Bleeping Computer

JUNE 16, 2023

Polish police officers part of the country's Central Cybercrime Bureau detained two suspects believed to have been involved in the operation of a long-running DDoS-for-hire service (aka booter or stresser) active since at least 2013. [.]

DDOS 116

DDOS Cybercrime 116

DoublePulsar

DECEMBER 22, 2023

I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied. It was introduced in Exchange Server 2013. Obviously, almost nobody replied. Including Microsoft. I’d like to add some context.

Ransomware 90

Ransomware Internet Internet Software 90

Krebs on Security

DECEMBER 4, 2024

In December 2023, KrebsOnSecurity identified Lenin as “ Rescator ,” the nickname used by the cybercriminal responsible for selling more than 100 million payment cards stolen from customers of Target and Home Depot in 2013 and 2014.

Cybercrime 225

Cybercrime Ransomware Cryptocurrency Government 225

Schneier on Security

JANUARY 17, 2023

I wrote about it for the Guardian in 2013, an essay that reads so dated in light of what we’ve learned since then.) Without the FBI deploying some form of surveillance technique, or Al-Azhari using another method to visit the site which exposed their IP address, this should not have been possible.

Surveillance 363

Surveillance Media Hacking 363

Schneier on Security

NOVEMBER 11, 2022

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

Surveillance 245

Surveillance 245

Schneier on Security

OCTOBER 11, 2019

This book covers essays from 2013 to 2017. I just published my third collection of essays: We Have Root. The first two are Schneier on Security and Carry On.). External vendor links, including for ebook versions, here.

249

249

Schneier on Security

MARCH 3, 2022

It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA).

Hacking 249

Hacking Cybersecurity 249

Schneier on Security

JUNE 29, 2022

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuador’s 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia.

Hacking 238

Hacking 238

Krebs on Security

JUNE 22, 2022

Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). “Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013.

Advertising 311

Advertising Cybercrime System Administration Hacking 311

Schneier on Security

MAY 8, 2019

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government.

Hacking 267

Hacking Government 267

Schneier on Security

DECEMBER 21, 2022

“For example, in 2013 they tried to get all the staff at the ministry of defence to replace our iPhones with Russian-made Yoto smartphones. . “That doesn’t pose too much difficulty for the Ukrainian security services.” ” […].

Telecommunications 301

Telecommunications Mobile 301

Krebs on Security

OCTOBER 1, 2019

In December 2013, a Slovenian court sentenced Škorjanc to four years and ten months in prison for creating the malware that powered the ‘ Mariposa ‘ botnet. The “sellers” page on the Darkode cybercrime forum, circa 2013. 5, 2013, federal investigators visited McCormick at his University of Massachusetts dorm room.

Cybercrime 44

Cybercrime Malware Antivirus Banking 44

Schneier on Security

OCTOBER 1, 2022

The bulk of the websites that we discovered were active at various periods between 2004 and 2013. All of these flaws would have facilitated discovery by hostile parties. […]. We do not believe that the CIA has recently used this communications infrastructure.

Internet 323

Internet Internet 323

Schneier on Security

SEPTEMBER 20, 2023

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5

Cybersecurity 336

Cybersecurity CISO Engineering Architecture 336

Schneier on Security

JUNE 28, 2023

The stalkerware company LetMeSpy has been hacked : TechCrunch reviewed the leaked data, which included years of victims’ call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy.

Hacking 257

Hacking Spyware Accountability Data breaches 257

Schneier on Security

JANUARY 28, 2020

In 2013, we learned from Edward Snowden that the NSA does this worldwide. The article is about geofence warrants , where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time. Its program is called CO-TRAVELLER.

Surveillance 228

Surveillance Government 228

Schneier on Security

MARCH 4, 2021

Here’s the timeline : The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control.

System Administration 255

System Administration Government Hacking 255

Adam Levin

SEPTEMBER 4, 2020

Information about the widespread data collection was initially brought to the public’s attention in 2013 by Edward Snowden, a government whistleblower who fled to Russia after exposing evidence of the program. . “I

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Schneier on Security

FEBRUARY 24, 2023

We show a similar white-box undetectable backdoor for random ReLU networks based on the hardness of Sparse PCA (Berthet, Rigollet; COLT 2013). We prove this strong guarantee under the hardness of the Continuous Learning With Errors problem (Bruna, Regev, Song, Tang; STOC 2021).

349

349

Krebs on Security

JUNE 7, 2022

Our first swatting, in March 2013, resulted in Fairfax County, Va. . “What starts out virtual can get real all too quickly — and when the web is worldwide, so are the consequences.” ” Our family has been victimized by multiple swatting attacks over the past decade.

Cybercrime 332

Cybercrime Internet Internet Web Fraud 332

Krebs on Security

JUNE 10, 2022

In 2019, AFRINIC fired a top employee after it emerged that in 2013 he quietly commandeered millions of IPs from defunct African entities or from those that were long ago acquired by other firms, and then conspired to sell an estimated $50 million worth of the IPs to marketers based outside Africa.

Government 314

Government Marketing Internet Internet 314

Krebs on Security

APRIL 30, 2024

In 2013, investigators going through devices seized from Kivimäki found computer code that had been used to crack more than 60,000 web servers using a previously unknown vulnerability in Adobe’s ColdFusion software. Kivimäki was 15 years old at the time.

DDOS 292

DDOS Cybercrime Hacking Passwords 292

Krebs on Security

APRIL 16, 2024

As it happens, Rescator’s criminal hacking crew was directly responsible for the 2013 breach at Target and the 2014 hack of Home Depot. According to a 2013 report from the Treasury Inspector General’s office, the IRS issued nearly $4 billion in bogus tax refunds in 2012, and more than $5.8 billion in 2013.

Identity Theft 283

Identity Theft Banking Cybercrime Hacking 283

Krebs on Security

FEBRUARY 14, 2020

In May 2013, the U.S. Justice Department seized Liberty Reserve , alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world.

Identity Theft 259

Identity Theft Government Scams Cybercrime 259

Schneier on Security

JUNE 23, 2022

But in 2013, Edward Snowden disclosed that the National Security Agency had subverted the integrity of a NIST cryptographic standard­the Dual_EC_DRBG­enabling easy decryption of supposedly secured communications. government, has emerged as the de facto international source for cryptographic standards.

Government 255

Government Technology 255

Krebs on Security

JUNE 29, 2023

Kislitsin also was indicted in Nevada in 2013, but the Nevada indictment does not name his alleged victim(s) in that case. ”] Kislitsin was hired by Group-IB in January 2013, nearly six months after the Formspring hack. ”

Cybersecurity 293

Cybersecurity Cybercrime Hacking Government 293

Security Affairs

FEBRUARY 10, 2025

Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. ” reads the analysis published by Intezer.

Manufacturing 110

Manufacturing Cybercrime Passwords Authentication 110

Security Affairs

FEBRUARY 19, 2025

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records.

Authentication 122

Authentication System Administration DNS Hacking 122

Krebs on Security

OCTOBER 26, 2021

Indeed, some of history’s largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target , Home Depot and elsewhere that led to the theft of roughly another 100 million cards.

Technology 72

Technology Retail Computers and Electronics Malware 72

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Krebs on Security

FEBRUARY 5, 2023

In 2013, Kurittu worked on an investigation involving Kivimäki’s use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP).” The DDoS-for-hire service allegedly operated by Kivimäki in 2012.

Cybercrime 270

Cybercrime DDOS Hacking Accountability 270

Krebs on Security

JULY 17, 2019

The above commercial is vaguely reminiscent of the slick ads produced for and promoted by convicted Ukrainian credit card fraudster Vladislav “BadB” Horohorin , who was sentenced in 2013 to serve 88 months in prison for his role in the theft of more than $9 million from RBS Worldpay, an Atlanta-based credit card processor. (In

Cybercrime 215

Cybercrime Advertising Cybersecurity 215

Troy Hunt

MAY 21, 2024

I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an "employee" Over time, it grew (and I tell you what, nobody is more surprised by that than me!) We often do that in this industry, the whole "1.0" " thing, but it seems apt here.

Passwords 334

Passwords Hacking 334

Schneier on Security

MAY 20, 2020

It was the summer of 2013, and I was visiting Glenn Greenwald in Rio de Janeiro. Between you, Poitras, and Greenwald, pretty sure you guys can't stand up to a full-fledged nation-state attempt to exploit your IT. To include not just remote stuff, but hands-on, sneak-into-your-house-at-night kind of stuff. That's my guess.".

Surveillance 273

Surveillance Encryption Government Media 273

Krebs on Security

MARCH 2, 2021

The patches released today fix security problems in Microsoft Exchange Server 2013 , 2016 and 2019. The software giant typically releases security updates on the second Tuesday of each month, but it occasionally deviates from that schedule when addressing active attacks that target newly identified and serious vulnerabilities in its products.

Internet 338

Internet Internet Software Education 338

Troy Hunt

OCTOBER 15, 2020

We've known about this for years; even back in 2013, rubbish bins in London were tracking people via their MAC addresses so this isn't a new thing. The root cause quickly became evident: MAC addresses are effectively unique identifiers and the appearance of the same one over and over again provides the ability to track devices.

IoT 360

IoT Risk 360

Krebs on Security

SEPTEMBER 30, 2024

Islam also pleaded guilty to reporting dozens of phony bomb threats and fake hostage situations at the homes of celebrities and public officials (Islam participated in a swatting attack against this author in 2013 ). Troy Woody Jr. left) and Mir Islam, are currently in prison in the Philippines for murder. In December 2022, Troy Woody Jr.

Cryptocurrency 304

Cryptocurrency Government Internet Internet 304