2009 and Accountability - Cyber Security Informer

China Says U.S. Hacking Huawei Since 2009

SecureWorld News

SEPTEMBER 28, 2023

National Security Agency (NSA) of infiltrating Huawei servers since as early as 2009. These allegations, which were made via China's official WeChat account , claim that the Tailored Access Operations (TAO) unit of the NSA conducted cyberattacks in 2009 and maintained continuous surveillance on Huawei's servers.

Hacking

Hacking Artificial Intelligence Telecommunications Cyber Attacks

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

JULY 8, 2024

Threat actors rely on password compilations like the RockYou2024 to carry out credential stuffing attacks and compromise users’ accounts. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” CyberNews researchers explained. RockYou2021 had 8.4 RockYou2021 had 8.4

Passwords

Passwords Data breaches Hacking Accountability

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

Malwarebytes

MAY 17, 2022

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Linked accounts. Linked accounts were invented to make logging in easier. You can use one account to log in to other apps, sites and services. Sandboxed CAPTCHA.

Accountability

Accountability Passwords

Hackers Expose Russian FSB Cyberattack Projects

Schneier on Security

JULY 22, 2019

More nation-state activity in cyberspace, this time from Russia : Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum.

Media

Media Internet Internet Accountability

Breach reporting required for health apps and devices, FTC says

CSO Magazine

SEPTEMBER 23, 2021

The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and connected devices to comply with the “ Health Breach Notification Rule (August 2009).” To read this article in full, please click here

Insurance

Insurance Accountability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

According to cyber intelligence firm Intel 471 , Megatraffer has been active on more than a half-dozen crime forums from September 2009 to the present day. That same email address also is tied to two forum accounts for a user with the handle “ O.R.Z.” user account — this one on Verified[.]ru account on Carder[.]su

Malware

Malware Cybercrime Software Accountability

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. I wrote about this exact attack in 2005 and 2009. This isn't new.

Authentication

Authentication Passwords Phishing Government

Network Solutions data breach – hacker accessed data of more 22 Million accounts

Security Affairs

OCTOBER 30, 2019

Network Solutions, one of the world’s biggest domain registrars, disclosed a data breach that impacted 22 million accounts. Network Solutions , one of the world’s biggest domain registrars, disclosed a data breach that may have impacted 22 million accounts, no financial data was exposed. ” continues the notice.

Data breaches

Data breaches Accountability Advertising Encryption

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

Cyber intelligence firm Intel 471 reports that obelisk57@gmail.com was used to register an account on the forum Blacksoftware under the nickname “ Kerens.” Those records indicate the user Kerens registered on Verified in March 2009 from an Internet address in Novosibirsk, a city in the southern Siberian region of Russia.

Malware

Malware Antivirus Cybercrime Hacking

Employee Password Security in the Healthcare Sector

Security Boulevard

AUGUST 30, 2021

According to the Health Insurance Portability and Accountability Act (HIPAA) Journal, over the past eleven years (2009-2020) there have been more than 3,705 healthcare data breaches impacting more than 268 million medical records. The healthcare industry sector is increasingly the target of cybercriminals.

Healthcare

Healthcare Passwords Insurance Data breaches

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

There is a now-dormant Myspace account for a Matthew Philbert from Orleans, a suburb of Ottawa, Ontario. The information tied to the Myspace account matches the age and town of the defendant. The Myspace account was registered under the nickname “ Darkcloudowner ,” and to the email address dark_cl0ud6@hotmail.com.

Cybercrime

Cybercrime Ransomware Accountability Advertising

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

NOVEMBER 15, 2022

Once inside a victim company’s bank accounts, the crooks would modify the firm’s payroll to add dozens of “ money mules ,” people recruited through work-at-home schemes to handle bank transfers. Your payroll accounts have been hacked, and you’re about to lose a great deal of money. tank: [link].

Banking

Banking Small Business Accountability Cybercrime

Can You Recognize This Guy?

Security Boulevard

SEPTEMBER 26, 2023

Dear blog readers, There was a speculation approximately a decade ago that I went missing. Can you recognize this guy in the picture? Now here comes the surprise.

Accountability

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Cybercrime

Cybercrime Banking Malware Hacking

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. The number represents a significant portion of the world's online user base, raising concerns about the security of countless online accounts across various platforms.

Passwords

Passwords Password Management Education Accountability

International Embassies Web Malware Exploitation Serving Domain Properties

Security Boulevard

SEPTEMBER 16, 2024

Folks, Do you remember the international embassies web malware exploitation spree using client-side exploits that took place back in 2009 with the Russian Business Network the hosting provider of choice for these campaigns? Sample domains known to have been operated by the same individuals behind these campaigns include: hxxp://beert54[.]xyz

Malware

Malware Accountability

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. The latest version is dedicated to mining and has started using more unpredictable information like transaction information of bitcoin accounts as input to DGA, making detection more difficult.

Accountability

Accountability Cryptocurrency Malware Hacking

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

bank accounts. Multiple accounts are registered to that email address under the name Alexander Valerievich Grichishkin , from Cherepovets. But the Rescator story was a reminder that 10 years worth of research on who Ika/Icamis is in real life had been completely set aside. This post is an attempt to remedy that omission.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Dashlane 2024

eSecurity Planet

JANUARY 29, 2024

The company was founded in 2009, and the first software edition was released in 2012. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane. Your employees will love the unique bonus features Dashlane offers as well.

Password Management

Password Management Passwords Authentication Accountability

FBI seized other domains used by the shadow eBook library Z-Library

Security Affairs

MAY 6, 2023

The library has been active since 2009, it offers e-book files in a variety of file formats, stripped of their copyright protections. The list of the domains seized by the authorities includes singlelogin.me, which is used to register new accounts for the service. The library is still reachable through TOR and I2P networks.

Accountability

Accountability Hacking Cybersecurity Cybercrime

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Malware

Malware Cybercrime Banking Hacking

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. 5.38??????????????

Accountability

Accountability Passwords Advertising Internet

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015. Stassi conducted several administrative tasks for the group, such as registering webhosting and financial accounts using stolen and/or false personal information.

System Administration

System Administration Malware Accountability Marketing

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Identity Theft

Identity Theft Scams Advertising Risk

ENISA provides data related to major telecom security incidents in 2021

Security Affairs

JULY 28, 2022

The reporting of security incidents has been part of the EU’s regulatory framework for telecoms since the 2009 reform of the telecoms package. System failures accounted for 363 million user hours lost compared to 419 million user hours in 2020. The number of incidents labeled as malicious actions passed from 4% in 2020 to 8% in 2021.

Authentication

Authentication Hacking Accountability Information Security

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail. The Cybernews research team has discovered a data leak on La Malle Postale’s system that exposed the personal data of their clients. One of them is identity theft.

Passwords

Passwords Identity Theft Scams Social Engineering

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts. Enable two-factor authentication (2FA) on all of your online accounts.

Passwords

Passwords Data breaches Accountability Password Management

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

From 2009 to the present, Aqua’s primary role in the conspiracy was recruiting and managing a continuous supply of unwitting or complicit accomplices to help Evil Corp. ” Only, in every case the company mentioned as the “client” was in fact a small business whose payroll accounts they’d already hacked into.

Cybercrime

Cybercrime Banking Small Business Accountability

Hacking Linux is Easy with PwnKit

eSecurity Planet

JUNE 30, 2022

Qualys researchers found that the flaw has existed for 13 years, since pkexec’s first release in May 2009. The only inconvenience is that it requires initial access, which can be achieved by exploiting another vulnerability first, but hackers can use the least privileged accounts like the nobody user to root the machine.

Hacking

Hacking Accountability Software Cybersecurity

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

He has been in charge of XZ Utils since he wrote it in 2009. We don’t know by whom, but we have account names: Jia Tan, Jigar Kumar, Dennis Ens. And, at least in 2022, he’s had some “ longterm mental health issues. ” (To be clear, he is not to blame in this story. This is a systems problem.) They’re not real names.

Software

Software Engineering Internet Internet

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

Russian security firm Kaspersky Lab estimated that by the time the program ceased operations, GandCrab accounted for up to half of the global ransomware market. That email address and nickname had been used since 2009 to register multiple identities on more than a half dozen cybercrime forums. of GandCrab. HEAVY METALL.

Ransomware

Ransomware Accountability Cybercrime Passwords

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

But by all accounts, few attacks from those gangs have come close to the amount of firepower wielded by a pro-Russia group calling itself “ NoName057(16).” “And then they just keep coming back and opening new cloud accounts.” An ad for war.md, circa 2009. Neculiti was the owner of war[.]md

DDOS

DDOS Internet Internet Government

Dashlane Review 2021: Pricing & Features

eSecurity Planet

JULY 8, 2021

The company was founded in 2009, and the first software edition was released in 2012. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane. Your employees will love the unique bonus features Dashlane offers as well.

Password Management

Password Management Passwords Authentication Accountability

Google Public DNS’s approach to fight against cache poisoning attacks

Google Security

MARCH 28, 2024

Cache poisoning mitigations in Google Public DNS Improving DNS security has been a goal of Google Public DNS since our launch in 2009. Measurements indicate that the DNS Cookies do not provide sufficient coverage, even though around 40% of nameservers by IP support DNS Cookies, these account for less than 10% of overall query volume.

DNS

DNS Internet Internet Encryption

AI and the SEC Whistleblower Program

Schneier on Security

OCTOBER 21, 2024

In 2009, after Bernie Madoff’s $65 billion Ponzi scheme was exposed, Congress authorized the SEC to award bounties from civil penalties recovered from securities law violators. Securities and Exchange Commission (SEC) is engaged in a modern-day version of tax farming. It worked in a big way.

Artificial Intelligence

Artificial Intelligence Marketing Data Analyst Government

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. APT group has been active at least since 2013, it leverages PDF zero-day exploits to drop malware on the target systems and Twitter accounts to pass C2 URLs. Attackers used C2 servers on cloud storage at mydrive.

Malware

Malware Advertising Accountability Phishing

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

In defining similarities, we take into account only unique code connections, and disregard common code or libraries. For example, the “Common SMB module” that was part of the WannaCry Ransomware (2017) was similar to the code used the malware Mydoom (2009), Joanap , and DeltaAlfa. ” states the report.

Malware

Malware Hacking Advertising Accountability

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

Prosecutors in Northern California indicted Kislitsin in 2014 for his alleged role in stealing account data from Formspring. A 2009 census found that Russians make up about 24 percent of the population of Kazakhstan. “If that happens, Kazakhstan may have to make some very unpleasant decisions.”

Cybersecurity

Cybersecurity Cybercrime Hacking Technology

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. According to the Treasury and DOJ, Tian and Li received funds from North Korea-controlled accounts in at least two cases.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

One was Alan Ralsky , an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams. The government acknowledged that it was difficult to come to an accurate accounting of how much Levashov’s various botnets cost companies and consumers.

Antivirus

Antivirus Cybercrime Identity Theft Scams

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

Next, the attackers logged in to the web interface using a privileged root account. It’s unknown how the attackers were able to obtain the credentials for that account, but it’s possible the credentials were saved in one of the infected system’s browser password managers.” ” reads the report published by the experts.

Malware

Malware Cryptocurrency Password Management Encryption

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Cybercrime

Cybercrime Banking Identity Theft Hacking

Experts discovered a Kernel Level Privilege Escalation in Oracle Solaris

Security Affairs

JULY 26, 2018

.” The experts discovered that the flaw was first discovered in 2007 and it was publicly disclosed in 2009 during the CanSecWest security conference. “The original issue was disclosed on stage at CanSec 2009 ( [link] ).” ” reads the analysis published by Trustwave. ” continues Trustwave.

Advertising

Advertising Architecture Authentication Accountability

China Says U.S. Hacking Huawei Since 2009

RockYou2024 compilation containing 10 billion passwords was leaked online

Trending Sources

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

Hackers Expose Russian FSB Cyberattack Projects

Breach reporting required for health apps and devices, FTC says

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Real-Time Attacks Against Two-Factor Authentication

Network Solutions data breach – hacker accessed data of more 22 Million accounts

Why Malware Crypting Services Deserve More Scrutiny

Employee Password Security in the Healthcare Sector

Canada Charges Its “Most Prolific Cybercriminal”

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Can You Recognize This Guy?

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

International Embassies Web Malware Exploitation Serving Domain Properties

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Dashlane 2024

FBI seized other domains used by the shadow eBook library Z-Library

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

538 Million Weibo users’ records being sold on Dark Web

Administrators of bulletproof hosting sentenced to prison in the US

Experts found 20 Million tax records for Russian citizens exposed online

ENISA provides data related to major telecom security incidents in 2021

Personal info of 90k hikers leaked by French tourism company La Malle Postale

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Hacking Linux is Easy with PwnKit

Backdoor in XZ Utils That Almost Happened

Who’s Behind the GandCrab Ransomware?

Stark Industries Solutions: An Iron Hammer in the Cloud

Dashlane Review 2021: Pricing & Features

Google Public DNS’s approach to fight against cache poisoning attacks

AI and the SEC Whistleblower Program

Mysterious DarkUniverse APT remained undetected for 8 years

The analysis of the code reuse revealed many links between North Korea malware

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Spam Kingpin Peter Levashov Gets Time Served

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Experts discovered a Kernel Level Privilege Escalation in Oracle Solaris

Stay Connected