WindiGo exploits CVE-2018-14847 to access MiktroTik routers.

Technical Analysis of the Winbox Payload in WindiGo

| | Labs, Labs Blogs
WindiGo is a malware that exploits CVE-2018-14847 to gain access to MikroTik routers, which has been used in several campaigns by multiple actors. This blog provides a technical analysis of WindiGo as ...

Nozomi Networks Labs reveals vulnerabilities in Mitsubishi Electric GX Works3 that may lead to the compromise of safety PLCs.

Flaws in GX Works3 Threaten Mitsubishi Electric Safety PLC Security

| | Labs, Labs Blogs
In this blog, we uncover three vulnerabilities that affect Mitsubishi Electric GX Works3, tracked under CVE-2022-29831, CVE-2022-29832, and CVE-2022-29833 (Mitsubishi Electric advisory 2022-015, CISA advisory TODO), and that, in the worst-case scenario, ...
Automating the Discovery of NTLM Authentication Endpoints

Automating the Discovery of NTLM Authentication Endpoints

Recently, I have been working on adding support for automated enumeration and discovery of NTLM authentication endpoints to Chariot, our external attack surface and continuous automated red teaming product scanning pipeline. Our ...
IoT botnets continue to evade detection and analysis tools.

How IoT Botnets Evade Detection and Analysis – Part 2

| | Labs, Labs Blogs
Nozomi Networks Labs analyzed 728 malware samples, collected from our Internet of Things (IoT) honeypots over the course of 15 days, to discover new modification techniques malware authors are using to evade ...
BMC Firmware BLOG

Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1 

| | Labs, Labs Blogs
Over the past year, Nozomi Networks Labs has conducted research on the security of Baseboard Management Controllers (BMCs), with a special focus on OT and IoT devices. In part one of this ...
Mirai malware authors continue to make modifications.

Exploring Modifications in New Mirai Botnet Clones 

| | Labs, Labs Blogs
Nozomi Networks researchers discover modified Mirai malware, making it difficult to detect the original source of their attacks. In this blog, we explore some of the ways that Mirai variants have been ...
Inspector, or: How I Learned to Stop Worrying and Love Testing in Prod

Inspector, or: How I Learned to Stop Worrying and Love Testing in Prod

Overview Recently, I’ve shifted from primarily performing red team engagements to assisting in the development of Chariot, Praetorian’s attack surface management (ASM) and continuous automated red teaming (CART) product offering. Our Praetorian ...
Downgrading Malware to Evade Detection BLOG

Could Threat Actors Be Downgrading Their Malware to Evade Detection?

| | Labs, Labs Blogs
Threat actors are known to modify their malware to evade detection and make additional profits. They do this by changing the file name and IP address, along with other features. This gives ...
Discovering Reporting Vulnerabilities

Nozomi Networks Labs: Discovering and Reporting Vulnerabilities to Increase Security 

| | Labs, Labs Blogs
As cybersecurity practitioners struggle to keep pace with continuous changes to the cyber threat landscape, threat actors continue to refine their Tactics, Techniques, and Procedures (TTPs) when carrying out cyberattacks. This is ...
Siemen Desigo Vulnerabilities BLOG

Nozomi Networks Publishes Vulnerabilities in Siemens Desigo Devices 

| | Labs, Labs Blogs
Last month, the U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint Cybersecurity Advisory “Control System Defense: Know the Opponent,” describing Tactics, Techniques, and Procedures ...