Tag: IOT

The cyber threat landscape in 2025 is expected to be influenced by technological advancements, evolving cybercriminal tactics, and geopolitical tensions. Organizations need to enhance their cybersecurity measures to address these emerging challenges effectively. Affected Platform: Cybersecurity, Operational Technology, AI, IoT, Supply Chain

Keypoints :

The cyber threat landscape is becoming increasingly sophisticated and hazardous.…
Read More

Summary: The Cyber Resilience Act in Europe and similar regulations in the UK and US are pushing manufacturers of Internet of Things (IoT) devices to enhance security standards amidst rising cyber threats. This regulatory shift aims to eliminate weak practices like default passwords and inadequate software updates that have contributed to significant vulnerabilities in connected devices.…
Read More

Victim: yoniot.cn Country : CN Actor: darkvault Source: http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion//post/NzdhZDA1YWY0NTcwYTE4Yzk2ZWU3NT Discovered: 2025-01-06 14:00:22.402819 Published: 2025-01-06 13:59:13.864337

Description : 有,你物联”是一家专注于物联网科技、智能家居、智慧社区的软硬件研发与应用的国家高新技术企业。凭借在物联网领域深耕10余年的研发团队,不断自主研发,形成了以智慧社区、智能家居为一体的智慧系统解决方案。致力于让智能家居成为家庭的一员。

Ransomware Victims – ALL Other Victims by darkvault

Security Overview Victim Website: yoniot.cn Description: A platform focused on IoT technology, smart home solutions, and intelligent community systems. Industry: High-tech, specifically in the Internet of Things (IoT) and smart home sectors.…
Read More

Summary: Recent developments in cybersecurity reveal significant vulnerabilities in trusted software like browser extensions and voice assistants, exposing sensitive user data to malicious actors. This week’s focus highlights the ongoing risks associated with digital convenience and the importance of vigilance in online activities.

Threat Actor: Flax Typhoon (Chinese state-sponsored) | Flax Typhoon Victim: Cyberhaven | Cyberhaven

Key Point :

Dozens of Google Chrome extensions were found stealing sensitive data from 2.6 million devices.…
Read More

Summary: The U.S. has sanctioned the Chinese cybersecurity firm Integrity Technology Group for its involvement in facilitating cyberattacks by the state-sponsored hacking group Flax Typhoon, which targets critical infrastructure. The sanctions freeze the company’s U.S. assets and restrict financial interactions due to its ties with the Chinese government and its role in a botnet operation.…
Read More

### #HailCockBotnet #IoTSecurity #LegacyDeviceRisks

Summary: The Hail Cock botnet, a variant of Mirai, is actively exploiting vulnerabilities in outdated devices like the DigiEver DS-2105 Pro DVR, highlighting the risks associated with unsupported hardware. This botnet employs advanced encryption techniques to evade detection and maintain persistence.

Threat Actor: Hail Cock botnet | Hail Cock botnet Victim: DigiEver DS-2105 Pro DVR | DigiEver DS-2105 Pro DVR

Key Point :

The Hail Cock botnet exploits a remote code execution vulnerability in the DigiEver DS-2105 Pro DVR through the /cgi-bin/cgi_main.cgi…
Read More

This article explores the various methods attackers can use to obtain AWS IAM role credentials, highlighting the complexities of credential access in cloud environments. It emphasizes the importance of understanding these methods for effective defense against potential threats. #AWS #CloudSecurity #IAMCredentials

Keypoints :

Attackers target cloud credentials on resources they access.…
Read More

### #IoTSecurity #MalwareDisruption #BotnetMitigation

Summary: Germany’s BSI has successfully disrupted the BadBox malware, which was pre-installed on over 30,000 Android-based IoT devices, by employing DNS sinkholing techniques. This operation is part of a broader effort to combat a botnet linked to malicious apps and firmware that has affected over 280,000 devices globally.…

Read More

Summary :

Team82’s analysis of the IOCONTROL malware, linked to Iranian attackers, reveals its use against critical IoT/OT infrastructure in Israel and the U.S., targeting various devices. The malware employs stealthy communication methods and showcases the geopolitical tensions between Iran and Israel. #IoT #Malware #Cybersecurity

Keypoints :

IOCONTROL is a custom-built malware targeting IoT and OT devices.…
Read More

### #IoTExploitation #CloudVulnerabilities #DeviceSecurity

Summary: Researchers from Claroty Team82 have identified and reported 10 critical vulnerabilities in Ruijie Networks’ Reyee cloud management platform, which could allow attackers to gain control over thousands of IoT devices. The vulnerabilities have been patched, but the potential for exploitation raises significant concerns about the security of cloud-connected IoT devices.…

Read More

### #AIModelTheft #EMSignalExploitation #TPUXtract

Summary: Researchers have developed a method called TPUXtract that allows for the recreation of neural networks by analyzing electromagnetic signals emitted from chips, posing significant risks for AI intellectual property theft. This technique enables attackers to replicate AI models with high accuracy, potentially leading to cybercrime and competitive disadvantages.…

Read More

### #IoTThreats #CriticalInfrastructureAttack #IranianCyberOps

Summary: Iranian threat actors are deploying a sophisticated malware named IOCONTROL to infiltrate IoT devices and critical infrastructure systems in Israel and the U.S. This malware poses significant risks to essential services by targeting various devices used in operational technology environments.

Threat Actor: CyberAv3ngers | CyberAv3ngers Victim: Gasboy fuel control system | Gasboy fuel control system

Key Point :

IOCONTROL is capable of compromising a wide range of IoT devices, including routers and PLCs, from multiple manufacturers.…
Read More

Summary :

Cyble’s latest Sensor Intelligence report reveals a surge in malware, phishing, and IoT vulnerabilities, highlighting critical threats and vulnerabilities that organizations must address. #CyberThreats #MalwareSurge #IoTVulnerabilities

Keypoints :

Cyble has identified multiple instances of exploitation attempts, malware intrusions, financial fraud, and brute-force attacks. The report covers various vulnerabilities including high-profile malware variants and CVE attempts.…
Read More

### #DCOMAttack #WindowsInstallerExploitation #StealthyBackdoor

Summary: Researchers at Deep Instinct have identified a sophisticated DCOM attack that utilizes the Windows Installer service to stealthily deploy backdoors on Windows systems. This method allows attackers to exploit the IMsiServer interface for remote code execution while remaining within the same domain as the victim.…

Read More

### #ProxyMalware #BotnetThreats #CloudMisconfigurations

Summary: Recent findings reveal the Socks5Systemz botnet is powering a proxy service known as PROXY.AM, facilitating cybercriminal activities through compromised systems. This highlights the growing threat posed by proxy malware and the exploitation of cloud misconfigurations for malicious purposes.

Threat Actor: Socks5Systemz | Socks5Systemz Victim: Various compromised systems | compromised systems

Key Point :

Socks5Systemz has been active since 2013, turning infected machines into proxy exit nodes for cybercriminals.…
Read More

### #OpenWrtSecurity #FirmwareIntegrity #IoTSecurity

Summary: A critical vulnerability in OpenWrt’s Attended Sysupgrade feature could have allowed attackers to distribute malicious firmware packages, potentially compromising users’ devices. The flaw, tracked as CVE-2024-54143, was quickly addressed, but users are advised to verify their firmware installations.

Threat Actor: Unknown | unknown Victim: OpenWrt Users | OpenWrt Users

Key Point :

A command injection and hash truncation flaw was discovered in the Attended Sysupgrade feature, allowing for potential malicious firmware distribution.…
Read More

Victim: zero5 Country : DE Actor: funksec Source: http://7ixfdvqb4eaju5lzj4gg76kwlrxg4ugqpuog5oqkkmgfyn33h527oyyd.onion/Breach13.html Discovered: 2024-12-07 20:12:08.133957 Published: 2024-12-07 20:12:06.147718 Description : [AI generated] Zero5 is a technology company specializing in innovative solutions for digital transformation. It focuses on developing cutting-edge software and services that enhance connectivity, efficiency, and automation for businesses across various industries.…

Read More
Summary: Threat actors are exploiting misconfigured Docker servers to deploy Gafgyt malware, traditionally targeting IoT devices. This shift in behavior allows attackers to launch DDoS attacks on vulnerable servers. Enhanced security measures are recommended to mitigate these risks. #GafgytMalware #DockerSecurity #DDoSAttacks Keypoints: Trend Micro Research identified Gafgyt malware targeting misconfigured Docker Remote API servers.…
Read More