Sign up to save your podcasts
Or
Share Costa Rica hive, Foxconn Locked, JetPort backdoor, and more.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Costa Rica hive, Foxconn Locked, JetPort backdoor, and more.
A daily look at the relevant information security news from overnight - 01 June, 2022
Episode 235 - 01 June 2022
Costa Rica Hive- https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/
Foxconn Locked -
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Wait ‘till I get my Hanes on you - https://www.marketwatch.com/story/hanesbrands-says-it-suffered-a-ransomware-attack-on-may-24-and-has-informed-law-enforcement-2022-05-31
Sidewinder VPN -
https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/
JetPort backdoor -
https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms
Hi, I’m Paul Torgersen. It’s Tuesday June 1st, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
Costa Rica, after declaring a national emergency because of ransomware attacks from the Conti group, has now been hit with a Hive ransomware attack. All computer systems of Costa Rica's public health service are now offline after every printer in the system started printing early this morning. It is thought that the threat actors behind this Hive attack may come from Conti as that organization continues being disbanded and moved to smaller entities.
From SecurityWeek.com:
Cybercriminals say they have breached the systems of the Foxconn factory in Mexico, using the LockBit 2.0 ransomware. They are threatening to leak stolen files if the company doesn’t pay up. It is unclear if the attack has impacted the company’s OT systems. You may recall, the US systems of Foxconn were hit about a year and a half ago with the DopplePaymer ransomware.
From MarketWatch.com:
Speaking of ransomware, Hanesbrands said it was the subject of a ransomware attack on May 24 and activated business continuity and incident response plans to contain it. The company says they are in the early stages of their investigation and have not determined the full impact of the attack.
From BleepingComputer.com:
Phishing campaigns attributed to an APT called SideWinder involved a fake VPN app for Android devices published on Google Play Store. They even have a custom tool that filters victims for better targeting. SideWinder has been active since at least 2012, and is believed to be of Indian origin with a relatively high level of sophistication. They have been attributed with close to 1,000 attacks in the past two years. Details in the article.
And last today, from SecurityWeek.com
Korenix JetPort industrial serial device servers have a backdoor account that can take full control of the device. This was found back in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. They say it is needed for customer support. The password for the account is in the firmware, so is the same for every device and cannot be changed by the customer. But don’t worry, the manufacturer says the password can't be cracked in a reasonable...
Episode 235 - 01 June 2022
Costa Rica Hive- https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/
Foxconn Locked -
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Wait ‘till I get my Hanes on you - https://www.marketwatch.com/story/hanesbrands-says-it-suffered-a-ransomware-attack-on-may-24-and-has-informed-law-enforcement-2022-05-31
Sidewinder VPN -
https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/
JetPort backdoor -
https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms
Hi, I’m Paul Torgersen. It’s Tuesday June 1st, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
Costa Rica, after declaring a national emergency because of ransomware attacks from the Conti group, has now been hit with a Hive ransomware attack. All computer systems of Costa Rica's public health service are now offline after every printer in the system started printing early this morning. It is thought that the threat actors behind this Hive attack may come from Conti as that organization continues being disbanded and moved to smaller entities.
From SecurityWeek.com:
Cybercriminals say they have breached the systems of the Foxconn factory in Mexico, using the LockBit 2.0 ransomware. They are threatening to leak stolen files if the company doesn’t pay up. It is unclear if the attack has impacted the company’s OT systems. You may recall, the US systems of Foxconn were hit about a year and a half ago with the DopplePaymer ransomware.
From MarketWatch.com:
Speaking of ransomware, Hanesbrands said it was the subject of a ransomware attack on May 24 and activated business continuity and incident response plans to contain it. The company says they are in the early stages of their investigation and have not determined the full impact of the attack.
From BleepingComputer.com:
Phishing campaigns attributed to an APT called SideWinder involved a fake VPN app for Android devices published on Google Play Store. They even have a custom tool that filters victims for better targeting. SideWinder has been active since at least 2012, and is believed to be of Indian origin with a relatively high level of sophistication. They have been attributed with close to 1,000 attacks in the past two years. Details in the article.
And last today, from SecurityWeek.com
Korenix JetPort industrial serial device servers have a backdoor account that can take full control of the device. This was found back in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. They say it is needed for customer support. The password for the account is in the firmware, so is the same for every device and cannot be changed by the customer. But don’t worry, the manufacturer says the password can't be cracked in a reasonable...
View all episodes
By Paul TorgersenA daily look at the relevant information security news from overnight - 01 June, 2022
Episode 235 - 01 June 2022
Costa Rica Hive- https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/
Foxconn Locked -
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Wait ‘till I get my Hanes on you - https://www.marketwatch.com/story/hanesbrands-says-it-suffered-a-ransomware-attack-on-may-24-and-has-informed-law-enforcement-2022-05-31
Sidewinder VPN -
https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/
JetPort backdoor -
https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms
Hi, I’m Paul Torgersen. It’s Tuesday June 1st, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
Costa Rica, after declaring a national emergency because of ransomware attacks from the Conti group, has now been hit with a Hive ransomware attack. All computer systems of Costa Rica's public health service are now offline after every printer in the system started printing early this morning. It is thought that the threat actors behind this Hive attack may come from Conti as that organization continues being disbanded and moved to smaller entities.
From SecurityWeek.com:
Cybercriminals say they have breached the systems of the Foxconn factory in Mexico, using the LockBit 2.0 ransomware. They are threatening to leak stolen files if the company doesn’t pay up. It is unclear if the attack has impacted the company’s OT systems. You may recall, the US systems of Foxconn were hit about a year and a half ago with the DopplePaymer ransomware.
From MarketWatch.com:
Speaking of ransomware, Hanesbrands said it was the subject of a ransomware attack on May 24 and activated business continuity and incident response plans to contain it. The company says they are in the early stages of their investigation and have not determined the full impact of the attack.
From BleepingComputer.com:
Phishing campaigns attributed to an APT called SideWinder involved a fake VPN app for Android devices published on Google Play Store. They even have a custom tool that filters victims for better targeting. SideWinder has been active since at least 2012, and is believed to be of Indian origin with a relatively high level of sophistication. They have been attributed with close to 1,000 attacks in the past two years. Details in the article.
And last today, from SecurityWeek.com
Korenix JetPort industrial serial device servers have a backdoor account that can take full control of the device. This was found back in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. They say it is needed for customer support. The password for the account is in the firmware, so is the same for every device and cannot be changed by the customer. But don’t worry, the manufacturer says the password can't be cracked in a reasonable...
Episode 235 - 01 June 2022
Costa Rica Hive- https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/
Foxconn Locked -
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory
Wait ‘till I get my Hanes on you - https://www.marketwatch.com/story/hanesbrands-says-it-suffered-a-ransomware-attack-on-may-24-and-has-informed-law-enforcement-2022-05-31
Sidewinder VPN -
https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/
JetPort backdoor -
https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms
Hi, I’m Paul Torgersen. It’s Tuesday June 1st, 2022, and this is a look at the information security news from overnight.
From BleepingComputer.com
Costa Rica, after declaring a national emergency because of ransomware attacks from the Conti group, has now been hit with a Hive ransomware attack. All computer systems of Costa Rica's public health service are now offline after every printer in the system started printing early this morning. It is thought that the threat actors behind this Hive attack may come from Conti as that organization continues being disbanded and moved to smaller entities.
From SecurityWeek.com:
Cybercriminals say they have breached the systems of the Foxconn factory in Mexico, using the LockBit 2.0 ransomware. They are threatening to leak stolen files if the company doesn’t pay up. It is unclear if the attack has impacted the company’s OT systems. You may recall, the US systems of Foxconn were hit about a year and a half ago with the DopplePaymer ransomware.
From MarketWatch.com:
Speaking of ransomware, Hanesbrands said it was the subject of a ransomware attack on May 24 and activated business continuity and incident response plans to contain it. The company says they are in the early stages of their investigation and have not determined the full impact of the attack.
From BleepingComputer.com:
Phishing campaigns attributed to an APT called SideWinder involved a fake VPN app for Android devices published on Google Play Store. They even have a custom tool that filters victims for better targeting. SideWinder has been active since at least 2012, and is believed to be of Indian origin with a relatively high level of sophistication. They have been attributed with close to 1,000 attacks in the past two years. Details in the article.
And last today, from SecurityWeek.com
Korenix JetPort industrial serial device servers have a backdoor account that can take full control of the device. This was found back in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. They say it is needed for customer support. The password for the account is in the firmware, so is the same for every device and cannot be changed by the customer. But don’t worry, the manufacturer says the password can't be cracked in a reasonable...