Backups and Firmware - Cyber Security Informer

Another Malware with Persistence

Schneier on Security

MARCH 9, 2023

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. The malware also adds a backdoor root user to the mounted file.

Malware

Malware Firmware Backups

It's 2021: Have you checked your backups?

Adam Shostack

JANUARY 2, 2025

As the expression goes, no one cares about backups, they care about restores. As the expression goes, no one cares about backups, they care about restores. Some lessons learned over the last few days: Apple has disabled single user mode as of Mojave, and many recovery options are not available if you use a firmware password.

Backups

Backups Firmware Passwords Internet

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

The My Book Live and My Book Live Duo devices received its final firmware update in 2015. If you’d still like to keep your MyBook connected to your local network (at least until you can find a suitable backup for your backups), please make double sure remote access is not enabled in your device settings (see screenshot above).

Internet

Internet Internet Backups Small Business

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

To mitigate the risk of Medusa ransomware attacks, CISA and the FBI recommend the following measures: Update systems regularly: Ensure operating systems, software, and firmware are patched and up to date to close known vulnerabilities. Organizations must proactively implement robust cybersecurity measures to defend against such attacks.

Ransomware

Ransomware Backups Firmware Insurance

Quantum Threats and How to Protect Your Data

SecureWorld News

DECEMBER 8, 2024

SPHINCS+: Provides a backup option for digital signatures, using a different mathematical approach to enhance diversity and ensure long-term security. Ensure quantum-ready hardware: Require that new infrastructure device purchases, such as routers and firewalls, have quantum-resistant or upgradable firmware.

Encryption

Encryption Firewall Education Firmware

It’s 2021: Have you checked your backups?

Adam Shostack

JANUARY 3, 2021

As the expression goes, no one cares about backups, they care about restores. Some lessons learned over the last few days: Apple has disabled single user mode as of Mojave, and many recovery options are not available if you use a firmware password. Do yours work? Do not forget that availability is a security property.

Backups

Backups Firmware Passwords Internet

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

Early this month, Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet that multiple ransomware gangs are cold-calling victims if they don’t pay the ransom and attempt to restore from backups. Patch operating systems, software, firmware, and endpoints.

Ransomware

Ransomware Backups Firmware Accountability

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Malwarebytes

MAY 8, 2023

While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” Create offsite, offline backups. Don’t get attacked twice.

Firmware

Firmware Ransomware Backups Malware

Spectre and Meltdown Attacks Against Microprocessors

Schneier on Security

JANUARY 5, 2018

The second is that some of the patches require updating the computer's firmware. In November, Intel released a firmware update to fix a vulnerability in its Management Engine (ME): another flaw in its microprocessors. The vulnerability that allowed them to be taken over by the Mirai botnet last August simply can't be fixed.

Firmware

Firmware Software Engineering Phishing

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

“The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. The company also recommends updating the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

Ransomware

Ransomware Backups Media Malware

Ranzy Locker Ransomware warning issued by FBI

CyberSecurity Insiders

OCTOBER 28, 2021

Ranzy Locker malware is also available for rent and so any threat actors having the intention to make quick money are seen distributing the newly developed file encrypting malware.

Ransomware

Ransomware Firmware Encryption Backups

Best Disaster Recovery Solutions for 2022

eSecurity Planet

JULY 8, 2022

“With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS. This type of backup and DR technology offers RPOs measured in hours. See the Best Backup Solutions for Ransomware Protection.

Backups

Backups Ransomware Technology Marketing

Topic-specific policy 7/11: backup

Notice Bored

OCTOBER 19, 2021

when I read the recommendation for a topic-specific policy on backup. If you already have a backup policy (or something with a vaguely similar title), I urge you to dig it out at this point and study it (again!) Is your backup policy exclusively about backing up computer data , most likely digital data from corporate IT systems?

Backups

Backups Risk Internet Internet

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Security Affairs

FEBRUARY 6, 2024

The malware survives reboots and firmware upgrades. “Notably, the COATHANGER implant is persistent, recovering after every reboot by injecting a backup of itself in the process responsible for rebooting the system. Moreover, the infection survives firmware upgrades.” ” continues the report.

Malware

Malware Firmware VPN Backups

Luna HSMs FIPS 140-3 Validation

Thales Cloud Protection & Licensing

APRIL 3, 2024

In fact, Luna HSM customers can just download and install the latest FIPS validated firmware. For the full details, read the FIPS 140-3 Product Announcement on our Customer Support Portal that outlines where to get the latest firmware for the Luna Network and Luna PCIe models. And that’s it!

Firmware

Firmware Technology Backups Marketing

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Security Affairs

MARCH 9, 2022

Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical systems. Two of the TLStorm vulnerabilities reside in the TLS implementation used by Cloud-connected Smart-UPS devices, while the third one is a design flaw in the firmware upgrade process of Smart-UPS devices.

Firmware

Firmware IoT Authentication Backups

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Security Affairs

OCTOBER 3, 2018

The list of vulnerable devices includes eight LenovoEMC NAS (PX) models, nine Iomega StoreCenter (PX and IX) models and the Lenovo branded devices; ix4-300d, ix2 and EZ Media and Backup Center. Lenovo confirmed that firmware versions 4.1.402.34662 and earlier are vulnerable, users have to download firmware version 4.1.404.34716 (or later).

Hacking

Hacking Firmware Advertising Backups

Data Deletion Methods: What’s Best for Sensitive Data?

eSecurity Planet

MARCH 18, 2022

Some sectors on the drive will be allocated to the firmware that manage the hard drive and communicate with the operating system. The magnetic drive firmware will not usually notify the operating system about reassigned bad sectors. Some hard drives may be inaccessible because of firmware-level hard drive passwords.

Firmware

Firmware Software Technology Ransomware

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released.

Ransomware

Ransomware Firmware Antivirus Accountability

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

backup servers, network shares, servers, auditing devices). In some attacks, government experts also observed the sabotage of backup or auditing devices to make recovery more difficult, the encryption of entire virtual servers, the use of scripting environments (i.e.

Education

Education Ransomware Antivirus Backups

CISA and FBI issue alert about Zeppelin ransomware

Malwarebytes

AUGUST 16, 2022

But you should also realize that while it’s easy to say that you need reliable and easy to deploy backups for example, it’s not always easy to follow that advice. Maintain offline backups of data, and regularly maintain backup and restoration. Ensure all backup data is encrypted, immutable (i.e.,

Ransomware

Ransomware Backups Passwords Authentication

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

Fuxnet (stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment (by NAND/SSD exhaustion and introducing bad CRC into the firmware). The attack brought all 87,000 sensors offline, threat actors also wiped databases, backups, and email servers, a total of 30TB of data. ” states the website. .

Malware

Malware Firmware IoT Hacking

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

Security Affairs

JANUARY 16, 2022

The ransomware known as Qlocker exploits CVE-2021-28799 to attack QNAP NAS running certain versions of HBS 3 (Hybrid Backup Sync).” Then it also deletes snapshots to prevent restoring of data from the backups and drops a ransom note (named !!!READ_ME.txt) Up to date apps and firmware seem not to help either.”

Ransomware

Ransomware Encryption Backups Firmware

PYSA Ransomware Attacks Targeting Healthcare, Education and Government Institutions, FBI Warns

Hot for Security

MARCH 17, 2021

“The cyber actors then exfiltrate files from the victim’s network, sometimes using the free opensource tool WinSCP5, and proceed to encrypt all connected Windows and/or Linux devices and data, rendering critical files, databases, virtual machines, backups, and applications inaccessible to users,” according to the advisory. and others.

Education

Education Healthcare Government Ransomware

Data Deletion Methods: What’s Best for Sensitive Data?

eSecurity Planet

MARCH 18, 2022

Some sectors on the drive will be allocated to the firmware that manage the hard drive and communicate with the operating system. The magnetic drive firmware will not usually notify the operating system about reassigned bad sectors. Some hard drives may be inaccessible because of firmware-level hard drive passwords.

Firmware

Firmware Software Technology Ransomware

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The good news is in the latter attack the victims restored its backups. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

Threat profile: Ranzy Locker ransomware

Malwarebytes

OCTOBER 28, 2021

Find and delete shadow volume copies, and other recent backups, and disable the Windows recovery environment. Store regular backups of your data off-site and offline, where attackers can’t reach them. Install security updates for software, operating systems, and firmware as soon as they are released. Mitigation.

Ransomware

Ransomware Backups Encryption Accountability

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization. Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. hard drive, storage device, the cloud).

Ransomware

Ransomware DDOS Passwords Backups

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

A few days ago the group released a press release in which they warned the companies to not try to recover their files from their backup, it also announced the forthcoming LG Electronics data leak. At the time of publishing this article, the Maze ransomware operators have released three screenshots as proof of the data breach.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

SEPTEMBER 9, 2024

These vulnerabilities represent significant dangers for end users and organizations — from the remote code execution vulnerabilities in Veeam Backup & Replication and Apache OFBiz to the severe access control issues in SonicWall and Google Android. The vulnerability affects all versions before 7.00, with a CVSS v3 score of 9.8

Firmware

Firmware Backups Firewall Risk

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Patch it now!

Data breaches

Data breaches Hacking Ransomware Malware

Maze Ransomware operators published data from LG and Xerox

Security Affairs

AUGUST 4, 2020

A few days ago the group released a press release in which they warned the companies to not try to recover their files from their backup, it also announced the forthcoming LG Electronics data leak. ” read a Maze’s statement reported by ZDNet.

Ransomware

Ransomware Encryption Advertising Hacking

How to Decrypt Ransomware Files – And What to Do When That Fails

eSecurity Planet

OCTOBER 18, 2022

The best defense and the best option for recovery will always be the availability of sufficient, isolated data backups and a practiced restoration process. However, even with the best planning, organizations can find a few users, machines, or systems that were overlooked or whose backup may be corrupted or encrypted.

Ransomware

Ransomware Encryption Insurance Backups

Top 12 Firewall Best Practices to Optimize Network Security

eSecurity Planet

DECEMBER 10, 2023

Automate Patches and Updates Ensure strong network security by automating regular updates of firewall firmware and installing security patches as soon as they become available. Prioritize testing updates in a controlled environment to confirm compatibility and backup configurations before deploying.

Firewall

Firewall Network Security Backups Education

Warning issued about Vice Society ransomware targeting the education sector

Malwarebytes

SEPTEMBER 7, 2022

But you should also realize that while it’s easy to say that you need reliable and easy to deploy backups, for example, it’s not always easy to follow that advice. Maintain offline backups of data, and regularly maintain backup and restoration. Ensure all backup data is encrypted, immutable (i.e.,

Education

Education Ransomware Backups Passwords

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Maintain known-good offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups. Limit ICS/SCADA systems’ network connections to only specifically allowed management and engineering workstations.

Passwords

Passwords Backups Architecture Cyber Attacks

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. and prior. .”

Backups

Backups Authentication Advertising Firmware

Deadbolt Ransomware targets Asustor and QNap NAS Devices

Security Affairs

FEBRUARY 24, 2022

At the end of January, QNAP forced the firmware update for its Network Attached Storage (NAS) devices to protect its customers against the DeadBolt ransomware. Make an immediate backup. The hijacked QNAP login screen displays a ransom note demanding the payment of 0.03 ” reads the advisory published by the vendor.

Ransomware

Ransomware Encryption Internet Internet

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Regularly back up data, air gap, and password-protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Antivirus Passwords Malware

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the 3-2-1 backup rule. Use the administrator account only for maintenance, software installation, or firmware updates. Attention should be paid to protecting routers and updating their firmware. While OS updates are now commonly practiced, router firmware updates remain an overlooked aspect.

Firmware

Firmware IoT Accountability Passwords

FBI issues advisory over Play ransomware

Malwarebytes

DECEMBER 19, 2023

Screenshot of the PLAY leak site The joint CSA emphasizes the importance of having an actionable recovery plan, using multi-factor authentication (MFA) , and keeping all operating systems, software, and firmware up to date. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers.

Ransomware

Ransomware Backups Encryption Firmware

Cloud Security: The Shared Responsibility Model

eSecurity Planet

OCTOBER 20, 2022

Drivers, Firmware, Software : Cloud providers bear responsibility to secure, test, and update the software and code that supports the firmware and the basic software infrastructure of the cloud. Customers will be fully responsible for securing the storage, transfer, and backup of data to their cloud environment. Data backup.

Backups

Backups Firewall Encryption Software

Western Digital: Disconnect My Book Live drives immediately

SC Magazine

JUNE 25, 2021

Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since. Western Digital stopped supporting My Live drives in 2015, and have not updated their firmware since then. Hackers appeared to be taking advantage of a vulnerability first published in 2019. AnneElizH/CC BY-SA 4.0/[link].

Firmware

Firmware Media Internet Internet

Half of EDR Tools, Organizations Vulnerable to Clop Ransomware: Researchers

eSecurity Planet

JUNE 30, 2023

Backup and Restoration: Keep offline backups of data and execute backup and restore on a regular basis. Encrypt backup data to ensure the data infrastructure’s immutability and coverage. Patch operating systems, software, and firmware on a regular basis.

Ransomware

Ransomware Backups Software Passwords

Another Malware with Persistence

It's 2021: Have you checked your backups?

Trending Sources

MyBook Users Urged to Unplug Devices from Internet

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

Quantum Threats and How to Protect Your Data

It’s 2021: Have you checked your backups?

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Ransomware attack on MSI led to compromised Intel Boot Guard private keys

Spectre and Meltdown Attacks Against Microprocessors

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Ranzy Locker Ransomware warning issued by FBI

Best Disaster Recovery Solutions for 2022

Topic-specific policy 7/11: backup

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Luna HSMs FIPS 140-3 Validation

TLStorm flaws allow to remotely manipulate the power of millions of enterprise UPS devices

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Data Deletion Methods: What’s Best for Sensitive Data?

Ranzy Locker ransomware hit tens of US companies in 2021

NCSC warns of a surge in ransomware attacks on education institutions

CISA and FBI issue alert about Zeppelin ransomware

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

A new wave of Qlocker ransomware attacks targets QNAP NAS devices

PYSA Ransomware Attacks Targeting Healthcare, Education and Government Institutions, FBI Warns

Data Deletion Methods: What’s Best for Sensitive Data?

FBI warns of ransomware attacks targeting the food and agriculture sector

Threat profile: Ranzy Locker ransomware

Avoslocker ransomware gang targets US critical infrastructure

Maze ransomware operators claim to have breached LG Electronics

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Maze Ransomware operators published data from LG and Xerox

How to Decrypt Ransomware Files – And What to Do When That Fails

Top 12 Firewall Best Practices to Optimize Network Security

Warning issued about Vice Society ransomware targeting the education sector

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

CISA warns of critical flaws in Prima FlexAir access control system

Deadbolt Ransomware targets Asustor and QNap NAS Devices

BlackCat Ransomware gang breached over 60 orgs worldwide

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

FBI issues advisory over Play ransomware

Cloud Security: The Shared Responsibility Model

Western Digital: Disconnect My Book Live drives immediately

Half of EDR Tools, Organizations Vulnerable to Clop Ransomware: Researchers

Stay Connected