2011 and Hacking - Cyber Security Informer

The Story of the 2011 RSA Hack

Schneier on Security

MAY 27, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Hacking

Hacking Authentication Cybersecurity

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July.

Hacking

Hacking Internet Internet Government

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

The Hacker News

NOVEMBER 20, 2023

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms.

Hacking

Hacking Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. SecurityAffairs – hacking, XDSpy). ” reads the abstract from the talk.

Malware

Malware Advertising Government Phishing

Is Enumerating Resources on a Website "Hacking"?

Troy Hunt

APRIL 19, 2018

In 2011, Patrick Webster identified a weakness in First State Superannuation's web portal which allowed him to access 770k financial records belonging to other customers. Now, to the question posed in the title, is any of this "hacking"? Seeing legal action appear as a result of enumerating through URLs is not unprecedented.

Hacking

Hacking Government Technology Risk

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. AWMproxy, the storefront for renting access to infected PCs, circa 2011. Over the past decade, both Glupteba and AWM Proxy have grown substantially. But on Dec.

Passwords

Passwords Malware Internet Internet

PlayStation Network outage has been going on for over 24 hours

Security Affairs

FEBRUARY 8, 2025

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Sony) The PSN breach exposed the data of millions of users, costing Sony $15 million in settlements and a year of identity theft protection for subscribers.

Identity Theft

Identity Theft Hacking Cyber Attacks Accountability

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Mobile Software Backups Technology

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Hacking

Hacking Government Cybersecurity

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. Pierluigi Paganini.

Hacking

Hacking Data breaches Advertising Education

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Pierluigi Paganini.

Authentication

Authentication Advertising Passwords Software

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Balaban This ransomware was doing the rounds over spam generated by the Gameover ZeuS botnet, which had been originally launched in 2011 as a toolkit for stealing victim’s banking credentials and was repurposed for malware propagation. The big names that pioneered in these targeted attacks are Sodinokibi (aka REvil) and Ryuk.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

The Hacker News

MAY 21, 2021

26, 2011 and Feb. India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug.

Data breaches

Data breaches Hacking Cyber Attacks

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 — two years after responsibility for securing the state’s IT systems was centralized within Parson’s own Office of Administration. Missouri Gov. Mike Parson (R), vowing to prosecute the St. .

Education

Education Technology Hacking Media

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and money laundering. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox ) The post Russians charged with hacking Mt.

Hacking

Hacking Cryptocurrency Advertising Banking

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

Chinese security firm Qihoo 360 revealed that the US CIA has hacked Chinese organizations in various sectors for the last 11 years. Chinese security firm Qihoo 360 is accusing that the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. SecurityAffairs – hacking, CIA).

Hacking

Hacking Advertising Government Engineering

US indicts members of Chinese-backed hacking group APT40

Bleeping Computer

JULY 19, 2021

Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [.].

Hacking

Hacking Government

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. and its allies for hacking activities in July. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, T-Mobile)

Mobile

Mobile Telecommunications Government Internet

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. O’Neill said he opened the investigation into Ngo’s identity theft business after reading about it in a 2011 KrebsOnSecurity story, “ How Much is Your Identity Worth? BEGINNINGS.

Identity Theft

Identity Theft Computers and Electronics Hacking Accountability

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. SecurityAffairs – hacking, Android). The post Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Hacking

Hacking Media Malware Cybersecurity

Sony Hacked Again, Attackers Claim to Have Breached All Systems

SecureWorld News

SEPTEMBER 27, 2023

The hacking group claims to have compromised all of Sony's systems. However, the group has posted some sample data from the hack online, including screenshots of an internal login page, an internal PowerPoint presentation, and several Java files. At the time of this publication, Ransomed.vc has yet to provide any definitive proof.

Hacking

Hacking Data privacy Cybercrime Advertising

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. SecurityAffairs – Mitsubishi Electric, hacking). The post Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack appeared first on Security Affairs.

Antivirus

Antivirus Hacking Advertising Media

Russians charged with hacking Mt. Gox crypto exchange, running BTC-e

Bleeping Computer

JUNE 9, 2023

Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading (at the time) cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. [.]

Hacking

Hacking Cryptocurrency

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

Verified was hacked at least twice in the past five years, and its user database posted online. com back in 2011, and sanjulianhotels[.]com At some point, mindjolt.com apparently also was hacked, because a copy of its database at Constella says the bo3dom@gmail.com used two passwords at that site: lebeda1 and a123456.

Ransomware

Ransomware Passwords Accountability Cybercrime

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. Nikki Haley to head the state’s law enforcement division.

Identity Theft

Identity Theft Banking Cybercrime Hacking

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

The Last Watchdog

FEBRUARY 24, 2022

Related: Supply-chain hacks prove worrisome. Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. Every second, even while you are reading this article, a hacker is trying to hack a site.

Penetration Testing

Penetration Testing Retail Hacking Backups

The Belgacom hack was the work of the UK GCHQ intelligence agency

Security Affairs

OCTOBER 28, 2018

Belgian newspaper reported that investigators had found proof that the Belgacom hack was the work of the UK GCHQ intelligence agency. According to Snowden, the UK’s signals intelligence have hacked into the Belgian telco to spy on private communications in transit into its infrastructure. ” wrote The Intercept.

Hacking

Hacking Spyware Telecommunications Advertising

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. APT stands for Advanced Persistent Threat, a term that generally refers to state-sponsored hacking groups.

Government

Government Hacking Cyber threats Mobile

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

The Hacker News

MARCH 25, 2022

government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S.

Hacking

Hacking Government Cybersecurity

Four Members of APT40 Indicted by the U.S. Department of Justice

Heimadal Security

JULY 20, 2021

4 members belonging to APT40, a hacking group supported by the Chinese government, were indicted yesterday by the U.S. They were charged with several hacking crimes that unfolded between 2011 and 2018 where they targeted state entities, universities, and enterprises. DOJ (Department of Justice).

Hacking

Hacking Government Phishing Cybersecurity

Garmin Devices and Services Taken Offline By Ransomware Attack

Adam Levin

JULY 24, 2020

Recent reports have confirmed that the outage was caused by WastedLocker, a ransomware often used to specifically target and disrupt business operations, and closely associated with Evil Corp, the hacking group behind a $100 million crime spree that began in 2011.

Ransomware

Ransomware Hacking Data breaches

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

The Hacker News

JUNE 13, 2023

According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been accused of conspiring to launder approximately 647,000 bitcoins stolen from September 2011 through at

Cryptocurrency

Cryptocurrency Hacking

Weekly Update 147

Troy Hunt

JULY 12, 2019

References Scott will be running my Hack Yourself First workshop in Glasgow next week (this is the last stop on the UK tour, get in while you still can!) The Zhenai breach from 2011 added another 5M records to HIBP (I'm still working through a ridiculously long backlog of breaches.)

Data breaches

Data breaches Passwords Accountability Hacking

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Security Affairs

APRIL 29, 2022

OpRussia continues, less than a week after my last update Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The financial institution was hacked by Anonymous’s affiliate Network Battalion 65, one of the most active hacking groups since the beginning of the invasion. million emails (1.7

Banking

Banking Hacking Government Data breaches

Inside the Massive Naz.API Credential Stuffing List

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords

Passwords Password Management Hacking Accountability

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Security Affairs

AUGUST 23, 2019

Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. SecurityAffairs – Lenovo Solution Centre, hacking). The post Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes appeared first on Security Affairs.

Hacking

Hacking Advertising Authentication Software

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

Krebs on Security

FEBRUARY 26, 2019

Following their dramatic arrests in 2016, many news media outlets reported that the men were suspected of having tipped off American intelligence officials about those responsible for Russian hacking activities tied to the 2016 U.S. presidential election. law enforcement and intelligence agencies.

Cybersecurity

Cybersecurity Cybercrime Media Antivirus

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

JUNE 23, 2019

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. Unfortunately, this was not the first time hackers broke into JPL , it has already happened back in 2009, 2011, 2014, 2016 and 2017. The post NASA hacked!

Hacking

Hacking Data breaches Advertising Firewall

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” The authorities reported that since 2011, 7 million Bitcoin had gone into the BTC-e exchange and 5.5 ” reads the press release published by DoJ.

Cryptocurrency

Cryptocurrency Spyware Cybercrime Hacking

All White Hat hackers exempted from US CFAA Prosecution

CyberSecurity Insiders

MAY 20, 2022

The memo also clearly underlines the fact that any research done to extort money later will not contribute to good faith hacking. In September 2011, an amendment was made to the bill under the Personal Data Privacy and Security Act of 2011. .

Data privacy

Data privacy Media Government Accountability

Fintech Giant Fiserv Used Unclaimed Domain

Krebs on Security

MARCH 17, 2021

Many other emails poured in, including numerous “bounced” messages delivered in reply to missives from Cashedge.com , a money transfer service that Fiserv acquired in 2011. “My accounts were hacked and if any funding is gone your [sic] sued from me and federal trade commission,” one wrote.

Banking

Banking Accountability Software Mobile

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. Saudi Arabia, and Iraq.

Hacking

Hacking Security Intelligence Advertising Accountability

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

This isn’t the first incident suffered by IMF, the agency suffered a major security breach in 2011. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, International Monetary Fund)

Accountability

Accountability Hacking Cybersecurity Data breaches

The Story of the 2011 RSA Hack

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Webinars

Trending Sources

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

Webinars

XDSpy APT remained undetected since at least 2011

Is Enumerating Resources on a Website "Hacking"?

The Link Between AWM Proxy & the Glupteba Botnet

PlayStation Network outage has been going on for over 24 hours

Why is ‘Juice Jacking’ Suddenly Back in the News?

The Full Story of the Stunning RSA Hack Can Finally Be Told

Three Italian universities hacked by LulzSec_ITA collective

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Russians charged with hacking Mt. Gox exchange and operating BTC-e

CIA Hacking unit APT-C-39 hit China since 2008

US indicts members of Chinese-backed hacking group APT40

T-Mobile detected network intrusion attempts and blocked them

Confessions of an ID Theft Kingpin, Part I

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Sony Hacked Again, Attackers Claim to Have Breached All Systems

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Russians charged with hacking Mt. Gox crypto exchange, running BTC-e

Who Is the Network Access Broker ‘Babam’?

Who Stole 3.6M Tax Records from South Carolina?

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

The Belgacom hack was the work of the UK GCHQ intelligence agency

New Leak Shows Business Side of China’s APT Menace

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

Four Members of APT40 Indicted by the U.S. Department of Justice

Garmin Devices and Services Taken Offline By Ransomware Attack

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

Weekly Update 147

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Inside the Massive Naz.API Credential Stuffing List

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

All White Hat hackers exempted from US CFAA Prosecution

Fintech Giant Fiserv Used Unclaimed Domain

US DoJ indicts four members of China-linked APT40 cyberespionage group

Iran-linked Phosphorous APT hacked emails of security conference attendees

Email accounts of the International Monetary Fund compromised

Stay Connected