2014, Authentication and Internet - Cyber Security Informer

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reads the advisory published by Microsoft.

Internet

Internet Internet Authentication Advertising

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc Finally, the malware validates there is a valid Internet connection through a speed test website. on Twitter, and targeting Portuguese users.

Internet

Internet Internet Malware Banking

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

The documents were available without authentication to anyone with a Web browser. According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years.

Insurance

Insurance Financial Services Penetration Testing Scams

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

GreyNoise is observing sweeping tests for systems vulnerable to the RDP "BlueKeep" (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. Now the popular expert Robert Graham has scanned the Internet for vulnerable systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Internet

Internet Internet Advertising Malware

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

“I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. That’s because Experian does not offer any type of multi-factor authentication options on consumer accounts. But now he’s wondering what else he could do to prevent another account compromise.

Accountability

Accountability Passwords Authentication Password Management

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication. ”

Healthcare

Healthcare Backups Ransomware Insurance

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Advertising Mobile Authentication

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Data breaches Advertising Mobile

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Fitis’s Himba affiliate program, circa February 2014. “Why do I need a certificate? Image: Archive.org.

Malware

Malware Cybercrime Software Accountability

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. and printers (or print servers).

Internet

Internet Internet Firmware Advertising

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

The bleak picture of two-factor authentication adoption in the wild

Elie

DECEMBER 20, 2018

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. How prevalent is 2FA authentication? reuse of passwords found in data breaches and phishing attacks.

Authentication

Authentication Internet Internet Software

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile

Mobile InfoSec Data breaches Advertising

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Trend Micro.

IoT

IoT Advertising DDOS Authentication

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Below the recommendations provided by ESET on how to configure remote access correctly: Disable internet-facing RDP. Pierluigi Paganini.

Passwords

Passwords Internet Internet Advertising

Most of Linux distros affected by a critical RCE in PPP Daemon flaw

Security Affairs

MARCH 6, 2020

The pppd software is an implementation of Point-to-Point Protocol (PPP) that is used to establish internet links over dial-up modems, DSL connections, and many other types of point-to-point links. This is due to the fact that an authenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.”

Advertising

Advertising Software Authentication Hacking

Personal details and SSNs of 40,000 US citizens available for sale

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Mobile Data breaches Banking

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3 There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords. A lot of water has flowed under the bridge since then.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

APRIL 16, 2020

economy Manipulating identities Threat actors seek out AD for the same reason corporations rely on it: AD is the hub of authentication, supplying Single Sign-On (SSO) access across the entire company network. Attack exposure Semperis actually launched in 2014 to provide disaster recovery services specifically for AD systems.

Ransomware

Ransomware Hacking Authentication Manufacturing

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. Experts note that the exploit is only effective for authenticated sessions and the affected devices are End of Life (EOL) from 2012.

IoT

IoT DDOS Authentication Advertising

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

JULY 10, 2020

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising CISO Technology Authentication

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

SEPTEMBER 29, 2018

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities. The FBI Internet Crime Complaint Center (IC3) and the DHS issued a joint alert to highlight the rise of RDP as an attack vector. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Advertising Internet Internet

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

The database required no authentication. In addition, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files. In September 2014, U.S. Attorney Dana Boente said in a press release tied to Akbar’s indictment.

Spyware

Spyware Mobile Advertising Software

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet. Pierluigi Paganini.

Data breaches

Data breaches Phishing Passwords Advertising

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them. .

IoT

IoT DDOS InfoSec Internet

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS IoT Internet Internet

Security breach impacted Cisco VIRL-PE infrastructure

Security Affairs

MAY 28, 2020

These issues affect the following Cisco products running a vulnerable software release: Cisco Modeling Labs Corporate Edition (CML) Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE). The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Advertising

Advertising Software Authentication Internet

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the report.

VPN

VPN Government Authentication Advertising

Google Tsunami vulnerability scanner is now open-source

Security Affairs

JULY 9, 2020

If these systems are exposed to the internet without authentication, attackers can leverage the functionality of the application to execute malicious commands. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Engineering

Engineering Advertising Passwords Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers are scanning the Internet for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions vulnerable to a remote code execution (RCE) vulnerability addressed by the vendor 3 years ago. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Advertising Malware Internet

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

“This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. 83n SonicOS 6.5.1.12-1n 2 and onwards.

VPN

VPN Firewall Advertising Internet

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

Mr. Mirza declined to respond to questions, but the exposed database information was removed from the Internet almost immediately after KrebsOnSecurity shared the offending links. org back in 2014. “If you are the victim of a crime online report it to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

Marketing

Marketing Advertising Scams Telecommunications

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

” “Passwords associated with external authentication systems such as AD or LDAP are unaffected. Sophos pointed out that passwords associated with external authentication systems such as AD or LDAP are unaffected. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firewall

Firewall Passwords Accountability Advertising

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Security Affairs

NOVEMBER 3, 2020

” In late 2018, the UNC1945 group was spotted compromising a Solaris server that had the SSH service exposed to the Internet to install a backdoor dubbed SLAPSTICK and steal credentials to use in later attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Telecommunications Internet

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

platform, offered data were authentic according to the feds. was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the Internet. Social Security Numbers, dates of birth, and victim addresses.

Cybercrime

Cybercrime Advertising Hacking Accountability

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control. .

Advertising

Advertising Authentication Internet Internet

Microsoft addresses three Windows issues actively exploited

Security Affairs

APRIL 14, 2020

The flaws addressed by Microsoft this month impact Windows, Edge, Internet Explorer, Office, Windows Defender, Dynamics, Apps for Android and Mac, and other products. “To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.” ” read the advisory published by Microsoft.

Internet

Internet Internet Advertising Engineering

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

The Agency confirmed that an authenticated attacker with access to the solution via a general license could exploit the flaws to trigger a DoS condition or to achieve arbitrary information disclosure and data manipulation. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Authentication VPN Firewall

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Trending Sources

TroyStealer – A new info stealer targeting Portuguese Internet users

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

NY Charges First American Financial for Massive Data Leak

Internet scans found nearly one million systems vulnerable to BlueKeep

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Experian, You Have Some Explaining to Do

New Ransom Payment Schemes Target Executives, Telemedicine

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

UberEats data leaked on the dark web

Ask Fitis, the Bear: Real Crooks Sign Their Malware

A daily average of 80,000 printers exposed online via IPP

Expert found multiple critical issues in MoFi routers

The bleak picture of two-factor authentication adoption in the wild

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

New Mirai variant includes exploit for a flaw in Comtrend Routers

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Most of Linux distros affected by a critical RCE in PPP Daemon flaw

Personal details and SSNs of 40,000 US citizens available for sale

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Hackers are scanning the web for vulnerable Citrix systems

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security breach impacted Cisco VIRL-PE infrastructure

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Google Tsunami vulnerability scanner is now open-source

USBAnywhere BMC flaws expose Supermicro servers to hack

Researchers warn of QNAP NAS attacks in the wild

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Hackers exploit SQL injection zero-day issue in Sophos firewall

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

FBI shuts down the Russian-based hacker platform DEER.IO

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Microsoft addresses three Windows issues actively exploited

Flaws in leading industrial remote access systems allow disruption of operations

Maze ransomware operators claim to have breached LG Electronics

Stay Connected