchers at Datadog uncovered a new cryptojacking campaign linked to the attackers behind Spinning YARN campaign. The threat actors target publicly exposed and unsecured Docker API endpoints for initial access.

Internet

Internet Internet Malware Architecture

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Security Affairs

OCTOBER 22, 2018

Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities. Researchers at Zimperium’s zLabs team have found that one of the most popular Internet of Things real-time operating system, FreeRTOS , is affected by serious vulnerabilities.

IoT

IoT Cyber Attacks Internet Internet

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

Hacker's King

NOVEMBER 2, 2024

You probably know about Netcat a Swiss Army Knife for networking pen-testing tool for hackers and cybersecurity experts, but what if you get something like that for Internet Of Things (IoT) devices to test their security before an actual hacker does. Principally it has two different components: Discovery modules.

Penetration Testing

Penetration Testing IoT Technology DNS

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

Related: Kaseya hack worsens supply chain risk. The configuration issue made this access point publicly available on the Internet. Chris Clements, VP of Solutions Architecture, Cerberus Sentinel. Hacks and breaches are inevitable even for the most well-protected enterprise. This was not a sophisticated attack.

Mobile

Mobile Data breaches Authentication Accountability

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

“The investigation has yielded insights into the botnet’s network architecture, exploitation campaigns, malware components, and operational use, illuminating the evolving tactics and techniques employed by the threat actors. “This botnet has targeted entities in the U.S. ” concludes the report.

IoT

IoT Wireless DDOS Architecture

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

According to experts from Avast, the Torii bot has been active since at least December 2017, it could targets a broad range of architectures, including ARM, MIPS, x86, x64, PowerPC, and SuperH. The Torii IoT botnet stands out for the largest sets of architectures it is able to target. ” reads the analysis published by Avast.

IoT

IoT Architecture Advertising DDOS

What E-Commerce Sites Can Learn from the Covid-19 Pandemic

Adam Levin

APRIL 29, 2020

In this kind of attack, hackers intercept payment card data and personal information from e-commerce sites by exploiting the architectural complexity of those e-commerce sites. . Magento has about a 12% market share and represents less than 1% of the entire assemblage of code that comprises the Internet. . The quick answer is: Anyone.

Banking

Banking Accountability Hacking Malware

The Evolving Landscape of Cybersecurity: Trends and Challenges

CyberSecurity Insiders

JUNE 1, 2023

Internet of Things (IoT) Security: The proliferation of IoT devices has opened a new frontier for cybersecurity concerns. Additionally, APTs, orchestrated by nation-states or skilled hacking groups, aim to gain prolonged unauthorized access to networks, often remaining undetected for extended periods.

Cybersecurity

Cybersecurity IoT Architecture Artificial Intelligence

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

Researchers at Lumen’s Black Lotus Labs discovered a new malware family, named Cuttlefish, which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. The binary analyzed by the researchers is compiled for all major architectures used by SOHO operating systems.

Malware

Malware DNS Authentication Telecommunications

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Backups Architecture Cyber Attacks

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

computer name, user name, OS version, architecture type, list of installed anti-malware products) to the operators. “Users should apply the latest patch for OS and programs such as Internet browsers, and update V3 to the latest version to prevent malware infection in advance.” SecurityAffairs – hacking, malware).

Software

Software Malware Cybercrime VPN

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

FEBRUARY 18, 2020

Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. For instance, the Russian Turla hacking ring was recently spotted spreading an innovative Trojan, called Reductor , designed to alter the way Chrome and Firefox browsers handle HTTPS connections.

Encryption

Encryption Firewall Risk IoT

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. SecurityAffairs – hacking, Enemybot). Upon installing the threat, the bot drops a file in /tmp/.pwned To nominate, please visit:?

DDOS

DDOS Architecture Malware Cybercrime

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Webinars

Trending Sources

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Webinars

Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Experts found multiple flaws in Mercedes-Benz infotainment system

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Internet of Things Is Everywhere. Are You Secure?

What Is a DMZ Network? Definition, Architecture & Benefits

CISA Order Highlights Persistent Risk at Network Edge

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

150,000 Verkada security cameras hacked—to make a point

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

New NKAbuse malware abuses NKN decentralized P2P network protocol

New HEH botnet wipes devices potentially bricking them

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

China-linked LightBasin group accessed calling records from telcos worldwide

Western Digital customers have to update their My Cloud devices to latest firmware version

Will iPhone’s New “Lockdown Mode” Create Dangerous Overconfidence In Apple’s CyberSecurity Capabilities?

Google Android to simplify mobile security with Enterprise Essentials

Largest DDoS attack ever reported gets hoovered up by Cloudflare

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

Eagerbee backdoor targets govt entities and ISPs in the Middle East

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Cryptojacking campaign targets exposed Docker APIs

FreeRTOS flaws expose millions of IoT devices to cyber attacks

Updated Kmsdx botnet targets IoT devices

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Torii botnet, probably the most sophisticated IoT botnet of ever

What E-Commerce Sites Can Learn from the Covid-19 Pandemic

The Evolving Landscape of Cybersecurity: Trends and Challenges

Cuttlefish malware targets enterprise-grade SOHO routers

Raccoon Malware, a success case in the cybercrime ecosystem

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Amadey malware spreads via software cracks laced with SmokeLoader

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

Enemybot, a new DDoS botnet appears in the threat landscape

Stay Connected