Security Affairs

DECEMBER 25, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. ” reads the report published by Microsoft. Most of the targets were in the Middle East, others were in the U.S., South Korea, and Europe.

Passwords 144

Passwords Accountability Authentication Malware 144

Security Affairs

AUGUST 13, 2024

UAC-0006 has been active since at least 2013. The threat actors focus on compromising accountants’ PCs (which are used to support financial activities, such as access to remote banking systems), stealing credentials, and making unauthorized fund transfers.

Government 140

Government Phishing Malware Banking 140

Security Affairs

JUNE 30, 2024

The unauthorized access to the IT infrastructure of the company occurred on June 26, threat actors used the credentials of a standard employee account within its IT environment. Upon detecting the suspicious activity by this account, the company immediately started the incident response measures.

Accountability 142

Accountability Hacking Architecture Malware 142

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. This allowed hackers to breach many user accounts. Organizations must have a robust password policy.

Data breaches 109

Data breaches Passwords Social Engineering Encryption 109

Security Affairs

SEPTEMBER 29, 2023

The WBSC, headquartered in Switzerland, was established in 2013 and currently has 141 countries as members located in Asia, Africa, the Americas, Europe, and Oceania. Malicious actors can use stolen information to engage in fraudulent activities like opening bank accounts, applying for loans, and executing other types of fraud.

Identity Theft 138

Identity Theft Social Engineering Banking Risk 138

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising 93

Advertising Media Accountability Account Security 93

Notice Bored

JUNE 5, 2022

The organisation cannot adopt a generic suite of information security controls simply on the basis that they have been recommended or suggested by someone - not even if they are noted in Annex A. Justification for including a control is its effect on modifying information security risk. Subclause 6.1.3 Subclause 6.1.3

Risk 72

Risk Information Security Accountability InfoSec 72

Security Affairs

JUNE 17, 2023

Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. user accounts, 76 thousand.

DDOS 98

DDOS Computers and Electronics Cybercrime Cryptocurrency 98

Security Affairs

SEPTEMBER 16, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. Most of the targets were in the Middle East, others were in the U.S., South Korean, and Europe. .”

Passwords 139

Passwords Accountability Authentication Hacking 139

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The two former Twitter employees operated for the Saudi Arabian government with the intent of unmasking dissidents using the social network.

Government 139

Government Accountability Media Marketing 139

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ.

DDOS 111

DDOS Computers and Electronics Advertising Internet 111

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. platform since October 2013. international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. store ACCOUNTS-MARKET.

Accountability 144

Accountability Advertising Passwords Hacking 144

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance 326

Surveillance Computers and Electronics Government Encryption 326

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches 360

Data breaches Technology Software Accountability 360

eSecurity Planet

JUNE 3, 2021

Mandia will become CEO of Mandiant, the company he founded in 2004 and sold to FireEye in late 2013. Products accounted for $795 million of the company’s $941 million in revenue in 2020. FireEye Products EVP Bryan Palma will take the helm of the new products company.

Cyber Attacks 70

Cyber Attacks Marketing Accountability Technology 70

Security Affairs

FEBRUARY 2, 2024

The attack did not impact systems employed in the 2013 census. We join in Prime Minister Rama’s call for Iran to be held accountable for this unprecedented cyber incident. The United States will take further action to hold Iran accountable for actions that threaten the security of a U.S.

Cyber Attacks 141

Cyber Attacks Computers and Electronics Government Hacking 141

Security Affairs

MAY 8, 2023

Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with an attachment in the form of a ZIP archive. CERT-UA attributed the campaign to the financially motivated threat actor UAC-0006 which has been active since at least 2013.

Malware 98

Malware Phishing VPN Accountability 98

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 288

Government Hacking Cyber threats Mobile 288

Security Affairs

JUNE 29, 2023

As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company. Customers can use the app by paying a monthly subscription of $6 for a standard license or $12 for a Pro license. “As India, and Africa.

Data breaches 98

Data breaches Spyware Hacking Accountability 98

Security Affairs

DECEMBER 16, 2022

.” In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The man opened a bank account in the name of his father in Lebanon and used it to receive $200,000 in two transfers.

Government 98

Government Accountability Banking Media 98

Security Affairs

MARCH 26, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. platform since October 2013. store used by hackers to offer for sale thousands of compromised accounts, including gamer accounts and PII files containing user names, passwords, U.S.

Cybercrime 144

Cybercrime Advertising Hacking Accountability 144

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million for the settlement of 3 billion hacked accounts. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”.

Data breaches 107

Data breaches Small Business Advertising Cryptocurrency 107

Security Affairs

APRIL 29, 2020

Keys was accused of providing Anonymous login credentials that allowed the group to deface access and deface the website of the Los Angeles Times in 2013. When Keys left Tribune Company-owned Sacramento KTXL Fox 40 in 2010, he shared login credentials of the CMS used by the website with members of Anonymous. ” states the Sacramento Bee.

Hacking 130

Hacking Advertising Accountability Media 130

Security Affairs

APRIL 1, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Spyware 98

Spyware Surveillance Mobile Education 98

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware 120

Firmware Ransomware Passwords Mobile 120

Security Affairs

AUGUST 28, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Israel, Iraq, and Saudi Arabia.

Phishing 145

Phishing Accountability Advertising Media 145

Security Affairs

DECEMBER 16, 2020

. “The types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.” These sites advertise account IDs for secure messaging apps such as KakaoTalk or Telegram that could allow to communicate with the escorts.

Spyware 144

Spyware Mobile Surveillance Malware 144

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Surveillance 100

Surveillance Social Engineering Phishing Government 100

Security Affairs

APRIL 23, 2020

The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. Somehow, this operation found its way onto the NSA’s radar pre-2013, as far as I can tell, it’s eluded specific coverage from the security industry.

Hacking 139

Hacking Advertising Malware Engineering 139

Security Affairs

NOVEMBER 22, 2022

” The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland. . “In reality, Polybius was never actually a bank, and never paid out the promised dividends. Polybius never formed a bank or paid any dividends.”

Cryptocurrency 98

Cryptocurrency Banking Marketing Hacking 98

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . “The targeted accounts are associated with a U.S. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft.

Accountability 106

Accountability Passwords Advertising Government 106

Security Affairs

MAY 2, 2022

In 2013 Group-IB was licensed by the Russian FSB, required to process state-secret data. Meanwhile, the company has recovered Sachkov’s SIM card and continues to manage his social media accounts. Government. The license was issued by the Moscow FSB Department with registration number “?? ?

Government 100

Government Cybersecurity Technology Cyber Attacks 100

Security Affairs

MARCH 28, 2023

million) were provided before 2013. million records include some, but not all of the following personal information: name, address, telephone, and date of birth. “We urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. 94% of these records (5.7

Data breaches 98

Data breaches Financial Services Passwords Hacking 98

Security Affairs

JULY 31, 2020

The motion picture acquisition agreements, tax ID requests, and contract addendum scans all date between 2013 and 2016. While IndieFlix believes that the bucket has been publicly accessible since May 2015, the company has not found any suspicious activity or unauthorized access attempts to any of its accounts during the period.

Identity Theft 87

Identity Theft Accountability Advertising Marketing 87

Security Affairs

JUNE 3, 2023

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

Social Engineering 98

Social Engineering Phishing System Administration Engineering 98

Security Affairs

JUNE 22, 2023

According to the security measure, any repository with more than 100 clones at the time its user account is renamed is considered “retired” and cannot be used by others. They were founded in 2013, launched their app in 2016 under this name, and acquired by Google on 2018)” continues the report.

Hacking 100

Hacking Accountability Risk Information Security 100

Security Affairs

OCTOBER 13, 2019

Security experts at ClearSky analyzed attacks recently uncovered by Microsoft that targeted a US presidential candidate, government officials, journalists, and prominent expatriate Iranians. The messages include a link and claim to inform the recipient of an attempt to compromise their email account.

Media 93

Media Social Engineering Phishing Advertising 93