2016 and Manufacturing - Information Management Today

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” “At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company.

Cloud

Cloud Manufacturing Marketing Data breaches

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT

IoT Manufacturing IT Security

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. The TrickGate packer was primarily used in attacks aimed at the manufacturing sector, and other attacks aimed at the education, healthcare, government, and finance industries.

Manufacturing

Manufacturing Archiving Education Phishing

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Notably, in 2016, Nissan suspended a remote telematics system in its all-electric hatchback, the Leaf, due to a vulnerability in the NissanConnect app’s server. Rising regulations As the attack surface broadens, original equipment manufacturers (OEMs) find themselves in a unique position.

Manufacturing

Manufacturing Cybersecurity IoT Risk

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. The amount of unauthorized access is approximately 200 megabytes, mainly for documents.”.

Security

Security Manufacturing Data breaches Access

NSO Group Hacked

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Citizen Lab has been researching and reporting on its actions since 2016. There’s a lot to read out there.

Manufacturing

Manufacturing IT

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

” “At present, pre-installed partners cover the entire mobile phone industry chain, including mobile phone chip manufacturers, mobile phone design companies, mobile phone brand manufacturers, mobile phone agents, mobile terminal stores and major e-commerce platforms,” reads a descriptive blurb about the company.

Cloud

Cloud Manufacturing Marketing Data breaches

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

Any device manufacturer, software developer or online service provider can integrate FIDO protocols and policies into their products and services. For its part, Veridium launched in 2016 with a laser focus on designing passwordless systems from scratch that directly addressed the growing frustration of IT department and security team leaders.

Authentication

Authentication Passwords Digital transformation Cloud

The Unsexy Threat to Election Security

Krebs on Security

JULY 25, 2019

The report notes that concerns about the security of these channels is hardly theoretical: In 2010, intruders hijacked ACRE’s election results Web page, and in 2016, cyber thieves successfully breached several county employee email accounts in a spear-phishing attack.

Security

Security Authentication Passwords Manufacturing

GUEST ESSAY: Here?s why Tesla has been sabotaged twice in two years ? lax network security

The Last Watchdog

JUNE 21, 2018

Musk reportedly sent out an internal email describing how an unnamed insider allegedly made unspecified code changes to the company’s manufacturing systems. In 2016, the company sued a former oil-services executive for impersonating Musk while crafting an email message sent to former Tesla CFO Jason Wheeler.

Manufacturing

Manufacturing Security Analytics Access

3D Printing Takes First Steps Into Serial Manufacturing Production

Synergis Software

JANUARY 9, 2019

Automobile manufacturer Audi is using its A4 Limousine, a low-production model, as a proving ground for process innovation research. One large steel frame section of the A4 has always been difficult to manufacture, so the research team decided to try 3D printing. His company currently has three basic uses for 3D printing.

Manufacturing

Manufacturing IT

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

JULY 24, 2018

According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. National Bank said the first breach began Saturday, May 28, 2016 and continued through the following Monday.

Insurance

Insurance Computer and Electronics Phishing Access

INFRA:HALT flaws impact OT devices from hundreds of vendors

Security Affairs

AUGUST 4, 2021

IN FRA:HALT is a set of vulnerabilities affecting a popular TCP/IP library commonly OT devices manufactured by more than 200 vendors. NicheStack (aka InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016. ” states the report.

Manufacturing

Manufacturing Libraries Cloud Security

Backdoor Built into Android Firmware

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. This is a supply chain attack.

Manufacturing

Manufacturing Libraries Security IT

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

I had an eye-opening conversation about all of this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor manufacturer based in Neubiberg, Germany. The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale.

IoT

IoT Security Manufacturing Cybersecurity

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers. According to the officials, the attack was launched by “an international cyber group called ‘ Lazarus.’

Agriculture

Agriculture Manufacturing Phishing Passwords

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

MARCH 28, 2019

Three years later, October 2016, a DDoS attack, dubbed Mirai, topped 600 gigabytes per second while taking aim at the website of cybersecurity journalist Brian Krebs. This attacker easily located IoT devices that used the manufacturers’ default security setting. His blog, Krebs on Security , was knocked down alright.

IoT

IoT Mining Manufacturing Security

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

The employees who kept things running for RSOCKS, circa 2016. Two other domains connected to that Google Analytics code — Russian plastics manufacturers techplast[.]ru ru, both apparently manufacturers of point-of-sale payment terminals in Russia. 7,” Kilmer said. ru , and the website web-site[.]ru

Passwords

Passwords Analytics Manufacturing Access

Wi-Fi Chip Vulnerability

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.

Manufacturing

Manufacturing Encryption Security IT

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

“AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.”

Manufacturing

Manufacturing Access Security IT

The Growing Presence (and Security Risks) of IoT

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

In the absence of IoT security regulations, many smart product manufacturers simply release new devices that lack built-in security measures and have not undergone proper security review and testing. That’s precisely what happened in the case of Dyn back in October 2016. Take manufacturing, for instance.

IoT

IoT Risk Energy and Utilities Security

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments.” ” reads the post published by Microsoft.

Military

Military Manufacturing Access Security

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

Other victims included one of France’s largest hospital systems; a French automobile manufacturer; a major French bank; companies that work with or manage networks for French postal and transportation systems; a domestic firm that operates a number of airports in France; a state-owned railway company; and multiple nuclear research facilities.

Passwords

Passwords Security Manufacturing Data breaches

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

Ransomware

Ransomware Encryption Communications Manufacturing

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Russia has twice now knocked out Ukraine’s power grid for extended periods, in the Industroyer attacks of December 2015 and again in December 2016. Hackers seeking to get in position to take over control or otherwise disrupt utilities are seeking paths through original equipment manufacturers, third-party vendors, and telecom providers.

Energy and Utilities

Energy and Utilities Access Cybersecurity Passwords

New Guidance Published on Cybersecurity and Medical Devices

Data Matters

JANUARY 13, 2020

New European medical device guidance will require manufacturers to carefully review cybersecurity and IT security requirements in relation to their devices and in their product literature. The Guidance acknowledges that even though the Regulations impose legal obligations only on the manufacturer of the device, all other actors (e.g.,

Cybersecurity

Cybersecurity Manufacturing GDPR Privacy

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

This will be led by the manufacturing, consumer, transportation and utilities sectors. National Institute of Standards and Technology (NIST) spent four years hammering out a framework for arriving at an appropriate level of IoT security, issuing NIST Special Publication 800–160 , in late 2016. more than the $646 billion spent in 2018.

IoT

IoT Energy and Utilities Security Privacy

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

Security Affairs

AUGUST 21, 2019

Statistics from 2016 showed that the average cost per compromised retail record was $172. Manufacturing. The manufacturing industry was not always known to embrace connected technology, but that’s changing. For example, manufacturing companies can expect a cyberattack itself to cost about $1.7

Cybersecurity

Cybersecurity Retail Manufacturing Data breaches

FTC Orders Mobile Device Manufacturers to Provide Information about Security Updates for Study

Hunton Privacy

MAY 10, 2016

On May 9, 2016, the Federal Trade Commission announced it had issued Orders to File a Special Report (“Orders”) to eight mobile device manufacturers requiring them to, for purposes of the FTC’s ongoing study of the mobile ecosystem, provide the FTC with “information about how [the companies] issue security updates to address vulnerabilities in smartphones, (..)

Manufacturing

Manufacturing Security Sales IT

North Korea’s Lazarus compromised dozens of organizations in Israel

Security Affairs

AUGUST 14, 2020

The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country’s defence manufacturers. Since January 2020, the North Korea-linked Lazarus APT has successfully compromised dozens of organizations in Israel and other countries.

Manufacturing

Manufacturing Phishing Ransomware IT

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including the defense, high tech, energy, government, aerospace, and manufacturing. Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum.

Communications

Communications Manufacturing Encryption Security

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security Affairs

JULY 1, 2019

Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors. “Compared to the 2016 variants this sample introduces a configuration file and does not rely on C2 for operation. ” continues the analysis.

Manufacturing

Manufacturing Libraries Communications Security

How to Avoid Card Skimmers at the Pump

Krebs on Security

JUNE 26, 2018

In addition, access to the insides of these older pumps frequently is secured via a master key that opens not only all pumps at a given station, but in many cases all pumps of a given model made by the same manufacturer. Older model fuel pumps like this one feature a flat, membrane-based keypad and vertical card reader. Image: SAPD.

Manufacturing

Manufacturing Security Encryption Access

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Before we dive into the specific cybersecurity concerns, let us remind you about the attack that took place in October 2016. The Flaws in Manufacturing Process. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. The Threat is Definitely Real.

IoT

IoT Cybersecurity Manufacturing Passwords

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Human Security identified a supply chain of a Chinese manufacturer that was compromised to backdoor the firmware of several products delivered to resellers, physical retail stores and e-commerce warehouses. Products containing the malicious backdoor have been found on public school networks throughout the United States.

e-Discovery

e-Discovery Retail Manufacturing Security

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

“Since May 2016, APT actors have used various tactics, techniques, and procedures ( TTPs ) for the purposes of cyber espionage and intellectual property theft. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.”

Communications

Communications Manufacturing Cybersecurity Phishing

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. ” reads the post published by Zscaler. ” reads the post published by Zscaler.

Archiving

Archiving Phishing Communications Manufacturing

FTC Settles with Router Manufacturer over Software Security Flaws

Hunton Privacy

FEBRUARY 24, 2016

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based network hardware manufacturer ASUSTeK Computer, Inc.

Manufacturing

Manufacturing Security Cloud Risk

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data.

Manufacturing

Manufacturing Data breaches Sales Access

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. “According to people involved, Chinese hackers Tick may have been involved.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

DECEMBER 3, 2018

On Friday, Starwood Properties, which merged with Marriott in 2016, disclosed as many as 500 million people who made reservations at their hotels may have had their personal information accessed in a breach that lasted as long as four years.

Authentication

Authentication Military Access Insurance

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Security Affairs

MARCH 15, 2021

Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). But I can confirm that it did indeed drop a shell on my test Exchange 2016 box. Most of exploit attempts targeted organizations in Turkey (19%), followed by United States (18%) and Italy (10%).

Military

Military Ransomware Manufacturing Security

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba was first spotted on September 2016 when experts at Morphus Labs discovered the infection of machines belonging to an energy company in Brazil with subsidiaries in the United States and India. The first sample of Mamba Ransomware discovered in the wild was using the full disk encryption tool DiskCryptor to strongly encrypt the data.

Ransomware

Ransomware Encryption File names Passwords

Earth Empusa targets minority group with Android ActionSpy spyware

Security Affairs

JUNE 15, 2020

The spyware leverages a sequence of iOS exploits in the wild since 2016 , since April 2020 ActionSpy is being spread via several pages distributed in the wild via phishing emails disguised as a download page of an Android video application that is popular in Tibet. The server, in turn, may send some commands to the compromised device.

Phishing

Phishing Encryption Manufacturing Access

Tracing the Supply Chain Attack on Android

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Trending Sources

TrickGate, a packer used by malware to evade detection since 2016

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

NSO Group Hacked

Tracing the Supply Chain Attack on Android

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Unsexy Threat to Election Security

GUEST ESSAY: Here?s why Tesla has been sabotaged twice in two years ? lax network security

3D Printing Takes First Steps Into Serial Manufacturing Production

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

INFRA:HALT flaws impact OT devices from hundreds of vendors

Backdoor Built into Android Firmware

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Israel announced to have foiled an attempted cyber-attack on defence firms

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Link Between AWM Proxy & the Glupteba Botnet

Wi-Fi Chip Vulnerability

AMD is going to patch UEFI SMM callout privilege escalation flaw

The Growing Presence (and Security Risks) of IoT

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

French Firms Rocked by Kasbah Hacker?

Cuba ransomware gang hacked 49 US critical infrastructure organizations

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

New Guidance Published on Cybersecurity and Medical Devices

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Cost of Dealing With a Cybersecurity Attack in These 4 Industries

FTC Orders Mobile Device Manufacturers to Provide Information about Security Updates for Study

North Korea’s Lazarus compromised dozens of organizations in Israel

China-Linked APT15 group is using a previously undocumented backdoor

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

How to Avoid Card Skimmers at the Pump

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Android devices shipped with backdoored firmware as part of the BADBOX network

DHS issued an alert on attacks aimed at Managed Service Providers

Grandoreiro banking malware targets Mexico and Spain

FTC Settles with Router Manufacturer over Software Security Flaws

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Mitsubishi Electric discloses data breach, media blame China-linked APT

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

FBI published a flash alert on Mamba Ransomware attacks

Earth Empusa targets minority group with Android ActionSpy spyware

Stay Connected