Manufacturing, Passwords and Security - Information Management Today

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” The U.K. ” The U.K.

Passwords

Passwords Manufacturing IoT Retail

Gaming hardware manufacturer Razer suffered a data leak

Security Affairs

SEPTEMBER 13, 2020

Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed online. Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko. ” continues the post.

Manufacturing

Manufacturing Data breaches Phishing Passwords

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. ” As a proof of the hack Adrastea shared a link to a password-protected linked archive containing internal documents related to projects and correspondence. Pierluigi Paganini.

Manufacturing

Manufacturing Military Archiving Cybersecurity

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” The analysis of a subset of ~500 stolen credentials revealed that victims belong to a wide range of target industries, including IT, healthcare, real estate, and manufacturing.

Phishing

Phishing Passwords Manufacturing Cybersecurity

Security Affairs newsletter Round 377

Security Affairs

AUGUST 7, 2022

Every week the best security articles from Security Affairs free for you in your email box. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% The post Security Affairs newsletter Round 377 appeared first on Security Affairs.

Security

Security Manufacturing Passwords Ransomware

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.”

Passwords

Passwords Manufacturing IoT Cloud

Secure by Design: UK Enforces IoT Device Cybersecurity Rules

Data Breach Today

APRIL 29, 2024

Law Bans Universal Default Passwords; Requires Bug-Reporting Channels, Update Plan Say goodbye to buying internet of things devices in Britain with a default or hardcoded password set to "12345," as the country has banned manufacturers from shipping internet-connected and network-connected devices that don't comply with minimum cybersecurity standards. (..)

Cybersecurity

Cybersecurity IoT Manufacturing Passwords

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws.

IoT

IoT Manufacturing Passwords Communications

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company ( TSMC ) and $70 million ransom. In August 2018, a malware infected systems at several Taiwan Semiconductor Manufacturing Co.

Manufacturing

Manufacturing Ransomware Security awareness Cybersecurity

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network.

Passwords

Passwords Manufacturing Authentication Government

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Data Breach Today

AUGUST 26, 2019

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords.

Security

Security Manufacturing Passwords

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Original post: [link].

Security

Security IoT Passwords Manufacturing

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions. Bcrypt is a safe hashing algorithm that adds a layer of security guarding against attackers.

Passwords

Passwords Military Manufacturing Analytics

QNAP urges users to take action to protect devices against Brute-Force attacks

Security Affairs

MARCH 28, 2021

Taiwanese manufacturer QNAP published an alert urging its customers to secure their devices after a growing number of users reported that their devices have been hit by brute-force attacks. “With increasing reports of brute-force attacks, QNAP urges its users to take immediate action to enhance the security of their devices.”

Passwords

Passwords Manufacturing Security Access

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets.

Authentication

Authentication Retail Manufacturing Passwords

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. The offenders use stolen email passwords to log into the smart devices and take over them, is some cases they hijacked the live-stream camera and device speakers. Users should update their passwords on a regular basis.

Passwords

Passwords Manufacturing Authentication Access

Experts found backdoors in a popular Auerswald VoIP appliance

Security Affairs

DECEMBER 27, 2021

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. 7}' 1432d89. 7}' 92fcdd9.

Passwords

Passwords Manufacturing Authentication Access

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations.

Passwords

Passwords Healthcare Manufacturing Access

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

. “ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. ” wrote Google TAG Security Engineer Billy Leonard. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Manufacturing

Manufacturing Phishing Passwords Military

The UK Bans Default Passwords

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords

Passwords IoT Manufacturing Security

Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv

Security Affairs

OCTOBER 26, 2021

A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a sample of 5,000 gathered WiFi. CyberArk security researcher Ido Hoorvitch demonstrated how it is possible to crack WiFi at scale by exploiting a vulnerability that allows retrieving a PMKID hash. ” continues the post.

Passwords

Passwords Manufacturing Encryption Security

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. Pierluigi Paganini.

Manufacturing

Manufacturing Passwords Access Security

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution. ” concludes the advisory.

Passwords

Passwords Authentication Manufacturing Ransomware

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually. Acting on a tip from Milwaukee, Wis.-based

Security

Security Ransomware Agriculture Cybersecurity

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

A hacker managed to identify a weak spot in a security camera model. Usually, the default settings are not focused on security. Simple or reused passwords are still a problem. Instead, people come up with passwords that are comfortable. Then, a hacker could intercept this exchange and retrieve passwords in plaintext form.

IoT

IoT Cybersecurity Passwords Manufacturing

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Misconfigured Apache Airflow servers leak thousands of credentials

Security Affairs

OCTOBER 5, 2021

Researchers from security firm Intezer have discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information, including credentials, from several tech companies. Experts explained that it is quite common to find hardcoded passwords stored in these variables. Pierluigi Paganini.

Passwords

Passwords Manufacturing Cybersecurity Risk

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Security + efficiency. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections.

Authentication

Authentication Passwords Digital transformation Cloud

How to secure QNAP NAS devices? The vendor’s instructions

Security Affairs

JANUARY 7, 2022

Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks. QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices.” The post How to secure QNAP NAS devices?

Security

Security Ransomware Encryption Systems administration

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers. Organizations are recommended to implement supplementary security measures to protect SCADA systems used in the water and energy sectors. Pierluigi Paganini.

Agriculture

Agriculture Manufacturing Phishing Government

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The researchers shared a detailed analysis on Security Affairs , they explained that once the malware has infected a Windows machine, it overwrites the existing Master Boot Record, with a custom MBR and encrypts the hard drive using the DiskCryptor tool. Implement the shortest acceptable timeframe for password changes.

Ransomware

Ransomware Encryption File names Passwords

Avaddon ransomware gang shuts down their operations and releases decryption keys

Security Affairs

JUNE 11, 2021

This morning, BleepingComputer received a message from a source that was pretending to be the FBI that included a password and a link to a password-protected ZIP archive. BleepingComputer shared the decryption keys with the security firm Emsisoft, which has released in the past free decryptors for multiple pieces of ransomware.

Ransomware

Ransomware Passwords Manufacturing Archiving

Flaws in 4G Routers of various vendors put millions of users at risk

Security Affairs

AUGUST 13, 2019

Security expert discovered multiple flaws in 4G routers manufactured by several companies, some of them could allow attackers to take over the devices. G Richter, a security researcher at Pen Test Partners discovered multiple vulnerabilities 4G routers manufactured by different vendors. high severity CVSS v3.

Risk

Risk Manufacturing Passwords Authentication

UK Government Proposes IoT Security Measures

Data Breach Today

JANUARY 28, 2020

Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

Government

Government IoT Security Manufacturing

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

Small farms, large producers, processors and manufacturers, and markets and restaurants are particularly exposed to ransomware attacks. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Agriculture

Agriculture Ransomware Passwords Security awareness

eCh0raix ransomware is back and targets QNAP NAS devices again

Security Affairs

JUNE 6, 2020

The eCh0raix ransomware was appeared in the threat landscape in June 2019 by experts at security firms Intezer and Anomali. The ransomware targets poorly protected or vulnerable NAS servers manufactured by Taiwan-based QNAP Systems, attackers exploits known vulnerabilities or carry out brute-force attacks. Source Bleeping Computer.

Ransomware

Ransomware Encryption Manufacturing Passwords

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Education Passwords

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

. “AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware Passwords Encryption Financial Services

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Security Affairs

DECEMBER 27, 2018

Security experts at BleepingComputer wrote about a new ransomware called JungleSec that is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards. “In one case, the IPMI interface was using the default manufacturer passwords. The ransomware was first observed early November. .

Ransomware

Ransomware Passwords Encryption Manufacturing

The Unsexy Threat to Election Security

Krebs on Security

JULY 25, 2019

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. “Such a scenario could cause great confusion and erode public confidence in our elections, even if the vote itself is actually secure,” the report continues.

Security

Security Authentication Passwords Manufacturing

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument. The researchers estimated that combined revenue surpasses US$550 million.

Ransomware

Ransomware Encryption Passwords Education

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Microsoft researchers reported that the Mozi botnet was improved by implementing news capabilities to target network gateways manufactured by Netgear, Huawei, and ZTE. ” state researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT. Follow me on Twitter: @securityaffairs and Facebook.

IoT

IoT Manufacturing Passwords Ransomware

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The library notified law enforcement agencies and is investigating the security breach with the help of cybersecurity experts. However, if you have a British Library login and your password is used elsewhere, we recommend changing it as a precautionary measure.” This appears to be from our internal HR files.

Libraries

Libraries Ransomware Manufacturing Education

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Paper Access Manufacturing

NCSC: New UK law bans default passwords on smart devices

Gaming hardware manufacturer Razer suffered a data leak

Webinars

Trending Sources

Threat actor claims to have hacked European manufacturer of missiles MBDA

Webinars

Passwords stolen via phishing campaign available through Google search

Security Affairs newsletter Round 377

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Secure by Design: UK Enforces IoT Device Cybersecurity Rules

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

3.5m IP cameras exposed, with US in the lead

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Defense contractor Belcan leaks admin password with a list of flaws

QNAP urges users to take action to protect devices against Brute-Force attacks

Passwordless Authentication without Secrets!

FBI warns swatting attacks on owners of smart devices

Experts found backdoors in a popular Auerswald VoIP appliance

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

China-linked APT Curious Gorge targeted Russian govt agencies

The UK Bans Default Passwords

Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv

Botnet operators target multiple zero-day flaws in LILIN DVRs

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Misconfigured Apache Airflow servers leak thousands of credentials

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

How to secure QNAP NAS devices? The vendor’s instructions

Israel announced to have foiled an attempted cyber-attack on defence firms

FBI published a flash alert on Mamba Ransomware attacks

Avaddon ransomware gang shuts down their operations and releases decryption keys

Flaws in 4G Routers of various vendors put millions of users at risk

UK Government Proposes IoT Security Measures

FBI warns of ransomware attacks targeting the food and agriculture sector

eCh0raix ransomware is back and targets QNAP NAS devices again

FBI and CISA warn of attacks by Rhysida ransomware gang

Avoslocker ransomware gang targets US critical infrastructure

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

The Unsexy Threat to Election Security

Experts spotted a variant of the Agenda Ransomware written in Rust

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Rhysida ransomware gang is auctioning data stolen from the British Library

Hackers claim to have compromised 50,000 home cameras and posted footage online

Stay Connected