Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Network Security. Show all posts
Threat Detection
Compliance Cyber Security Cybersecurity Data Breach Network Security OT security Ransomware Threat Detection

Cybersecurity Threats Are Evolving: Seven Key OT Security Challenges

 

Cyberattacks are advancing rapidly, threatening businesses with QR code scams, deepfake fraud, malware, and evolving ransomware. However, strengthening cybersecurity measures can mitigate risks. Addressing these seven key OT security challenges is essential.

Insurance broker Howden reports that U.K. businesses lost $55 billion to cyberattacks in five years. Basic security measures could save $4.4 million over a decade, delivering a 25% ROI.

Experts at IDS-INDATA warn that outdated OT systems are prime hacker entry points, with 60% of breaches stemming from unpatched systems. Research across industries identifies seven major OT security challenges.

Seven Critical OT Security Challenges

1. Ransomware & AI-Driven Attacks
Ransomware-as-a-Service and AI-powered malware are escalating threats. “The speed at which attack methods evolve makes waiting to update your defences risky,” says Ryan Cooke, CISO at IDS-INDATA. Regular updates and advanced threat detection systems are vital.

2. Outdated Systems & Patch Gaps
Many industrial networks rely on legacy systems. “We know OT is a different environment from IT,” Cooke explains. Where patches aren’t feasible, alternative mitigation is necessary. Regular audits help address vulnerabilities.

3. Lack of OT Device Visibility
Limited visibility makes networks vulnerable. “Without visibility over your connected OT devices, it’s impossible to secure them,” says Cooke. Asset discovery tools help monitor unauthorized access.

4. Growing IoT Complexity
IoT expansion increases security risks. “As more IoT and smart devices are integrated into industrial networks, the complexity of securing them grows exponentially,” Cooke warns. Prioritizing high-risk devices is essential.

5. Financial & Operational Risks
Breaches can cause financial losses, production shutdowns, and life-threatening risks. “A breach in OT environments can cause financial loss, shut down entire production lines, or, in extreme cases, endanger lives,” Cooke states. A strong incident response plan is crucial.

6. Compliance with Evolving Regulations
Non-compliance with OT security regulations leads to financial penalties. Regular audits ensure adherence and minimize risks.

7. Human Error & Awareness Gaps
Misconfigured security settings remain a major vulnerability. “Investing in cybersecurity awareness training for your OT teams is critical,” Cooke advises. Security training and monitoring help prevent insider threats.

“Proactively addressing these points will help significantly reduce the risk of compromise, protect critical infrastructure, ensure compliance, and safeguard against potentially severe disruptions,” Cooke concluded. 

Moreover, cyberattacks will persist regardless, but proactively addressing these challenges significantly improves the chances of defending against them.
Read more »
Vo1d Botnet
Advertising Scams Android TV IoT malware Network Security Vo1d Botnet

Android TV Users Watch Out: Dangerous Vo1d Botnet Hits 1.6 Million Devices

Android TV Users Watch Out: Dangerous Vo1d Botnet Hits 1.6 Million Devices

Hackers are upping their game, getting better through attacks and strategies. The latest incident of this rise is the disturbing spread of the Vo1d malware botnet. Vo1d is a highly sophisticated malware and infected around 1,590,299 Android TV devices throughout 226 countries, changing them into “anonymous proxy servers" for malicious activities. 

Why is Vo1d malware so dangerous?

Vo1d is considered dangerous because of its persistence and potential to expand despite earlier discoveries by cybersecurity experts.

Research by Xlab suggests Void had 800,000 active bots, “Peaking at 1,590,299 on January 14, 2025.” Experts believe the botnet is being rented to hacking groups for various illegal activities, from escaping regional internet restrictions to ad frauds. 

Vo1d’s campaign trend suggests that the devices are leased out and then returned, causing a sharp rise and fall in the number of active bots in particular regions. The highest impact has been noticed in South Africa, Argentina, Brazil, China, and Thailand.

About Vo1d Malware 

Vo1d is not your average Joe, it is one of the most advanced and biggest malware in recent years, outperforming deadly botnets such as Bigpanzi and Mirai. Its Command and Control (C2) framework uses 2048-bit RSA encryption and Domain Generation Algorithms, making it indestructible. Vo1d uses 32 DGA seeds to create over 21,000 C2 domains, making it operational despite attempts to close its network.

It transforms infected devices into proxy servers, allowing threat actors to reroute malicious traffic via infected devices, hiding their source location and escaping detection. 

The proxies are then used for various illegal activities such as:
  1. Illegal Transactions
  2. Security evasion 
  3. Advertising Frauds

What makes Vo1d even more dangerous is its evolving nature

V01d is considered a severe threat due to its “evolving nature”. According to Forbes, the “latest version includes enhanced stealth capabilities and custom XXTEA encryption, further complicating detection and removal efforts.” In case researchers can register a C2 domain, they “can’t issue commands to disable the botnet due to the strong encryption measures in place."

The malware also uses special plugins like Mzmess SDK, used for ad-clicking scams. The SDK allows the botnet to mimic “human-like” interface, scamming advertising networks into payments. Vo1d can also harvest system data such as IPs, device specs, and network info from compromised devices. This can trigger further attacks. 

Evolution of Vo1d malware

Another important highlight about Vo1d’s expansion is its attack strategy. Although the experts don't know the infection vector, they believe the malware distributes via harmful firmware updates, Android TV system vulnerabilities, or sideloaded apps. Experts also suspect that illegal streaming services and infected third-party app stores may contribute to spreading the malware.

Tips to Stay Safe

IoT and Android TV users should follow these precautions to lower the chances of attacks:
  1. Update update update! Hackers exploit vulnerabilities in outdated software. 
  2. Buy IoT devices and Android TV from authorised manufacturers. Avoid third party sellers. 
  3. Disable “remote access” (if enabled) on your Android TV and IoT device, unless absolutely needed. 
  4. Only install apps from Google Play Store. Avoid installing apps from third-party.
  5. Disconnect inactive devices from the internet, if not in use.
  6. Use a network monitoring tool to identify malicious internet traffic patterns and find out about a compromised device.

Users should be more careful

Xlab warns about the dangers of Vo1d malware, “Many users harbor misconceptions about the security of TV boxes, deeming them safer than smartphones and thus rarely installing protective software.” 

Higlighting the dangers of using modded apps and software, Xlab says the “widespread practice of downloading cracked apps, third-party software, or flashing unofficial firmware—often to access free media—greatly increases device exposure, creating fertile ground for malware proliferation.”
Read more »
Network Security
Backdoor China Contec Data Breach Healthcare Network Security

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Experts Find Hidden Backdoors Inside Chinese Software Stealing Patient Data

Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals. 

CIS finds hidden backdoor in Chinese software

Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description. 

The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users. 

Details about three flaws

The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnerabilities “filed under CVE-2024- 12248, which indicates that it could allow an attacker to write data remotely to execute a code” and “CVE-2025-0683, which relates to privacy vulnerability.”

Impact of vulnerabilities

The three cybersecurity flaws can allow threat actors to dodge cybersecurity checks, get access, and also manipulate the device, the FDA says, not being “aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time."

FDA said that Contec Medical Systems is a device manufacturer in China, its products are used in the healthcare industry- clinics, hospitals, etc., in the US and European Union. However, experts found that these can also be bought from eBay for $599. 

About Contec

These devices are also rebranded as Epsimed MN-120, the FDA believes. Contec products are FDA-approved and sold in more than 130 countries. As part of its vulnerability disclosure process, the CISA research team discovered uncovered this flaw. 

The agency has also mentioned that the IP address is not linked with any medical device manufacturer, “Still, it is a third-party university, though it doesn't mention the university, the IP address, or the country it is sending data to,” reports Tom Hardware. 

The CISA has also assessed that the coding was meant to be a substitute update system because it doesn’t include standard update techniques like doing integrity checks or tracking updated versions. Instead, it offers a remote file sent to the IP address. To solve this, the FDA suggests removing the monitoring device from its network and tracking the patient’s physical condition and vital stats.

Read more »
Proxy Service
Cyber Security DDoS DDOS Attacks Free VPN IP Address Network Security Privacy Risks Proxy Service

Free VPN Big Mama Raises Security Concerns Amid Cybercrime Links

 

Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while also enabling users to sell access to their home internet connections. This service is marketed as a residential proxy, allowing buyers to use real IP addresses for activities ranging from ad verification to scraping pricing data. However, cybersecurity experts warn of significant risks tied to this dual functionality. 

Teenagers have recently gained attention for using Big Mama VPN to cheat in the virtual reality game Gorilla Tag. By side-loading the app onto Meta’s Oculus headsets, players exploit location delays to gain an unfair advantage. While this usage might seem relatively harmless, the real issue lies in how Big Mama’s residential proxy network operates. Researchers have linked the app to cybercrime forums where it is heavily promoted for use in activities such as distributed denial-of-service (DDoS) attacks, phishing campaigns, and botnets. Cybersecurity firm Trend Micro discovered that Meta VR headsets are among the most popular devices using Big Mama VPN, alongside Samsung and Xiaomi devices. 

They also identified a vulnerability in the VPN’s system, which could have allowed proxy users to access local networks. Big Mama reportedly addressed and fixed this flaw within a week of it being flagged. However, the larger problem persists: using Big Mama exposes users to significant privacy risks. When users download the VPN, they implicitly consent to having their internet connection routed for other users. This is outlined in the app’s terms and conditions, but many users fail to fully understand the implications. Through its proxy marketplace, Big Mama sells access to tens of thousands of IP addresses worldwide, accepting payments exclusively in cryptocurrency. 

Cybersecurity researchers at firms like Orange Cyberdefense and Kela have linked this marketplace to illicit activities, with over 1,000 posts about Big Mama appearing on cybercrime forums. Big Mama’s ambiguous ownership further complicates matters. While the company is registered in Romania, it previously listed an address in Wyoming. Its representative, using the alias Alex A, claims the company does not advertise on forums and logs user activity to cooperate with law enforcement. Despite these assurances, the app has been repeatedly flagged for its potential role in cyberattacks, including an incident reported by Cisco Talos. 

Free VPNs like Big Mama often come with hidden costs, sacrificing user privacy and security for financial viability. By selling access to residential proxies, Big Mama has opened doors for cybercriminals to exploit unsuspecting users’ internet connections. This serves as a cautionary tale about the dangers of free services in the digital age. Users are advised to exercise extreme caution when downloading apps, especially from unofficial sources, and to consider the potential trade-offs involved in using free VPN services.
Read more »
Payload
Cyber Security Firewalls Internet internet access Internet Service Providers Network Security Online Traffic Payload

Deep Packet Inspection (DPI): Balancing Security and Privacy in the Digital Age

 

Deep Packet Inspection (DPI) is an advanced technology for analyzing internet traffic that goes beyond traditional techniques. Unlike standard firewalls that examine only the headers of data packets, DPI scrutinizes both headers and payloads, providing a comprehensive view of the transmitted information. While widely used for legitimate purposes such as enhancing network security and efficiency, DPI raises significant concerns about privacy and surveillance, particularly for VPN users.

Understanding Data Packets and DPI

At the heart of internet communication are data packets, which consist of two primary components: the header and the payload. The header includes metadata such as the source and destination IP addresses, protocol type, and packet size. The payload contains the actual content being transmitted, such as video streams, emails, or files.

Traditional firewalls rely on stateless packet filtering, which inspects only the header to determine whether to allow or block traffic. DPI, however, examines the payload, enabling administrators to identify the type of data being sent and enforce more sophisticated filtering rules. This capability allows for traffic prioritization, harmful content blocking, and monitoring of sensitive information.

Applications of DPI

DPI is a versatile tool with diverse applications in the modern digital landscape:

  • Cybersecurity: DPI detects and blocks malicious traffic by analyzing packet contents for threats like ransomware or phishing attempts. It prevents these attacks from reaching their targets.
  • Data Leak Prevention: Businesses use DPI to scan outgoing traffic for unauthorized sharing of sensitive information, ensuring compliance with regulations such as GDPR and HIPAA.
  • Content Filtering: DPI dynamically blocks harmful or inappropriate material, making it an essential feature for parental controls and educational environments.

DPI and Network Management

Internet Service Providers (ISPs) leverage DPI for network optimization:

  • Traffic Management: DPI helps manage congestion by prioritizing real-time applications like video calls and streaming over less critical activities such as large file downloads.
  • Bandwidth Allocation: It identifies and throttles illegal file-sharing activities, ensuring fair bandwidth distribution across users.

Privacy Challenges for VPN Users

DPI’s capabilities present challenges for privacy, particularly in regions with strict internet censorship. Advanced DPI systems can detect VPN traffic by identifying unique patterns in packet headers and payloads, enabling ISPs and governments to block or throttle VPN connections. This undermines online privacy and access to unrestricted content.

Countermeasures and Obfuscation Techniques

To combat DPI, many VPNs employ obfuscation techniques, including:

  • Traffic Disguising: VPN traffic is masked to resemble regular encrypted web traffic.
  • Random Data Insertion: Adding random data packets disrupts identifiable patterns, making detection harder.

While these methods may reduce connection speeds, they are crucial for maintaining access to a free and open internet in restrictive environments.

Striking a Balance

DPI is undeniably a powerful tool with significant benefits for network security and management. However, its potential for misuse raises concerns about privacy and freedom. For those concerned about online surveillance, understanding how DPI works and using VPNs with advanced obfuscation features are critical steps in safeguarding digital privacy.

Read more »
Password Security
Acunetix vulnerability administrative privileges Cyber Security device takeover risk IoT device vulnerability Network Security Password Security

Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access

 

A recent security vulnerability identified as CVE-2024-47295 poses a serious risk for several SEIKO EPSON devices, potentially granting attackers administrative control. This vulnerability stems from a weak initial password setup within SEIKO EPSON’s Web Config software, which manages network device settings for products like printers and scanners.

Web Config, a tool for configuring SEIKO EPSON devices via web browsers, lacks an administrative password on affected models when first connected to a network without prior configuration. This absence of a password allows any network user to establish a new password, gaining full access to the device.

The vulnerability report notes, “If the administrator password on the affected device is left blank, anyone accessing it through Web Config can set a new password.” An attacker with administrative rights could manipulate device settings, interrupt operations, or use the device to infiltrate broader network systems.

Currently, there is no available patch to fix this vulnerability. SEIKO EPSON urges users to set an administrative password immediately upon installation and network connection. The company’s Security Guidebook stresses this step in section 3, advising users to configure Web Config settings and secure the device with a strong password to block unauthorized access and mitigate the risk of this exploit.

SEIKO EPSON also advises caution with all networked devices. Unsecured IoT devices are frequently targeted by cybercriminals, and the CVE-2024-47295 vulnerability has received a CVSS score of 8.1, highlighting its high-risk level. Best practices to reduce risk include:

  • Using Strong, Unique Passwords: Set complex passwords during initial setup and avoid defaults.
  • Restricting Network Access: Limit access to trusted users and networks only.
  • Monitoring Device and Network Activity: Regularly review configurations and monitor network traffic for unusual activity.
With these steps, users can enhance device security and safeguard against potential threats.
Read more »
TRAI
Airtel Cyber Security Jio Mobile Network Network Security OTP SMS Telecommunication TRAI

India’s New SMS Traceability Rules to Combat Fraud Begin November 1, 2024

 

Beginning November 1, 2024, Indian telecom providers Airtel, Jio, and Vi will follow a new set of SMS traceability and monitoring guidelines mandated by the Telecom Regulatory Authority of India (TRAI). Aimed at combating cybercrime, these measures seek to enhance security by allowing users to block suspicious calls and messages effectively. By tracing SMS sources more accurately, telecom operators can swiftly identify and block fraudulent messages, improving the fight against scams and phishing attempts. 

Additionally, organizations sending promotional SMS, such as banks and e-commerce companies, must adhere to TRAI’s telemarketing standards, or risk their messages being blocked. This initiative aims to create a safer SMS ecosystem, giving users a clearer means to distinguish legitimate messages from scams. Yet, the vast volume of commercial messages sent in India—between 1.5 and 1.7 billion daily—makes it challenging to implement such a system seamlessly. With high-volume traffic, the infrastructure for monitoring requires robust capabilities to ensure message traceability without slowing down service for time-sensitive messages, especially for critical banking and transaction-related OTPs. Another layer of concern involves potential delays in urgent messages. 

These requirements could slow the delivery of essential communications, such as OTPs used in online banking. Telecoms are working to prevent this issue, as delays in these transactional messages could interrupt online financial processes. Balancing security and timely delivery is essential for TRAI and telecom providers, particularly for consumers who rely on timely OTPs and other immediate notifications. The Cellular Operators Association of India (COAI), which represents key telecom companies like Airtel, Jio, and Vodafone-Idea, has requested a two-month delay to facilitate a smoother transition. This extension would allow telecom operators additional time to set up necessary infrastructure and conduct thorough testing to avoid unintentional service disruptions. 

While TRAI maintains its commitment to the November deadline, telecom companies argue that extra preparation time could ensure reliable service delivery and a smoother rollout. Telecom providers have committed to ensuring user security remains intact while providing efficient service. TRAI’s objective is to foster a more secure digital communication environment where consumers feel protected against fraud and unauthorized data use. However, the effectiveness of these changes depends heavily on the ability of telecom companies to meet these new standards without compromising service quality. 

TRAI’s new SMS traceability requirements represent a meaningful step forward in enhancing consumer protection against digital scams. Despite logistical challenges, this initiative could make India’s messaging landscape safer, allowing consumers greater peace of mind. The success of this system depends on how effectively telecom providers can balance secure traceability with minimal disruption to essential services, paving the way for a digital space that prioritizes both security and efficiency.
Read more »
Router vulnerability
Cyber Security DDOS Vulnerability DrayTek routers firmware Forescout Research Labs Network Security Router vulnerability

DrayTek Patches 14 Vulnerabilities, Including Critical Buffer Overflow Flaws

 

DrayTek recently patched 14 vulnerabilities in 24 router models, including a critical buffer overflow flaw that could allow remote code execution (RCE) or denial of service (DoS). The vulnerabilities, identified by Forescout Research’s Vedere Labs and described in their “DRAY:BREAK” report, include two critical flaws, nine high-severity flaws, and three medium-severity issues. 

The most severe flaw, CVE-2024-41492, involves the “GetCGI()” function in the web user interface, allowing attackers to exploit query string parameters and execute RCE or DoS attacks. Another critical flaw, CVE-2024-41585, involves OS command injection via the “recvCmd” binary, which could lead to a virtual machine escape. Forescout’s analysis of exposed DrayTek devices revealed more than 700,000 connected devices vulnerable to similar flaws. Of these, nearly 38% remain susceptible to exploitation due to outdated firmware or years-old vulnerabilities. 

Notably, less than 3% of exposed devices have installed the latest firmware, with many still using version 3.8.9.2, which is over six years old. Furthermore, a significant portion of these devices, often used in business sectors such as healthcare and manufacturing, are vulnerable as they haven’t been updated to the latest firmware despite vendor recommendations. To mitigate the risk, organizations using DrayTek routers should immediately patch their devices with the latest firmware updates. Disabling remote access, enabling two-factor authentication, and implementing Access Control Lists (ACLs) are also vital measures to secure the devices. 

Furthermore, continuous monitoring using syslog logging for any unusual activity can help detect and mitigate potential threats. Forescout’s report emphasizes that outdated routers pose a serious threat, with about 63% of the exposed devices being end-of-sale or end-of-life (EoL) models. Such outdated devices are a prime target for attackers, as demonstrated by the addition of older DrayTek vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities catalog. 

Although no evidence currently exists of exploitation of these newly discovered vulnerabilities, the risk remains high, especially given the long-standing pattern of recurring flaws in DrayTek devices. The security of DrayTek routers hinges on timely updates and robust security measures. The newly patched vulnerabilities, while not yet exploited, demonstrate the importance of ongoing vigilance and proactive cybersecurity measures, especially in industries reliant on these devices for network access.
Read more »
Subscribe to: Posts (Atom)