2012, Accountability and Information Security

Horde Webmail Software is affected by a dangerous bug since 2012

Security Affairs

FEBRUARY 23, 2022

Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment. disable' => true.

Software

Software Accountability Hacking Government

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches

Data breaches Technology Software Accountability

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Advertising Data breaches

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

JULY 24, 2024

Remote attackers can exploit the flaw to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. is a Twilio Authy information disclosure vulnerability.

Internet

Internet Internet Hacking Accountability

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million September 2012 Bukalapak.com 13 million February 2018 Bookmate.com 8 million July 2018 ReverbNation.com 7.9

Data breaches

Data breaches Advertising Passwords Hacking

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Neverquest malware is able to log in to the victim’s online banking account and perform fraudulent transactions. Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, the managed a network of servers containing lists of millions of stolen login credentials.

Banking

Banking Malware Advertising Passwords

Russian national sentenced to 40 months for selling stolen data on the dark web

Security Affairs

AUGUST 16, 2024

The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts. Those credentials were subsequently linked to $1.2

Banking

Banking Accountability Retail Mobile

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. ” reads the advisories published by Microsoft.

Advertising

Advertising Firewall Education Engineering

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.”

Cyber Attacks

Cyber Attacks Banking Accountability Media

Japan Suffered Record Number of Privacy and Security Violations in 2020

Hot for Security

FEBRUARY 23, 2021

Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times. Personal information on a total of 25.15

Accountability

Accountability Information Security Malware Data breaches

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

They also used Bitcoin addresses associated with their accounts on two other Bitcoin exchanges The two Russian nations also used a Bitcoin brokerage service known as the New York Bitcoin Broker to transfer large amounts of funds to overseas bank accounts between March 2012 and April 2013 under the guise of an advertising services contract.

Hacking

Hacking Cryptocurrency Advertising Banking

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

“Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent. This was a well-informed opinion carefully supported by evidence and explained over two detailed reports.”

Government

Government Risk Passwords Hacking

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. According to people involved, Chinese hackers Tick may have been involved.

Antivirus

Antivirus Hacking Advertising Media

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. . ” reads the post published by ESET. ” continues the report. Pierluigi Paganini.

Accountability

Accountability Malware Cyber Attacks Media

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. ” concludes the report.”To ” Pierluigi Paganini.

Retail

Retail Malware Mobile Accountability

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. An administrator account Xerx3s on Abusewithus.

Hacking

Hacking Accountability Data breaches Marketing

DoJ announced to have shut down Slilpp marketplace in international operation

Security Affairs

JUNE 11, 2021

The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts. law enforcement in connection with the Slilpp marketplace.

Cybercrime

Cybercrime Accountability Retail Cyber threats

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The Neverquest malware is able to log in to the victim’s online banking account and perform fraudulent transactions. Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, he managed a network of servers containing lists of millions of stolen login credentials.

Banking

Banking Malware Advertising Hacking

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Security Affairs

MAY 16, 2019

was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. replaces the original Attack Surface Analzyer tool, released publicly in 2012.” The first version of the Attack Surface Analyzer 1.0 “Attack Surface Analyzer 2.0

Advertising

Advertising Software Technology Accountability

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

In July, Anonymous Sudan announced it had stolen credentials for 30 million customer accounts. In September, Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. Skynet was first discovered in 2012 and has since grown to become one of the largest botnets in the world.

DDOS

DDOS Cryptocurrency Accountability Media

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Security Affairs

DECEMBER 6, 2022

The experts analyzed the NissanConnect app and reached out to some Nissan owners who signed into their accounts to inspect the HTTP traffic. We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.

Hacking

Hacking Engineering Mobile Internet

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. “According to people involved, Chinese hackers Tick may have been involved. .”

Data breaches

Data breaches Media Computers and Electronics Cyber Attacks

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

In 2012, Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Cybercrime

Cybercrime Banking Malware Hacking

‘Justice Blade’ Hackers are Targeting Saudi Arabia

Security Affairs

NOVEMBER 7, 2022

The bad actors claim to have stolen a significant volume of data, including CRM records, personal information, email communications, contracts, and account credentials. The same day, Justice Blade also set up a Telegram account with a private communications channel.

Government

Government Accountability Hacking Data breaches

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” The hackers managed to access sensitive HR information and documents about the company’s current and former employees. This isn’t the first time that the company was the victim of a cyber attack.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

It has its own statute and specific regulations governing administration and accounting. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.”

Ransomware

Ransomware Government Hacking Scams

News aggregator Flipboard disclosed a data breach

Security Affairs

MAY 29, 2019

The news aggregator Flipboard announced that it suffered a breach, unauthorized users had access to some databases storing user account information. The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information.

Data breaches

Data breaches Accountability Passwords Advertising

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

XakFor has been active since 2012, most of its visitors were Russian-speaking hackers and crooks. According to Belarusian authorities, XakFor had more than 28,000 registered accounts at the time of seizure that took place last month. ” Unlike other crime forums, XakFor was not hosted on anonymizing networks like Tor and I2P.

Advertising

Advertising Malware Cybercrime Hacking

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

Security Affairs

JUNE 24, 2019

industries and government agencies, the statement was also published by the CISA Director Chris Krebs via his Twitter account. ” Experts recommend to have secure working backup procedures, in case of attack, victims could simply recover data from a backup. The attacks are targeting U.S. ” continues the statement.

Backups

Backups Advertising Passwords Accountability

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. According to the experts, the backdoor might have been active since at least 2012. . “We

Encryption

Encryption Advertising Government Cyber Attacks

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Malware

Malware Cybercrime Banking Hacking

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, com and its alleged administrator, a Croatian national.

Malware

Malware Cybercrime Data breaches Internet

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The three vulnerabilities addressed by the security vendor are: CVE-2021-20021 : Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security version 10.0.9.x x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Authentication

Authentication Accountability Hacking Encryption

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”.

Engineering

Engineering Ransomware Data breaches Cyber Attacks

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” The flaws affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1,

Authentication

Authentication Advertising Internet Internet

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

In 2012, the US government added Shevlyakov to Entity List, a ban list for procuring and delivering export-restricted items to Russia. electronics manufacturers and distributors between approximately October 2012 and January 2022. hacking tools and electronics appeared first on Security Affairs.

Computers and Electronics

Computers and Electronics Hacking Penetration Testing Manufacturing

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

Security Affairs

MARCH 16, 2021

.” On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. a MAPP partner company based in China, for leaking data related to CVE-2012-0002.

Antivirus

Antivirus Cyber Attacks Hacking Accountability

FIA World Endurance Championship driver passports leaked

Security Affairs

JULY 18, 2023

Introduced in 2012, FIA WEC features eight endurance races across the world, including its cornerstone stage – 24 hours at Le Mans. With such a trove of personal information, a criminal could impersonate victims, essentially stealing their identities and running wild with them. Both combined, they contained over 1.1 million files.

Banking

Banking Government Accountability Hacking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Those of us in the information security community had long assumed that the NSA was doing things like this. It’s amazing that one person could have had so much access with so little accountability, and could sneak all of this data out without raising any alarms. I wasn’t sleeping well, either.

Surveillance

Surveillance Computers and Electronics Government Encryption

A new Adwind variant involved in attacks on US petroleum industry

Security Affairs

OCTOBER 1, 2019

The Adwind RAT was first discovered early 2012, the experts dubbed it Frutas RAT and later it was identified with other names, Unrecom RAT (February 2014), AlienSpy (October 2014), and recently JSocket RAT (June 2015). . “When the victim executes the payload, there are multiple levels of JAR extractions that occur.”

Malware

Malware Advertising DDOS Cybercrime

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

Andrei Tyurin is accused of being the mastermind of the organization that targeted the US financial institution from 2012 to mid-2015. His alleged hacking activities “lay claim to the largest theft of US customer data from a single financial institution in history, accounting for a staggering 80 million-plus victims,”.

Hacking

Hacking Marketing Identity Theft Banking

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43.

Phishing

Phishing Media Passwords Malware

Horde Webmail Software is affected by a dangerous bug since 2012

Data Enrichment, People Data Labs and Another 622M Email Addresses

Trending Sources

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

Threat actors are offering for sale 550 million stolen user records

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Russian national sentenced to 40 months for selling stolen data on the dark web

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Mitsubishi Electric Corp. was hit by a new cyberattack

Japan Suffered Record Number of Privacy and Security Violations in 2020

Russians charged with hacking Mt. Gox exchange and operating BTC-e

British Court rejects the US’s request to extradite Julian Assange

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Facebook links cyberespionage group APT32 to Vietnamese IT firm

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

DoJ announced to have shut down Slilpp marketplace in international operation

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

After ChatGPT, Anonymous Sudan took down the Cloudflare website

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Mitsubishi Electric discloses data breach, media blame China-linked APT

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

‘Justice Blade’ Hackers are Targeting Saudi Arabia

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

News aggregator Flipboard disclosed a data breach

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

Platinum APT and leverages steganography to hide C2 communications

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

DNA testing company fined after customer data theft

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

New Version of Meduza Stealer Released in Dark Web

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

German industrial giant ThyssenKrupp targeted in a new cyberattack

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

FIA World Endurance Championship driver passports leaked

Snowden Ten Years Later

A new Adwind variant involved in attacks on US petroleum industry

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Stay Connected