Tag Archives: Moxa

10Fold- Security Never Sleeps- 154

Dridex gang uses unpatched Microsoft Word exploit to target millions

“Attacks beginning in January”

The group associated with the Dridex trojan software has begun using an unpatched Microsoft Word vulnerability that allows it to potentially affect millions of users. The capability of harm was revealed Friday by McAfee antivirus researchers, and security researchers firm FireEye have confirmed more instances of issues over the past several weeks as well.

US dismantles Kelihos botnet after Russian hacker’s arrest

“Unrelated to potential tampering in U.S. election”

The recent arrest of a Russian cybercriminal in Spain has led to the destruction of a large scale botnet. Kelihos, a botnet that is directly responsible for the remote control and ‘enslavement’ of hundreds of thousands of IoT devices, has been used to distribute malware globally in the past. On Monday the U.S. Justice Department released a statement claiming it had taken actions to officially dismantle the project.

Hackers Steal Customer Card Data From GameStop

“Popular gaming retailer apparently breached”

GameStop, a popular retailer among the gaming community, allegedly has been compromised with the possibility of customer payment card information stolen. Included are the name, address, and verification numbers of credit cards.

Cisco Finds Many Flaws in Moxa Industrial Aps

“More than a dozen issues identified”

Talos Intelligence, a Cisco research group, has finished a two-week observation of a wireless AP from Moxa, concluding that many vulnerabilities are apparent from their tests. Over a dozen were officially verified, including remote exploitation that would effectively give a cybercriminal full access to operating functions of a device. Moxa has apatched all but on of these vulnerabilities, the details of which will be disclosed after it has been dealt with.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 118

Tesco Acknowledges, Apologizes for Compromise of Over 40,000 Accounts

“Cash stolen from about half of accounts accessed”

One of the biggest hacking events on a bank in United Kingdom history occurred Monday, ending with nearly 40,000 accounts compromised according to Tesco CEO Benny Higgins. “Online criminal activity” was reported by the firm over the weekend, and it was later reported that 15% of its total accounts had shown signs of fraudulent withdrawal. The bank has issued various statements on the refunding of cash thefts to date.

RCE Flaw in Bopup Found

“Enterprise IM manager has significant security breach”

Cybersecurity service firm Trustwave has found a remote code execution flaw in Bopup Communications servers, a buffer overflow that cybercriminals to exploit the application. A packet is able to be sent to a remote administration port and allows for remote execution of commands on the communication sites servers.

Controversial Cybersecurity Law Passes in China

“Watchdog organizations warn of human rights violations”

Greater control over the internet in China has many worried about implications towards businesses and individual rights. While the government added certain amendments to address these concerns, it did little to appease critics. Many corporations have announced that the law will force them out of the country, while Sophie Richardson of Human Rights Watch has declared that the requiring of local storage data is in violation with many international treaties.

Moxa Ethernet Products Found to Have Serious Issues

“Critical and moderate vulnerabilities found”

Several security flaws have been detected in Taiwan based Moxa Industrial Ethernet products, according to an advisory recently distributed by ICS-CERT. The Moxa OnCell LTE cellular gateways, AWK Wireless AP/bridge/client products, TAP railway wireless units, and WAC wireless access controllers have improper authentication and other vulnerabilities.