Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Healthcare 98

Healthcare Ransomware Backups Hacking 98

Security Affairs

AUGUST 4, 2023

A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. Law enforcement also seized over $3.6

Cryptocurrency 98

Cryptocurrency Hacking Accountability Banking 98

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware 143

Ransomware Hacking Advertising Malware 143

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking 144

Hacking Engineering Data breaches Advertising 144

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. According to DoJ, from at least in or about 2016 through or about April 2021, Nasab and other co-conspirators carried out a coordinated multi-year campaign to breach computers worldwide. ” concludes DoJ.

Hacking 139

Hacking Identity Theft Social Engineering Accountability 139

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 111

Government Hacking Cyber Attacks Information Security 111

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. SecurityAffairs – hacking, ransomware). The post Cuba ransomware gang hacked 49 US critical infrastructure organizations appeared first on Security Affairs. The alert includes indicators of compromise and mitigations.

Ransomware 145

Ransomware Hacking Malware Encryption 145

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported.

Malware 98

Malware Antivirus Manufacturing Healthcare 98

Security Affairs

MAY 25, 2020

Some of the databases are dated as 2016, but data starts from March 28, 2020. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., The hacked stores were running Shopware, JTL-Shop, PrestaShop, OpenCart, Magento v1 and v2 e-commerce CMSs.

Hacking 135

Hacking Advertising Passwords Authentication 135

Security Affairs

NOVEMBER 15, 2024

Bitfinex hacker, Ilya Lichtenstein , who stole 1 billion worth of Bitcoins from Bitfinex in 2016, has been sentenced to five years in prison. Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. billion in cryptocurrency (roughly 95,000 of the stolen crypto assets) linked to that hack.

Cryptocurrency 107

Cryptocurrency Hacking Government Accountability 107

Security Affairs

SEPTEMBER 22, 2021

. “ “This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.” Pierluigi Paganini.

Hacking 133

Hacking Firmware IoT Internet 133

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8

Hacking 126

Hacking Cyber Attacks Passwords Software 126

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, SecurityAffairs – hacking, CVE-2020-1147). The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Hacking 137

Hacking Advertising Software Information Security 137

Security Affairs

MAY 25, 2022

Some of the flaws added to the catalog in this turn are dated back to 2016, such as the issues affecting Apple ( CVE-2016-4655 , CVE-2016-4656 , CVE-2016-4657 ), Microsoft ( CVE-2016-0162 , CVE-2016-3351 , CVE-2016-3298 ) and Cisco Devices ( CVE-2016-6366 , CVE-2016-6367 ).

Software 145

Software Hacking Cybersecurity Risk 145

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. SecurityAffairs – Mitsubishi Electric, hacking).

Antivirus 145

Antivirus Hacking Advertising Media 145

Security Affairs

AUGUST 16, 2024

The app has been present since August 2016 [ 1 , 2 ], but there is no evidence that this vulnerability has been exploited in the wild. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Android)

Hacking 144

Hacking Firmware Mobile Penetration Testing 144

Joseph Steinberg

OCTOBER 6, 2022

A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. Serving as a Chief Information Security Officer is a daunting task. 0001% get through.

CISO 258

CISO Artificial Intelligence Data breaches Cybersecurity 258

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking 126

Hacking Firmware Internet Internet 126

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Security Affairs

JUNE 30, 2024

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. The popular Ars Technica reporter Dan Goodin reported that an alert issued by security firm NCC Group reports a “significant compromise of the TeamViewer remote access and support platform by an APT group.”

Accountability 142

Accountability Hacking Architecture Malware 142

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. According to current findings from the BSI , around twelve percent of them are so outdated that security updates are no longer offered for them.

Information Security 140

Information Security Internet Internet Healthcare 140

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. SecurityAffairs – hacking, Operation Cyclone). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Authentication 139

Authentication Hacking Information Security 139

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” Please see this KB for more information. ” continues Microsoft.

Authentication 145

Authentication Malware Advertising Hacking 145

Security Affairs

JULY 22, 2020

The US State Department and Secret Service offered $2 million in reward money for help capturing two Ukrainian hackers that have been charged with hacking and selling insider corporate data stolen from the Securities and Exchange Commission. At the time, hackers were focused on non-public information stored in its EDGAR filing system.

Advertising 142

Advertising Hacking Government Cyber Attacks 142

Security Affairs

FEBRUARY 23, 2022

In 2016 and 2017, the hacking group The Shadow Brokers l eaked a bunch of data allegedly stolen from the Equation Group, including many hacking tools and exploits. At the end of October 2016, the hackers leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

Encryption 130

Encryption Hacking Government Engineering 130

Security Affairs

FEBRUARY 8, 2021

Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. SecurityAffairs – hacking, nation-state hacking).

System Administration 142

System Administration Hacking Cyber threats Accountability 142

Security Affairs

JUNE 20, 2022

The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022.” Its fix was just regressed in 2016 during refactoring.

Hacking 145

Hacking Software Cybersecurity Data breaches 145

Security Affairs

JUNE 21, 2023

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Hacking 98

Hacking Government Phishing Malware 98

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk 140

Risk Spyware Hacking Accountability 140

Security Affairs

MARCH 22, 2021

Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions?2021, 2021, 2016, and?2018) Adobe has released security patches to address a critical vulnerability in Adobe ColdFusion that could be exploited by attackers to execute arbitrary code on vulnerable systems. 2021, 2016 and?2018.?These

Software 120

Software Hacking Information Security Malware 120

Security Affairs

FEBRUARY 28, 2020

This isn’t the first time that the government adopted similar restrictions, when the Operation Euphrates Shield begun on Thursday, 25 August 2016, the government blocked major social media platforms, including Facebook, Twitter, YouTube, Vimeo, and Instagram. SecurityAffairs – hacking, Turkey). ”added Netblocks.

Media 138

Media Data collection Internet Internet 138

Security Affairs

NOVEMBER 24, 2024

PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016. Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions.

Cybercrime 132

Cybercrime Cryptocurrency Banking Accountability 132

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Telecommunications 138

Telecommunications Mobile Hacking Architecture 138

Security Affairs

APRIL 18, 2020

The news was reported by ZDNet, the stolen data were published on a well-known hacking forum. “The leaked information, which ZDNet obtained a copy with the help of data breach monitoring service Under the Breach, contains information on users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018.”

Data breaches 143

Data breaches Advertising Mobile Hacking 143

Schneier on Security

JUNE 6, 2023

I started doubting my own security procedures. Reading about the NSA’s hacking abilities will do that to you. Those of us in the information security community had long assumed that the NSA was doing things like this. Still, I was happy with the one story I was part of: how the NSA hacks Tor. Probably not.

Surveillance 344

Surveillance Computers and Electronics Government Encryption 344

Krebs on Security

SEPTEMBER 24, 2022

Denis Emelyantsev , as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. “Thanks to you, we are now developing in the field of information security and anonymity!

Cybercrime 228

Cybercrime Data breaches Malware Ransomware 228

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics 131

Computers and Electronics Engineering Hacking Data breaches 131