Authentication, Manufacturing and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication

Authentication Firmware VPN Manufacturing

Why you need to trust your VPN: Lock and Code S02E05

Malwarebytes

MARCH 29, 2021

In addition, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN. But obscuring your Internet activity—including the websites you visit, the searches you make, the files you download—doesn’t mean that a VPN magically disappears those things. Source: ComputerWeekly).

VPN

VPN Internet Internet Manufacturing

NSA, CISA Release Guidance for Choosing and Hardening VPNs

eSecurity Planet

OCTOBER 1, 2021

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. What might be most striking about the document is how many security steps and solutions it takes to properly secure VPN connections.

VPN

VPN Authentication Passwords Software

Threat Landscape Report: Uncovering Critical Cyber Threats to Manufacturing Sector

Digital Shadows

FEBRUARY 10, 2025

Key Findings During the reporting period (August 1, 2024January 31, 2025), the manufacturing sector faced a turbulent threat landscape: Attackers ramped up their abuse of remote external services software, used impersonating domains for targeted spearphishing attacks, and continued to target the sector with ransomware.

Manufacturing

Manufacturing Cyber threats VPN Ransomware

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4

Spyware

Spyware Manufacturing Small Business Surveillance

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Security Affairs

AUGUST 6, 2024

South Korea’s National Cyber Security Center (NCSC) reported that North Korea-linked hackers hijacked VPN software updates to deploy malware. The malware was concealed within security authentication software used during website login. The compromised VPN client mistakenly accepted these files, leading to the execution of DoraRAT.

VPN

VPN Malware Software Hacking

Cyber Threat warning issued to all internet connected UPS devices

CyberSecurity Insiders

APRIL 1, 2022

Therefore, system administrators are being advised to put the connected UPS devices behind a virtual private network (VPN) and use them with a multifactor authentication in place. Note – All internet connected devices must and should be placed behind a VPN and enabled with a multi-factor authentication.

Cyber threats

Cyber threats Internet Internet Energy and Utilities

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

eSecurity Planet

SEPTEMBER 11, 2023

Network security is another big theme this week: Whether it’s a VPN connection or an enterprise-grade networking platform, patch management solutions typically won’t update network devices, so admins may need to keep an eye on any flaws there too. of the Atlas VPN Linux client. via port 8076. score of 9.8 out of 10.0,

VPN

VPN Authentication Firmware Phishing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Hacking Engineering Manufacturing

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. 7}' 1432d89. Pierluigi Paganini.

Firmware

Firmware Manufacturing Passwords Penetration Testing

PseudoManuscrypt: a mass-scale spyware attack campaign

SecureList

DECEMBER 16, 2021

of all computers attacked by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in various industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. According to our telemetry, at least 7.2%

Spyware

Spyware Energy and Utilities Malware VPN

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

Akira’s victims spanned a wide range of sectors, with a particular focus on manufacturing, professional services, healthcare, and critical infrastructure. infrastructure sectors, including healthcare, government services, financial services, and critical manufacturing.

Malware

Malware Ransomware Passwords Healthcare

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Hacking Manufacturing Healthcare

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Hacking Manufacturing Healthcare

CISA Cautions of Attacks on UPS Devices

Hacker Combat

APRIL 1, 2022

A feature adopted by a large number of manufacturers in the recent past is the addition of the internet and related features to their units. Many manufacturers, however, have incorporated internet connectivity and other capabilities into their UPS equipment in recent years to enable remote monitoring and management.

Passwords

Passwords Internet Internet Manufacturing

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. For this reason, if the customer has SSL-VPN enabled, Fortinet is advising customers to take immediate action to upgrade to the most recent firmware release.

Firewall

Firewall VPN Firmware Internet

Brute Force attack launched by Russia APT28 using Kubernetes

CyberSecurity Insiders

JULY 2, 2021

It is found hacking databases through brute force attacks or password spray via TOR and VPN servers. APT28 aka Fancy Bear or Strontium is a hacking group that is funded by Russian Military Intelligence. And then is seen accessing the entire network through stolen credentials and sometimes exploiting vulnerabilities in targeting systems.

System Administration

System Administration VPN Manufacturing Passwords

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

Security Affairs

AUGUST 28, 2024

is an authentication bypass vulnerability in VMware ESXi. However, Talos IR believes that brute-force authentication via internet scanning was likely the initial access method. The threat actors moved laterally within the network using NT LAN Manager (NTLM) for authentication, a method often associated with pass-the-hash attacks.

Ransomware

Ransomware Authentication Encryption VPN

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M GENERAL BYTES is the world’s largest Bitcoin, Blockchain, and Cryptocurrency ATM manufacturer. The hackers were also able to turn off the two-factor authentication (2FA). Terminals should also connect to CAS via VPN.

Cryptocurrency

Cryptocurrency VPN Manufacturing Firewall

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Security Affairs

DECEMBER 16, 2021

of all systems targeted by the PseudoManuscrypt malware are part of industrial control systems (ICS) used by organizations in multiple industries, including Engineering, Building Automation, Energy, Manufacturing, Construction, Utilities, and Water Management. The experts revealed that at least 7.2%

Spyware

Spyware Energy and Utilities Malware Engineering

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.” If the customer is not operating SSL-VPN the risk of this issue is mitigated – however, Fortinet still recommends upgrading.”

Firewall

Firewall VPN Firmware Manufacturing

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Manufacturing Healthcare Education

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

MAY 24, 2024

509 [2] certificates) and encrypted, authenticated connections (TLS [3] and its precursor, SSL [4] ). For instance, suppose firewall manufacturer ACME Inc. For instance, suppose firewall manufacturer ACME Inc. This is typically achieved through a combination of Public Key Infrastructure (using X.509

DNS

DNS Manufacturing Firewall Internet

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. Use multi-factor authentication with strong pass phrases where possible. Consider installing and using a VPN. hard drive, storage device, the cloud).

Ransomware

Ransomware Manufacturing Passwords Internet

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

FEBRUARY 10, 2021

That can spill over into the remote access side, and they may not have a IT person who can look at whether there’s a better way to do things, such as securing remote access and setting up things like two-factor authentication.” Quite rarely do they have a proper VPN [virtual private network] for secure remote connection.

Hacking

Hacking Media Cybersecurity Ransomware

Two critical flaws affect CODESYS ICS Automation Software

Security Affairs

JUNE 27, 2022

.” The Chinese researchers who discovered the vulnerabilities pointed out that CODESYS V2 Runtime is used by many manufacturers, and most of these manufacturers still use outdated versions. The vulnerabilities affect a large number of manufacturers using a version of CODESYS V2 Runtime older than V2.4.7.57.

Software

Software Manufacturing Firmware Risk

Insert Tokens to Play! OpenID Connect (OIDC) Support in Duo SSO Is Now in Early Access

Duo's Security Blog

NOVEMBER 30, 2022

Supporting OIDC allows us to protect more of the applications that our customers are adopting as we all move towards a mobile-first world and integrate stronger and modern authentication methods (e.g. protocol adding Authentication to what has historically been used for Authorization purposes. biometrics). What is OIDC?

B2C

B2C B2B Authentication Mobile

Vital Tips & Resources to Improve Your Internet Safety

CyberSecurity Insiders

DECEMBER 18, 2021

When device manufacturers and software developers find out about bugs, they immediately release a patch to fix them. Use Strong Passwords & Two-Factor Authentication. Besides turning these tips into healthy habits, you should also enable two-factor authentication wherever possible. Keep All Your Devices Up to Date.

Internet

Internet Internet Passwords Banking

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Cyber Attacks Technology Manufacturing

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

This allowed ESET researchers to identify devices previously used in a data center/ cloud computing business (specifically, a router provisioning a university’s virtualized assets), a nationwide US law firm, manufacturing and tech companies, a creative firm, and a major Silicon Valleybased software developer, among others.”

Hacking

Hacking VPN Marketing Authentication

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

. “As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors,” reads the FBI’s flash alert.

Ransomware

Ransomware Financial Services Passwords VPN

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Both tools could be used to target SOHO and other routers manufactured by major industry providers, including Cisco, Fortinet, and MikroTik. Enforce multifactor authentication (MFA) for all users, without exception [ D3-MFA ]. Enforce MFA on all VPN connections [ D3-MFA ]. ” reads the advisory published by the US agencies.

Telecommunications

Telecommunications Authentication Passwords Accountability

Ransomware and Cyber Extortion in Q4 2024

Digital Shadows

JANUARY 14, 2025

To gain access to internal networks, Akira targeted local accounts with disabled multifactor authentication (MFA) and SonicOS firmware versions vulnerable to exploitation, often exposed to the internet for virtual private network (VPN) access. In addition, aligning PowerShell policies with user roles further minimizes abuse.

Ransomware

Ransomware Social Engineering Phishing VPN

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. Use multifactor authentication with strong pass phrases where possible. Consider installing and using a VPN. hard drive, storage device, the cloud). Disable hyperlinks in received emails.

Ransomware

Ransomware Passwords Backups Firmware

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Because of this unwillingness of UDP Technology to respond, RandoriSec worked with Geutebrück, one of the camera vendors, to correct the 11 authenticated RCE vulnerabilities and a complete authentication bypass that they found in the firmware. Also recognize that a VPN is only as secure as the connected devices. History lessons.

Firmware

Firmware Technology Authentication IoT

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

US agencies warn that groups employed DarkSide ransomware in attacks aimed at organizations across various Critical Infrastructure sectors, including manufacturing, legal, insurance, healthcare, and energy. Require multi-factor authentication for remote access to OT and IT networks. other than VPN gateways, mail ports, web ports).

Ransomware

Ransomware Healthcare Phishing Risk

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence. The group relied on compromised credentials to authenticate to internal VPN access points.

Ransomware

Ransomware Encryption VPN Manufacturing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Use multifactor authentication where possible.

Ransomware

Ransomware DDOS Passwords Backups

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

Exploitation requires successful authentication by a user with the necessary privileges. The web shell’s primary purpose is to intercept and harvest credentials which would enable access into downstream customers’ networks as an authenticated user. ” reads the advisory published by Versa Networks. . victims and one non-U.S.

Energy and Utilities

Energy and Utilities Firewall Technology Malware

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

AUGUST 3, 2024

A compromised VPN account with a weak password led to a ransomware attack that disrupted fuel supplies throughout the U.S. Multi-factor authentication (MFA) and stringent password policies can safeguard against unauthorized access, even if an individual's password is compromised. The attacker's gateway? Human blunders.

IoT

IoT Education Technology Passwords

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The Flaws in Manufacturing Process. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. It can be prevented through the use of an online VPN. Shadow IoT Devices.

IoT

IoT Cybersecurity Manufacturing Internet

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of critical flaws affecting access control systems manufactured by Prima Systems. The vulnerability could be exploited by a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges. .

Backups

Backups Authentication Advertising Firmware

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Trending Sources

ASUS fixed critical remote authentication bypass bug in several routers

Why you need to trust your VPN: Lock and Code S02E05

NSA, CISA Release Guidance for Choosing and Hardening VPNs

Threat Landscape Report: Uncovering Critical Cyber Threats to Manufacturing Sector

Security Affairs newsletter Round 377

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Cyber Threat warning issued to all internet connected UPS devices

Weekly Vulnerability Recap – Sept. 11, 2023 – Android Update Fixes 33 Vulnerabilities

Rhysida ransomware gang claimed China Energy hack

Experts found backdoors in a popular Auerswald VoIP appliance

PseudoManuscrypt: a mass-scale spyware attack campaign

Nastiest Malware 2024

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware group hacked Abdali Hospital in Jordan

CISA Cautions of Attacks on UPS Devices

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Brute Force attack launched by Russia APT28 using Kubernetes

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

PseudoManuscrypt, a mysterious massive cyber espionage campaign

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

FBI and CISA warn of attacks by Rhysida ransomware gang

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

FBI warns of ransomware threat to food and agriculture

What’s most interesting about the Florida water system hack? That we heard about it at all.

Two critical flaws affect CODESYS ICS Automation Software

Insert Tokens to Play! OpenID Connect (OIDC) Support in Duo SSO Is Now in Early Access

Vital Tips & Resources to Improve Your Internet Safety

Rhysida ransomware gang is auctioning data stolen from the British Library

Hackers can hack organizations using data found on their discarded enterprise network equipment

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

China-linked threat actors have breached telcos and network service providers

Ransomware and Cyber Extortion in Q4 2024

FBI warns of ransomware attacks targeting the food and agriculture sector

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

US CISA and FBI publish joint alert on DarkSide ransomware

Researchers released a free decryption tool for the Rhysida Ransomware

Avoslocker ransomware gang targets US critical infrastructure

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

CISA warns of critical flaws in Prima FlexAir access control system

Stay Connected