Security Affairs

FEBRUARY 10, 2025

A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. ” reads the analysis published by Intezer.

Manufacturing 109

Manufacturing Cybercrime Passwords Authentication 109

Security Affairs

FEBRUARY 19, 2025

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records.

Authentication 121

Authentication System Administration DNS Hacking 121

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Boulevard

SEPTEMBER 3, 2021

Since 2013 and the most recent set of updates to the Health Insurance Portability and Accountability Act (HIPAA), U.S. In particular, information security and risk management tools have been a part of nearly every compliance investment that providers have.

Insurance 114

Insurance Information Security Accountability Technology 114

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development.

Data breaches 362

Data breaches Technology Software Accountability 362

Duo's Security Blog

FEBRUARY 1, 2021

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification! What is ISO 27001:2013, 27017:2015 and 27018:2019? What’s the benefit of ISO 27001:2013, 27017:2015 and 27018:2019 certification to our customers? You can thank ISO for that!

Manufacturing 52

Manufacturing Surveillance Information Security CISO 52

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Those of us in the information security community had long assumed that the NSA was doing things like this.

Surveillance 349

Surveillance Computers and Electronics Government Encryption 349

Heimadal Security

NOVEMBER 3, 2023

ISO 27001, sometimes referred to as ISO/IEC 27001 is an international standard that addresses organizational information security.

Data privacy 104

Data privacy Information Security Cybersecurity 104

Security Affairs

JANUARY 21, 2025

Gayfemboy exploits various vulnerabilities, including CVE-2013-3307 , CVE-2021-35394 , CVE-2024-8957 , and others in DVRs, routers, and security appliances. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,botnet)

IoT 81

IoT Malware Hacking Cybercrime 81

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. These are based on publicly disclosed incidents in the media or security reports.” The maintainers of the project also mapped the attacks to the MITRE ATT&CK framework.

Ransomware 144

Ransomware Advertising Data collection Healthcare 144

Security Affairs

FEBRUARY 12, 2025

Kimsukycyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researchers in 2013. At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure.

Phishing 87

Phishing Malware Security Intelligence Hacking 87

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance 331

Insurance Risk Financial Services CISO 331

Security Affairs

JUNE 20, 2022

The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022.” Its fix was just regressed in 2016 during refactoring.

Hacking 144

Hacking Software Cybersecurity Data breaches 144

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 252

Cybercrime Data breaches Malware Ransomware 252

Security Affairs

JANUARY 9, 2019

million settlement with The Neiman Marcus Group over a 2013 data breach. million settlement with The Neiman Marcus Group LLC over a data breach suffered by the company in 2013 and disclosed earlier 2014. billion in the Q4 2013. Tens of state attorneys general announced a $1.5 Tens of attorneys general announced this week a $1.5

Data breaches 88

Data breaches Retail Advertising Cybercrime 88

Krebs on Security

NOVEMBER 16, 2023

” Antti Kurittu is an information security specialist and a former criminal investigator. In 2013, Kurittu worked on an investigation involving Kivimäki’s use of the Zbot botnet , among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP).

Cybercrime 268

Cybercrime Hacking Data breaches Banking 268

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. In 2013, the Motion Picture Association of America (MPAA) shut down the website due to concerns related to copyright infringement. According to German media , one of the two operators was also involved in the operations of the site mega-downloads.net.

Media 127

Media Cybercrime Advertising Information Security 127

Security Affairs

AUGUST 28, 2024

The indictment alleges that from 2013 to 2022, Kadariya played a key role in distributing the Angler Exploit Kit, which was used to spread various malware, including ransomware, through malvertising and other methods. Kadariya has been indicted for distributing the Angler Exploit Kit and other malware to millions of victims.

Malware 129

Malware Computers and Electronics Cybercrime Internet 129

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ.

DDOS 111

DDOS Computers and Electronics Advertising Internet 111

Security Affairs

APRIL 30, 2024

In 2013, investigators discovered malicious code on devices seized from Kivimäki, which was used by HTP to compromise over 60,000 servers exploiting an Adobe ColdFusion zero-day. This exploit was reported by Brian Krebs in September 2013, after the hackers breached the servers of LexisNexis, Kroll, and Dun & Bradstreet.

Hacking 127

Hacking Cybercrime Data breaches Information Security 127

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 323

Government Hacking Cyber threats Mobile 323

Security Affairs

NOVEMBER 10, 2020

Exposed data, some of which go back to 2013, include sensitive information and credit card details. The unsecured cloud repository used by the hotel reservation platform has exposed 10 million files (24.4 GB worth of data) related to guests at various hotels around the world. ” reads a post published by Website Planet.

Identity Theft 133

Identity Theft Scams Phishing Malware 133

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” ” reads an advisory published by the Microsoft Tech Community.

Authentication 144

Authentication Malware Advertising Hacking 144

Security Affairs

JULY 26, 2019

The man, who is also known as Libertas also provided customer support to Silk Road users in 2013, for this job he received a weekly salary. According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 billion worth of transactions for 957,079 users, the total earning for Ulbricht was nearly $80 million.

Marketing 102

Marketing Advertising Cybercrime Information Security 102

Security Affairs

OCTOBER 1, 2024

A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43 ) is conducting a broader cyber campaign targeting Germany. Kimsuky cyberespionage group (aka Springtail, ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013.

Manufacturing 133

Manufacturing Hacking Cyber Attacks Malware 133

Security Affairs

SEPTEMBER 17, 2022

CVE-2013-6282 : Linux Kernel – The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. CVE-2013-2596 Linux Kernel – Linux kernel fb_mmap function in drivers/video/fbmem.c Code Aurora is used in third-party products such as Qualcomm and Android.

Hacking 98

Hacking Cybersecurity Risk Information Security 98

Security Affairs

MARCH 8, 2022

CVE ID Vulnerability Name Due Date CVE-2022-26486 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2022-26485 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2021-21973 VMware vCenter Server, Cloud Foundation Server Side Request Forgery (SSRF) 03/21/22 CVE-2020-8218 Pulse Connect Secure Code Injection Vulnerability 09/07/22 CVE-2019-11581 (..)

Authentication 107

Authentication Hacking Cybersecurity Risk 107

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”. This time Yahoo could pay $117.5

Data breaches 106

Data breaches Small Business Advertising Cryptocurrency 106

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsukycyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researchers in 2013.

Malware 72

Malware Phishing Security Intelligence Hacking 72

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. “How many of these are vulnerable? ” continues the report.

Advertising 136

Advertising Authentication Internet Internet 136

Security Affairs

AUGUST 25, 2024

Telegram Messenger is a cloud-based, cross-platform instant messaging service launched in 2013 for iOS and Android. Over the years, Telegram has become the privileged communication channel for cybercriminals and other threat actors. Telegram and the French Interior Ministry have not yet commented on the news.

Media 136

Media Encryption Hacking Cybercrime 136

Krebs on Security

AUGUST 23, 2024

Mike Barlow , information security manager for the City of Memphis, confirmed the Memphis Police’s systems were sharing their Microsoft Windows credentials with the domain, and that the city was working with Caturegli to have the domain transferred to them. .” Caturegli said setting up an email server record for memrtcc.ad

DNS 324

DNS Internet Internet Authentication 324

Security Affairs

APRIL 23, 2020

The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. Somehow, this operation found its way onto the NSA’s radar pre-2013, as far as I can tell, it’s eluded specific coverage from the security industry.

Hacking 139

Hacking Advertising Malware Engineering 139

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. .” reads the announcement published by the SSU.

Government 138

Government Software Cyber threats Cyber Attacks 138

Security Affairs

NOVEMBER 20, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. It's perhaps just Exchange 2013 that requires a tweak. Can confirm.

Authentication 98

Authentication Hacking Cybersecurity Information Security 98

Security Affairs

AUGUST 1, 2019

Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. Cisco finally addressed the flaws in 2013 and stopped selling Cisco Video Surveillance Manager (VSM) in 2014. Cisco is going to pay $8.6

Surveillance 109

Surveillance Technology Government Software 109

Security Affairs

NOVEMBER 6, 2020

In October 2013, the FBI has shut down the popular black market Silk Road after many years of investigation, the website was hosted in the Tor Network and was seized by US law enforcement. According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 .” On November 5, the U.S. million USD. .

Cryptocurrency 88

Cryptocurrency Advertising Marketing Hacking 88