Security Affairs

AUGUST 4, 2023

A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. Law enforcement also seized over $3.6

Cryptocurrency 98

Cryptocurrency Hacking Accountability Banking 98

Security Affairs

FEBRUARY 5, 2025

The International Civil Aviation Organization (ICAO) , a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about the security of its systems and employees data. ” reads the statement published by the International Civil Aviation Organization.

Data breaches 99

Data breaches Information Security Hacking Marketing 99

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported.

Malware 98

Malware Antivirus Manufacturing Healthcare 98

Security Affairs

APRIL 2, 2025

In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231 The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab who considered it the most advanced mobile threat seen to the date of the discovery.

Malware 120

Malware Cryptocurrency Mobile Firmware 120

Security Affairs

NOVEMBER 12, 2024

Its name comes from the 2016 merger of two companies: Ahold (Dutch) and Delhaize Group (Belgian), which both have origins in the 1800s. Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company.

eCommerce 117

eCommerce Cyber Attacks Retail Hacking 117

Security Affairs

JANUARY 20, 2025

The Donot Team (aka APT-C-35 and Origami Elephant) has been active since 2016, it focuses ongovernment and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries.

Malware 114

Malware Cyber Attacks Mobile Phishing 114

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. .” Microsoft also patched five critical bugs — flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.

Backups 337

Backups Ransomware Cyber threats Phishing 337

Security Affairs

FEBRUARY 25, 2025

is a Java deserialization vulnerability in the Apache BlazeDS library in Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier. An attacker can exploit the vulnerability to achieve arbitrary code execution.

Hacking 99

Hacking Cybersecurity Risk Cybercrime 99

Security Affairs

MAY 25, 2022

Some of the flaws added to the catalog in this turn are dated back to 2016, such as the issues affecting Apple ( CVE-2016-4655 , CVE-2016-4656 , CVE-2016-4657 ), Microsoft ( CVE-2016-0162 , CVE-2016-3351 , CVE-2016-3298 ) and Cisco Devices ( CVE-2016-6366 , CVE-2016-6367 ).

Software 145

Software Hacking Cybersecurity Risk 145

Security Affairs

FEBRUARY 6, 2025

.” The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.

Cybercrime 79

Cybercrime Government Data breaches Information Security 79

Security Affairs

MARCH 12, 2025

but also affects Windows 10 (build 1809 and earlier) and Server 2016. 1/4 pic.twitter.com/qCOgYiltfs — ESET Research (@ESETresearch) March 11, 2025 The full list of vulnerabilities addressed by Microsoft Patch Tuesday security updates for March 2025 is available here.

DNS 108

DNS Hacking Information Security 108

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development.

Data breaches 363

Data breaches Technology Software Information Security 363

Adam Shostack

JANUARY 2, 2025

[no description provided] Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J.

Cybersecurity 130

Cybersecurity Education Encryption Information Security 130

The Last Watchdog

JUNE 21, 2020

The infamous Locky ransomware was first spotted in the wild in February 2016. CryptXXX, another major family discovered in April 2016 and later rebranded as UltraCrypter, relied on exploit kits that used software vulnerabilities to infiltrate systems. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Schneier on Security

AUGUST 8, 2022

Cryptographers hate being rushed into things, which is why NIST began a competition to create a post-quantum cryptographic standard in 2016. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force.

Encryption 359

Encryption Architecture Engineering Information Security 359

Joseph Steinberg

OCTOBER 6, 2022

A jury yesterday found former Uber security chief Joe Sullivan guilty of covering up a massive data breach; the conviction makes Sullivan likely to become the first executive to face prison time over the mishandling of a cyberattack. Serving as a Chief Information Security Officer is a daunting task. 0001% get through.

CISO 258

CISO Artificial Intelligence Data breaches Cybersecurity 258

Security Affairs

JUNE 30, 2024

The popular Ars Technica reporter Dan Goodin reported that an alert issued by security firm NCC Group reports a “significant compromise of the TeamViewer remote access and support platform by an APT group.” Der Spiegel pointed out that TeamViewer did not disclose the security breach to the public. “In wrote the company.

Accountability 140

Accountability Hacking Architecture Malware 140

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns.

Banking 87

Banking Phishing Malware Passwords 87

Krebs on Security

JANUARY 24, 2023

The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees. “Thanks to you, we are now developing in the field of information security and anonymity!,” RSOCKS, circa 2016.

Cybercrime 274

Cybercrime Advertising IoT Malware 274

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. According to current findings from the BSI , around twelve percent of them are so outdated that security updates are no longer offered for them.

Information Security 138

Information Security Internet Internet Healthcare 138

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” Please see this KB for more information. ” continues Microsoft.

Authentication 145

Authentication Malware Advertising Hacking 145

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication 137

Authentication Hacking Information Security 137

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking 144

Hacking Data breaches Information Security Engineering 144

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 251

Cybercrime Data breaches Malware Ransomware 251

Security Affairs

JANUARY 9, 2025

The Ukrainian Cyber Alliance has been active since 2016, the Pro-Ukraine group has targeted Russian entities since the invasion of Ukraine. The group published a series of screenshots as proof of the security breach. The images include the consoles of the Veeam backup and Hewlett Packard Enterprise server.

Backups 72

Backups Internet Internet Hacking 72

Security Affairs

AUGUST 19, 2020

” The Taiwanese Government accuses the Chinese government of continues cyber incursions since 2016 when President Tsai Ing-wen was elected. The government of Taipei is still investigating the campaign and assessing its impact, although the cyber official told AFP press agency that the damage done was “not small.”

Government 144

Government Hacking Accountability Advertising 144

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities 219

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks 219

Security Affairs

FEBRUARY 23, 2022

In 2016 and 2017, the hacking group The Shadow Brokers l eaked a bunch of data allegedly stolen from the Equation Group, including many hacking tools and exploits. At the end of October 2016, the hackers leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

Encryption 127

Encryption Hacking Government Engineering 127

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. Notably, in 2016, Nissan suspended a remote telematics system in its all-electric hatchback, the Leaf, due to a vulnerability in the NissanConnect app’s server.

Malware 230

Malware Manufacturing IoT Software 230

Security Affairs

JULY 22, 2020

In the second half of 2017, the United States Securities and Exchange Commission (SEC) disclosed it was the victim of a cyber-attack in 2016. At the time, hackers were focused on non-public information stored in its EDGAR filing system. ” reads an advisory published by the US State Department.

Advertising 142

Advertising Hacking Government Cyber Attacks 142

Security Affairs

JANUARY 2, 2022

Year Total Money Lost ($) Year Increase In Money Lost (%) 2021 4,250,000,000 2020 – 2021 185% 2020 1,490,000,000 2019 – 2020 -57% 2019 3,500,156,000 2018 – 2019 259% 2018 974,000,000 2017 – 2018 51% 2017 645,901,000 2016 – 2017 341% 2016 146,509,000 2015 – 2016 -64%. The top 5 breaches in history are: 1. Gox, $615M.

Cryptocurrency 117

Cryptocurrency Scams Marketing Hacking 117

Security Affairs

FEBRUARY 8, 2021

Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. .

System Administration 140

System Administration Hacking Cyber threats Accountability 140

Security Affairs

SEPTEMBER 6, 2021

TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. The man was recruited by the criminal organization in 2016. Operators continue to offer the botnet through a multi-purpose malware-as-a-service (MaaS) model. ” Mr.

Malware 144

Malware Banking Hacking Government 144

Security Affairs

MARCH 12, 2025

but also affects Windows 10 (build 1809 and earlier) and Server 2016. The exploit, linked to the PipeMagic backdoor , has targeted unsupported Windows versions like Server 2012 R2 and 8.1

Cybersecurity 67

Cybersecurity Hacking Risk Information Security 67

Security Affairs

NOVEMBER 23, 2021

Microsoft addressed the flaw with the release of Microsoft Patch Tuesday security updates for November 2021 , the vulnerability impacts on-premises Exchange Server 2016 and Exchange Server 2019. “We Our recommendation is to install these updates immediately to protect your environment.”

Authentication 138

Authentication Hacking Information Security 138

Security Affairs

SEPTEMBER 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. ” Attackers can exploit the flaw to take over websites running the widely used image-enhancing app.

Hacking 125

Hacking Cybersecurity Software Risk 125

Security Affairs

AUGUST 16, 2024

Between July 2016 and May 2021, Kavzharadze listed over 626,100 stolen login credentials on Slilpp and sold more than 297,300 of them. The Russian man was sentenced to 40 months in prison and ordered to pay $1,233,521.47 in restitution. These credentials were linked to $1.2 million in fraudulent transactions.

Banking 125

Banking Accountability Retail Mobile 125