2013, Accountability and Information Security

Hacking Kia cars made after 2013 using just their license plate

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. They discovered that Kia would send a registration link to the customers’ email addresses, allowing them to register their vehicle or add it to their Kia account.

Hacking

Hacking Accountability Mobile Internet

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches

Data breaches Technology Software Accountability

Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted

Security Affairs

JULY 7, 2019

Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., Hackers at least created 11 new GitHub repositories in compromised Canonical account. the company behind the Ubuntu Linux distribution. ” states the Canonical team.

Accountability

Accountability Advertising Cryptocurrency Hacking

Modernizing Health Care Security with SASE

Security Boulevard

SEPTEMBER 3, 2021

Since 2013 and the most recent set of updates to the Health Insurance Portability and Accountability Act (HIPAA), U.S. In particular, information security and risk management tools have been a part of nearly every compliance investment that providers have.

Insurance

Insurance Information Security Accountability Technology

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance

Surveillance Computers and Electronics Government Encryption

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. platform since October 2013. international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. store ACCOUNTS-MARKET.

Accountability

Accountability Advertising Passwords Hacking

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Security Affairs

AUGUST 28, 2024

The indictment alleges that from 2013 to 2022, Kadariya played a key role in distributing the Angler Exploit Kit, which was used to spread various malware, including ransomware, through malvertising and other methods. Kadariya has been indicted for distributing the Angler Exploit Kit and other malware to millions of victims.

Malware

Malware Computers and Electronics Cybercrime Internet

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs

DECEMBER 25, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. ” reads the report published by Microsoft. Most of the targets were in the Middle East, others were in the U.S., South Korea, and Europe.

Passwords

Passwords Accountability Authentication Malware

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

UAC-0006 has been active since at least 2013. The threat actors focus on compromising accountants’ PCs (which are used to support financial activities, such as access to remote banking systems), stealing credentials, and making unauthorized fund transfers. ” continues the report.

Malware

Malware Banking Accountability Phishing

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Hacker who disrupted Sony gaming gets a 27-months jail sentence

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ.

DDOS

DDOS Computers and Electronics Advertising Internet

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. platform since October 2013. store used by hackers to offer for sale thousands of compromised accounts, including gamer accounts and PII files containing user names, passwords, U.S.

Cybercrime

Cybercrime Advertising Hacking Accountability

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

The unauthorized access to the IT infrastructure of the company occurred on June 26, threat actors used the credentials of a standard employee account within its IT environment. Upon detecting the suspicious activity by this account, the company immediately started the incident response measures.

Accountability

Accountability Hacking Architecture Malware

Ex Twitter employee found guilty of spying for Saudi Arabian government

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The two former Twitter employees operated for the Saudi Arabian government with the intent of unmasking dissidents using the social network.

Government

Government Accountability Media Marketing

Journalist Matthew Keys is now charged with an attack on a magazine

Security Affairs

APRIL 29, 2020

Keys was accused of providing Anonymous login credentials that allowed the group to deface access and deface the website of the Los Angeles Times in 2013. When Keys left Tribune Company-owned Sacramento KTXL Fox 40 in 2010, he shared login credentials of the CMS used by the website with members of Anonymous. ” states the Sacramento Bee.

Hacking

Hacking Advertising Accountability Media

Yahoo proposes $117.5 million for the settlement of data breach

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million for the settlement of 3 billion hacked accounts. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”.

Data breaches

Data breaches Small Business Advertising Cryptocurrency

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

UAC-0006 has been active since at least 2013. The threat actors focus on compromising accountants’ PCs (which are used to support financial activities, such as access to remote banking systems), stealing credentials, and making unauthorized fund transfers.

Government

Government Phishing Malware Banking

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. This allowed hackers to breach many user accounts. Organizations must have a robust password policy.

Data breaches

Data breaches Passwords Social Engineering Encryption

Misconfigured WBSC server leaks thousands of passports

Security Affairs

SEPTEMBER 29, 2023

The WBSC, headquartered in Switzerland, was established in 2013 and currently has 141 countries as members located in Asia, Africa, the Americas, Europe, and Oceania. Malicious actors can use stolen information to engage in fraudulent activities like opening bank accounts, applying for loans, and executing other types of fraud.

Identity Theft

Identity Theft Social Engineering Banking Risk

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

They also used Bitcoin addresses associated with their accounts on two other Bitcoin exchanges The two Russian nations also used a Bitcoin brokerage service known as the New York Bitcoin Broker to transfer large amounts of funds to overseas bank accounts between March 2012 and April 2013 under the guise of an advertising services contract.

Hacking

Hacking Cryptocurrency Advertising Banking

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. Most of the targets were in the Middle East, others were in the U.S., South Korean, and Europe. .”

Passwords

Passwords Accountability Authentication Hacking

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. Somehow, this operation found its way onto the NSA’s radar pre-2013, as far as I can tell, it’s eluded specific coverage from the security industry.

Hacking

Hacking Advertising Malware Engineering

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Security Affairs

AUGUST 28, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Israel, Iraq, and Saudi Arabia.

Phishing

Phishing Accountability Advertising Media

Sextortion campaign uses Goontact spyware to target Android and iOS users

Security Affairs

DECEMBER 16, 2020

. “The types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.” These sites advertise account IDs for secure messaging apps such as KakaoTalk or Telegram that could allow to communicate with the escorts.

Spyware

Spyware Mobile Surveillance Malware

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising

Advertising Media Accountability Account Security

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . “The targeted accounts are associated with a U.S. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft.

Accountability

Accountability Passwords Advertising Government

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Security Affairs

FEBRUARY 2, 2024

The attack did not impact systems employed in the 2013 census. We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S.

Cyber Attacks

Cyber Attacks Computers and Electronics Government Hacking

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware

Firmware Ransomware Passwords Mobile

Law enforcement shutdown a long-standing DDoS-for-hire service

Security Affairs

JUNE 17, 2023

Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. user accounts, 76 thousand.

DDOS

DDOS Computers and Electronics Cybercrime Cryptocurrency

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Enable two-factor authentication (2FA) for as many of your online accounts as possible. Pierluigi Paganini.

Social Engineering

Social Engineering Passwords Marketing Phishing

Gamaredon group uses a new Outlook tool to spread malware

Security Affairs

JUNE 12, 2020

The group was first discovered by Symantec and TrendMicro in 2015 but evidence of its activities has been dated back to 2013. “One tool, a VBA macro targeting Microsoft Outlook, uses the target’s email account to send spearphishing emails to contacts in the victim’s Microsoft Office address book.”

Malware

Malware Phishing Advertising Government

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

contacts, images, and files) from various online accounts associated cloud storage services. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . Some of the videos were showing how to exfiltrate data (i.e.

Advertising

Advertising Media Authentication Hacking

Wawa card breach: 30 million card records for sale in the dark web

Security Affairs

JANUARY 29, 2020

27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S.” . “On the evening of Monday, Jan. ” reads the post published by Brian Krebs.

Data breaches

Data breaches Advertising Retail Malware

The dreaded Statement of Applicability

Notice Bored

JUNE 5, 2022

The organisation cannot adopt a generic suite of information security controls simply on the basis that they have been recommended or suggested by someone - not even if they are noted in Annex A. Justification for including a control is its effect on modifying information security risk. Subclause 6.1.3 Subclause 6.1.3

Risk

Risk Information Security Accountability InfoSec

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Security Affairs

OCTOBER 2, 2019

Today the company published a security notice to disclose the incident. “We recently were alerted by a third party regarding a security matter that may have affected the Zendesk Support and Chat products and customer accounts of those products activated prior to November of 2016.” ” reads the security notice.

Data breaches

Data breaches Passwords Accountability Authentication

Charming Kitten Campaign involved new impersonation methods

Security Affairs

OCTOBER 13, 2019

Security experts at ClearSky analyzed attacks recently uncovered by Microsoft that targeted a US presidential candidate, government officials, journalists, and prominent expatriate Iranians. The messages include a link and claim to inform the recipient of an attempt to compromise their email account.

Media

Media Social Engineering Phishing Advertising

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Security Affairs

JULY 31, 2020

The motion picture acquisition agreements, tax ID requests, and contract addendum scans all date between 2013 and 2016. While IndieFlix believes that the bucket has been publicly accessible since May 2015, the company has not found any suspicious activity or unauthorized access attempts to any of its accounts during the period.

Identity Theft

Identity Theft Accountability Advertising Marketing

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

Security Affairs

MARCH 8, 2021

Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. reads the advisory published by Microsoft.

Authentication

Authentication Malware Accountability Hacking

FireEye, Mandiant to Split in $1.2 Billion Deal

eSecurity Planet

JUNE 3, 2021

Mandia will become CEO of Mandiant, the company he founded in 2004 and sold to FireEye in late 2013. Products accounted for $795 million of the company’s $941 million in revenue in 2020. FireEye Products EVP Bryan Palma will take the helm of the new products company.

Cyber Attacks

Cyber Attacks Marketing Accountability Technology

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. Regarding files in the affected unemployment insurance service database, they are dated back from 2013 and contained first names, last names, and social security numbers.

Data breaches

Data breaches Insurance Advertising Technology

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

OceanLotus APT (also known as APT32 or Cobalt Kitty ) has been active since at least 2013, it is a state-sponsored hacking group that targeted organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. This allowed us to uncover more pieces of the attackers’ infrastructure.”

Malware

Malware Advertising Marketing Spyware

The phone monitoring app LetMeSpy disclosed a data breach

Security Affairs

JUNE 29, 2023

As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company. Customers can use the app by paying a monthly subscription of $6 for a standard license or $12 for a Pro license. “As India, and Africa.

Data breaches

Data breaches Spyware Hacking Accountability

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia

Security Affairs

DECEMBER 16, 2022

.” In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The man opened a bank account in the name of his father in Lebanon and used it to receive $200,000 in two transfers.

Government

Government Accountability Banking Media

CERT-UA warns of an ongoing SmokeLoader campaign

Security Affairs

MAY 8, 2023

Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with an attachment in the form of a ZIP archive. CERT-UA attributed the campaign to the financially motivated threat actor UAC-0006 which has been active since at least 2013.

Malware

Malware Phishing VPN Accountability

Hacking Kia cars made after 2013 using just their license plate

Data Enrichment, People Data Labs and Another 622M Email Addresses

Trending Sources

Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted

Modernizing Health Care Security with SASE

Snowden Ten Years Later

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

New Leak Shows Business Side of China’s APT Menace

Hacker who disrupted Sony gaming gets a 27-months jail sentence

FBI shuts down the Russian-based hacker platform DEER.IO

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Ex Twitter employee found guilty of spying for Saudi Arabian government

Journalist Matthew Keys is now charged with an attack on a magazine

Yahoo proposes $117.5 million for the settlement of data breach

CERT-UA warns of a phishing campaign targeting government entities

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Misconfigured WBSC server leaks thousands of passports

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Iranian Peach Sandstorm group behind recent password spray attacks

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Sextortion campaign uses Goontact spyware to target Android and iOS users

Twitter Fined $150 Million for Misuse of 2FA User Data

Iran-linked Phosphorus group hit a 2020 presidential campaign

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Law enforcement shutdown a long-standing DDoS-for-hire service

350 million decrypted email addresses left exposed on an unsecured server

Gamaredon group uses a new Outlook tool to spread malware

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Wawa card breach: 30 million card records for sale in the dark web

The dreaded Statement of Applicability

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Charming Kitten Campaign involved new impersonation methods

IndieFlix streaming service leaves thousands of confidential agreements, filmmaker SSNs, videos exposed on public server

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

FireEye, Mandiant to Split in $1.2 Billion Deal

Maryland Department of Labor discloses a data breach

PhantomLance, a four-year-long cyberespionage spying campaign

The phone monitoring app LetMeSpy disclosed a data breach

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia

CERT-UA warns of an ongoing SmokeLoader campaign

Stay Connected