2024 and Manufacturing - Information Management Today

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

OCTOBER 30, 2024

QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. ” reads the advisory published by the Taiwanese manufacturer. The vulnerability impacts version 25.1.x Their fourth-round win nets them $10,000 and 4 Master of Pwn points.

Manufacturing

Manufacturing Security IT

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. x) may also be vulnerable.

Ransomware

Ransomware Manufacturing Access Risk

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Security Affairs

NOVEMBER 26, 2024

” The incident occurred on November 21, 2024, causing widespread disruptions to the company’s managed services hosted environment. “On November 21, 2024, Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident.”

Ransomware

Ransomware Retail Manufacturing Cloud

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

“On October 29, 2024, the Company detected a ransomware cybersecurity incident (“Incident”) in which an unauthorized third party gained access to certain of the Company’s internal information systems. .

Ransomware

Ransomware Manufacturing Cybersecurity Access

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing IoT Retail

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. As of May 2024, Black Basta has impacted over 500 organizations worldwide. Most of the victims are in the manufacturing, engineering and construction, and retail sectors. ” reads the CSA.

Ransomware

Ransomware Blockchain Retail Insurance

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Security Affairs

OCTOBER 31, 2024

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024.

Manufacturing

Manufacturing Security IT

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. The 2024 European Union elections face threats from content generated through these platforms. Artificial intelligence is having a significant impact on various industries, such as health, finance, and manufacturing.

Artificial Intelligence

Artificial Intelligence Government Manufacturing IT

A cyberattack disrupted operations of US chipmaker Microchip Technology

Security Affairs

AUGUST 22, 2024

Semiconductor manufacturer Microchip Technology announced that its operations were disrupted by a cyberattack. chipmaker Microchip Technology suffered a cyberattack that disrupted operations at several of its manufacturing plants. The company detected potentially suspicious activity involving its IT infrastructure on August 17, 2024.

Manufacturing

Manufacturing Sales Cybersecurity IT

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) ” The BlackByte’s victimology shows that over 32 percent of known victims are in the manufacturing industry vertical.

Ransomware

Ransomware Authentication Encryption Access

D-Link addressed three critical RCE in wireless router models

Security Affairs

SEPTEMBER 16, 2024

D-Link has addressed three critical vulnerabilities, tracked as CVE-2024-45694 , CVE-2024-45695 , CVE-2024-45697 , impacting three wireless router models. The manufacturer also addressed two high-severity vulnerabilities, tracked as CVE-2024-45696 and CVE-2024-45698. CVE-2024-45695 (9.8 and earlier.

Manufacturing

Manufacturing Security Access Risk

Critical RCE vulnerability found in OpenPLC

Security Affairs

SEPTEMBER 26, 2024

It is widely used for automating machines and processes in industries like manufacturing, energy, and utilities. The vulnerability was discovered by Jared Rittle of Cisco Talos that reported the issue to the maintainers of the project on June 10, 2024. The issue was addressed on September 18, 2024.

Energy and Utilities

Energy and Utilities Manufacturing IT Information Security

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Passwordless Authentication without Secrets!

Authentication

Authentication Retail Manufacturing Passwords

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

e-Discovery

e-Discovery Communications Ransomware Government

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

Nexperia is a semiconductor manufacturer headquartered in Nijmegen, the Netherlands. The chipmaker has 14,000 employees as of 2024. The chipmaker confirmed it became aware of the unauthorized access to certain Nexperia IT servers in March 2024. It is a subsidiary of the partially state-owned Chinese company Wingtech Technology.

Ransomware

Ransomware Manufacturing Insurance Cybersecurity

Zyxel addressed three RCEs in end-of-life NAS devices

Security Affairs

JUNE 5, 2024

The Outpost24 researcher Timothy Hjort reported the flaw to the manufacturer and published a detailed analysis and PoC exploit codes for the flaws. The vendor did not address CVE-2024-29975 and CVE-2024-29976 in its end-of-life products. Two flaws can also allow attackers to elevate privileges. 13)C0 and older.

Authentication

Authentication Manufacturing Security IT

A cyberattack halted operations at Varta production plants

Security Affairs

FEBRUARY 15, 2024

On February 12, 2023, a cyber attack halted operations at five production plants of German battery manufacturer Varta. On February 13, German battery manufacturer Varta announced that a cyber attack forced the company to shut down IT systems. The attack disrupted operations at five production plants and the administration.

Manufacturing

Manufacturing Ransomware IT Security

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Security Affairs

SEPTEMBER 20, 2024

The threat actor has been active since July 2022, it was observed targeting organizations in the education, healthcare, IT, and manufacturing sectors. Microsoft observed the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States.

Ransomware

Ransomware Manufacturing Education IT

14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries

Security Affairs

OCTOBER 2, 2024

The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices. On September 18, 2024, the FBI dismantled a botnet exploiting three DrayTek CVEs, and CISA recently added two more to its Known Exploited Vulnerabilities list. ” reads the advisory.

IoT

IoT Manufacturing Communications Ransomware

Sonos smart speakers flaw allowed to eavesdrop on users

Security Affairs

AUGUST 9, 2024

The researchers have disclosed the vulnerabilities during the BLACK HAT USA 2024 conference. MediaTek, who manufactures Wi-Fi SoC for Sonos speaker, released a security advisory in March 2024 (CVE-2024-20018). ” The vendor addressed the vulnerability with the release of Sonos S2 release 15.9,

Manufacturing

Manufacturing Paper Security IT

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 28, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added Apache OFBiz Incorrect Authorization Vulnerability CVE-2024-38856 (CVSS score of 9.8) The security researcher Hasib Vhora from SonicWall reported the vulnerability CVE-2024-38856 along with other security experts. to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Authentication Manufacturing Cybersecurity

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

Security Affairs

OCTOBER 1, 2024

North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. KG is a German weapon manufacturer headquartered in Überlingen. In May 2024, Symantec researchers observed the North Korea-linked group Kimsuky using a new Linux backdoor dubbed Gomir.

Military

Military Manufacturing Phishing Information Security

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Security Affairs

MARCH 11, 2024

The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufacturing, media and entertainment, and healthcare. which is an IP address linked to a server that hosted the BianLian GO backdoor as of March 6th, 2024.

Ransomware

Ransomware Manufacturing Access Security

Researchers warn of a new critical Apache OFBiz flaw

Security Affairs

AUGUST 5, 2024

Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. Apache OFBiz is an open-source ERP system that helps businesses automate and integrate various processes such as accounting, HR, CRM, order management, manufacturing, and e-commerce. addressed the flaw. ” wrote Vhora.

Authentication

Authentication Manufacturing Cybersecurity Security

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Security Affairs

SEPTEMBER 13, 2024

In August 2024, several users reported that Dr.Web antivirus detected changes in their TV box system files. Unfortunately, often manufacturers sell older OS versions as newer ones. Doctor Web researchers uncovered a malware, tracked as Vo1d , that infected nearly 1.3 million Android-based TV boxes belonging to users in 197 countries.

Manufacturing

Manufacturing Access Risk IT

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

Security Affairs

AUGUST 21, 2024

A flaw in millions of RFID cards manufactured by Shanghai Fudan Microelectronics allows these contactless cards to be cloned instantly. Researchers from security firm Quarkslab discovered a backdoor in millions of RFID cards manufactured by the Chinese chip manufacturer Shanghai Fudan Microelectronics.

Manufacturing

Manufacturing Paper Authentication Risk

Qualcomm fixed a zero-day exploited limited, targeted attacks

Security Affairs

OCTOBER 8, 2024

Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). I found an issue in collaboration with Amnesty and TAG that we have indication may be used ITW, CVE-2024-43047. The vulnerability stems from a use-after-free bug that could lead to memory corruption.

Manufacturing

Manufacturing Cybersecurity IT Security

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. The BlackSuit ransomware has targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing.

Ransomware

Ransomware Communications Manufacturing Phishing

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

JUNE 16, 2024

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

Authentication

Authentication Manufacturing Access IT

The best laptops of 2024: Expert tested and reviewed

Collaboration 2.0

DECEMBER 27, 2024

We've tested dozens of the best laptops released this year from all the big manufacturers, including Apple, Acer, Asus, and more so you can find the right fit.

Manufacturing

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Security Affairs

AUGUST 27, 2024

China-linked APT Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717 , in Versa Director, to deploy a custom webshell on breached networks. Versa Director servers between June 12 and mid-July 2024. ISP on June 12, 2024. Black Lotus Labs detected unusual traffic indicating the exploitation of several U.S.

Energy and Utilities

Energy and Utilities Communications Authentication Access

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Return here for more information at: 11:30 GMT on Tuesday 20th Feb” The Operation Cronos operation is still ongoing and NCA’s announced that more information will be published tomorrow, February 20, 2024. “The site is now under the control of law enforcement.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

5 most interesting Copilot+ laptops revealed at IFA 2024 (including one for gaming)

Collaboration 2.0

SEPTEMBER 4, 2024

Several manufacturers are releasing new Copilot+ PCs, from Samsung to Dell to Acer. Here are the best ones we've seen ahead of the show.

Manufacturing

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Security

Security Data breaches Computer and Electronics Ransomware

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Security Affairs

SEPTEMBER 15, 2024

— Port of Seattle – (@PortofSeattle) August 24, 2024 Passengers were recommended to check with their airlines for the latest information for their flights. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Education Encryption

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. On April 3, 2024, after completion of this comprehensive review, we determined that some of your personal information was involved.”

Data breaches

Data breaches Ransomware Manufacturing Encryption

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

Unit 42 researchers observed another large-scale campaign that peaked on January 29, 2024, threat actors used a spam email localized and the subject line has the pattern of Factura/Rechnung/invoice####. The campaign targeted organizations in many sectors, including the high-tech, finance, legal services and manufacturing industries.

Encryption

Encryption Manufacturing Archiving Phishing

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

Security Affairs

JUNE 6, 2024

” said Bryan Vorndran, the Assistant Director at the FBI Cyber Division, during the 2024 Boston Conference on Cyber Security. This call to action comes after law enforcement took down LockBit’s infrastructure in February 2024 in an international operation dubbed “ Operation Cronos.” continues the NCA.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Encryption

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Security Affairs

AUGUST 6, 2024

In January 2024, the Kimsuky APT group was spotted distributing malware through the website of a construction industry association in South Korea. Stay informed about government cybersecurity advisories and act promptly on manufacturer recommendations.

Information capture

Information capture Authentication Military Government

Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

eSecurity Planet

NOVEMBER 4, 2024

October 26, 2024 Windows 11 Downgrade Vulnerability Is Still Wide Open Type of vulnerability: Admin code execution privileges leading to operating system downgrades. He demonstrated the downgrade at Black Hat 2024, reverting fully patched Windows machines back to previous vulnerable states.

Cloud

Cloud Honeypots Authentication Manufacturing

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Security Affairs

DECEMBER 14, 2024

The affected manufacturers include Baicells, D-Link, Hikvision, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics. The attacks began in late 2023, coinciding with other industrial system breaches, and continued into mid-2024. The malware remained undetected by VirusTotal antivirus engines as of December 2024.

IoT

IoT Manufacturing Encryption Communications

Top 5 predictions for manufacturing in 2024

OpenText Information Management

DECEMBER 11, 2023

In recent years, the manufacturing sector has experienced notable disruptions – including supply chain instability, product demand fluctuations, transportation issues, and workforce shortages. As we anticipate the forthcoming year, here are … The post Top 5 predictions for manufacturing in 2024 appeared first on OpenText Blogs.

Manufacturing

Manufacturing Content services Digital transformation Cloud

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

pic.twitter.com/542Wl9QIgw — Dominic Alvieri (@AlvieriD) August 7, 2024 It isn’t the first time that the Rhysida Ransomware group targeted a hospital. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Libraries Education

District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations

Data Matters

APRIL 4, 2024

On March 28, 2024, in US v. The decision gives effect to the CDA as drafted and will make it significantly harder for the government to hold manufacturers and online retailers liable for content, including software, created and sold by third parties. EZ Lynk , the U.S.

Manufacturing

Manufacturing Communications Retail Sales

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

Mazda Connect flaws allow to hack some Mazda vehicles

Webinars

Trending Sources

Software firm Blue Yonder providing services to US and UK stores, including Starbucks, hit by ransomware attack

Webinars

Texas oilfield supplier Newpark Resources suffered a ransomware attack

NCSC: New UK law bans default passwords on smart devices

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

Elections 2024, artificial intelligence could upset world balances

A cyberattack disrupted operations of US chipmaker Microchip Technology

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

D-Link addressed three critical RCE in wireless router models

Critical RCE vulnerability found in OpenPLC

Passwordless Authentication without Secrets!

China’s Volt Typhoon botnet has re-emerged

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Zyxel addressed three RCEs in end-of-life NAS devices

A cyberattack halted operations at Varta production plants

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

14 New DrayTek routers’ flaws impacts over 700,000 devices in 168 countries

Sonos smart speakers flaw allowed to eavesdrop on users

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Researchers warn of a new critical Apache OFBiz flaw

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

Qualcomm fixed a zero-day exploited limited, targeted attacks

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

ASUS fixed critical remote authentication bypass bug in several routers

The best laptops of 2024: Expert tested and reviewed

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Operation Cronos: law enforcement disrupted the LockBit operation

5 most interesting Copilot+ laptops revealed at IFA 2024 (including one for gaming)

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

StrelaStealer targeted over 100 organizations across the EU and US

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

IOCONTROL cyberweapon used to target infrastructure in the US and Isreael

Top 5 predictions for manufacturing in 2024

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations

Stay Connected