2016, Information Security and Internet

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. “Around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the Internet without restrictions. ” reads the alert published by the BSI.

Information Security

Information Security Internet Internet Healthcare

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising

Advertising Cybercrime System Administration Hacking

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015.

Internet

Internet Internet Encryption Government

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

SC Magazine

APRIL 12, 2021

Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. Three of them are right next to each other and those 24 run 70 percent of the Internet.”. Photo by Sean Gallup/Getty Images). The plan was ‘not credible’.

Internet

Internet Internet Backups Media

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Security Affairs

SEPTEMBER 21, 2019

The bad side of all of these adventure is, now I have my research materials scattering around all over the internet during these past three years (smile). The post MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) appeared first on Security Affairs. The background.

Malware

Malware Advertising Security Awareness Media

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). “Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. ” reported Trend Micro. ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. In December 2016 , the Turkish blocked social media in the country to prevent the sharing of a video of the executions of Turkish soldiers by the IS group. ”added Netblocks. .

Media

Media Data collection Internet Internet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Many of the infected systems were Internet of Things (IoT) devices , including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. “Thanks to you, we are now developing in the field of information security and anonymity!,” RSOCKS, circa 2016.

Cybercrime

Cybercrime Advertising IoT Malware

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Malware

Malware Phishing Surveillance Internet

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Security Affairs

JULY 10, 2019

Worse, the Internet, the rise of smartphones, and the culture of social media allow us to access these things from anywhere. Fortunately, there are options available to parents when it comes to controlling YouTube and Internet access. Over 90,000 revealing photos were leaked on the Internet, many of which contained underage nudity.

Internet

Internet Internet Media Accountability

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. Notably, in 2016, Nissan suspended a remote telematics system in its all-electric hatchback, the Leaf, due to a vulnerability in the NissanConnect app’s server. Acohido Pulitzer Prize-winning business journalist Byron V.

Malware

Malware Manufacturing IoT Software

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. For a quick visual breakdown of each update released today and its severity level, check out the this Patch Tuesday post from the SANS Internet Storm Center.

Backups

Backups Cyber threats Ransomware Phishing

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this. This was in 2016, when Poitras built a secure room in New York to house the documents. I visited him once in Moscow, in 2016.

Surveillance

Surveillance Computers and Electronics Government Encryption

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

MAY 20, 2023

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. CVE-2016-6415 – Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability.

Internet

Internet Internet Mobile Hacking

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.

IoT

IoT Advertising DDOS Authentication

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The infamous Locky ransomware was first spotted in the wild in February 2016. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

The “web” has, in the space of 30 years, transformed from a funky little corner of the Internet full of pictures and text to become the bedrock of modern commerce. This was in the heady days when prominent firms were keen to get web pages, but didn’t think that web security was anything that warranted their attention.

CSO

CSO Financial Services CISO Mobile

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. The vulnerability impacts Hikvision cameras and NVRs, a list of affected products was published in the security advisory published by the vendor. It will not be detectable by any logging on the camera itself.”.

Hacking

Hacking Firmware IoT Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. ” reads the analysis published by Microsoft.

IoT

IoT DDOS Malware Firmware

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

[link] #cve -2018-9995 #dvr pic.twitter.com/gw37PA3jo4 — Ezequiel Fernandez (@Capitan_Alfa) May 1, 2018 Fortinet also warns of a spike in exploitation attempts targeting the CVE-2016-20016 (CVSS score of 9.8) in MVPower CCTV DVR models. Previously seen to be exploited in the wild through 2017 and on-going.”

Authentication

Authentication Retail Surveillance Education

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

"id":null, "title":"partner", "description":null, "location":null, "position_type":"Past", "company_name":"report uri", "company_url":"linkedin.com/company/report-uri", "start_date_year":2017, "end_date_year":null, "start_date_month":11, "end_date_month":null, "company_website":null, "company_size":"1-10", "company_industry":"internet" }, {. "id":null,

Data breaches

Data breaches Technology Software Accountability

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” banking Trojan and was used to spread Zeus-like banking trojan (i.e.

Banking

Banking Malware Telecommunications Antivirus

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

Below is the list of zero-day flaws that were variants of previously reported bugs: Product 2022 ITW CVE Variant Windows win32k CVE-2022-21882 CVE-2021-1732 (2021 itw) iOS IOMobileFrameBuffer CVE-2022-22587 CVE-2021-30983 (2021 itw) WebKit “Zombie” CVE-2022-22620 Bug was originally fixed in 2013, patch was regressed in 2016 Firefox WebGPU IPC CVE-2022-26485 (..)

Firewall

Firewall Software Hacking Internet

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis. In November 2016, the master decryption keys for Crysis were released online, victims of CrySis versions 2 and 3 were able to recover their files. The source is offered for a price as low as $2,000, as reported by ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

Kaspersky first documented the operations of the group in 2016. The threat actors used the implant against a South Korean online newspaper, the APT group also relied on an Internet Explorer exploit and used another backdoor named BLUELIGHT (previously reported by security firms Volexity and Kaspersky ).

Accountability

Accountability Malware Cyber Attacks Media

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. The vulnerability impacts Hikvision cameras and NVRs, a list of affected products was published in the security advisory published by the vendor. It will not be detectable by any logging on the camera itself.”.

Hacking

Hacking Firmware Internet Internet

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

In 2016, the perpetrator of the shooting spree in Munich claimed to have bought the murder weapon and ammunition on the platform. The accused is suspected of operating a criminal trading platform on the Internet in accordance with Section 127 of the Criminal Code.” He is said to have administered them since November 2018.

Marketing

Marketing Cybercrime Mobile Internet

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. ” reads the report published by Crowdstrike.

Telecommunications

Telecommunications Mobile Hacking Architecture

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders. Source: US Defense Watch.com. ” reads the post published ZDNet.

Hacking

Hacking Cybercrime Data breaches Advertising

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.” ” reads the alert. Microsoft has taken down 120 of the 128 servers that were composing the Trickbot infrastructure.

Healthcare

Healthcare Ransomware Cybercrime Advertising

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Security Affairs

SEPTEMBER 11, 2023

TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. Government and U.S. companies, including hospitals.” ” reads the announcement made by the U.S. Department of the Treasury.

Cybercrime

Cybercrime Government Ransomware Banking

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

Onapsis set up honeypots to study the attacks against SAP installs and determined that the following vulnerabilities are being actively scanned for and exploited: • CVE-2010-5326 • CVE-2018-2380 • CVE-2016-3976 • CVE-2016-9563 • CVE-2020-6287 • CVE-2020-6207. ” concludes the report. ” concludes the report.

Risk

Risk Architecture Accountability Cybersecurity

Social marketplace Trustanduse exposes nearly half a million users

Security Affairs

JANUARY 12, 2023

Sensitive information exposed. The company was founded in 2016 and is based in Athens. After the discovery in June, researchers repeatedly detected the same database on different internet protocol (IP) addresses in October and December 2022. The framework promotes a built-in security approach from the beginning of development.

Media

Media Accountability Authentication Internet

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. “How many of these are vulnerable?

Advertising

Advertising Authentication Internet Internet

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. The company states that the attacker can exploit the flaw only if he has access to the device network or the device has direct interface with the Internet.

Firmware

Firmware DDOS Malware IoT

Cybersecurity Report: August 11, 2015

SiteLock

AUGUST 27, 2021

Cybersecurity Bill Could ‘Sweep Away’ Internet Users’ Privacy, Agency Warns. Last Monday, the Department of Homeland Security (DHS) claimed that the controversial new surveillance bill Cybersecurity Information Sharing Act (CISA) could sweep away important privacy protections. China to Embed Internet Police in Tech Firms.

Cybersecurity

Cybersecurity Internet Internet Banking

Analysis of the RECON/Attack Surface Management Space

Daniel Miessler

DECEMBER 9, 2020

This is partially because I founded a company, called HELIOS, back in 2016, which I separated from at the end of 2018. I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory / Attack Surface Management spaces. And although I am no longer actively involved in the space I still follow it from a distance. The players.

Marketing

Marketing Internet Internet Information Security

Data Breach Cover Up: Uber's Former CSO Faces Up to 8 Years Behind Bars

SecureWorld News

AUGUST 21, 2020

Attorney for Northern California says Sullivan then covered up that crime so the world, including the FTC, would not find out about it: Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC.

CSO

CSO Data breaches CISO Internet

Ongoing Xurum attacks target Magento 2 e-stores

Security Affairs

AUGUST 14, 2023

Akamai researchers also observed on the xurum.com server a public exploit the CVE-2016-5195 , aka Dirty COW, for Linux local privilege escalation, “The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet.

Internet

Internet Internet Hacking Software

75% of medical infusion pumps affected by known vulnerabilities

Security Affairs

MARCH 3, 2022

High) 52.11% 3 CVE-2016-9355 5.3 Medium) 50.39% 4 CVE-2016-8375 4.9 The following table reports the 10 most prevalent issues that emerged from the scan of network-connected medical devices. CVE Severity (Score) % of analyzed pumps with CVEs 1 CVE-2019-12255 9.8 Critical) 52.11% 2 CVE-2019-12264 7.1 Medium) 50.39% 5 CVE-2020-25165 7.5

Healthcare

Healthcare IoT Risk Hacking

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

Below is the list of exploit payloads added to the bot: D-Link: CVE-2015-1187 , CVE-2016-20017 , CVE-2020-25506 , and CVE-2021-45382. Fortinet observed a peak exploitation on September 6, reaching tens of thousands of exploitation attempts against affected devices.

DDOS

DDOS Wireless Architecture IoT

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. Disable the iptables firewall so that the malware will have full access to the internet.

Malware

Malware Cryptocurrency Firewall Cybercrime

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Meet the Administrators of the RSOCKS Proxy Botnet

Trending Sources

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Russia-linked APT28 and crooks are still using the Moobot botnet

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Administrator of RSOCKS Proxy Botnet Pleads Guilty

APT28 targets key networks in Europe with HeadLace malware

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

Microsoft Patches Six Zero-Day Security Holes

Snowden Ten Years Later

US CISA warns of a Samsung vulnerability under active exploitation

New Mirai variant includes exploit for a flaw in Comtrend Routers

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

Hikvision cameras could be remotely hacked due to critical flaw

A new Zerobot variant spreads by exploiting Apache flaws

Fortinet warns of a spike in attacks against TBK DVR devices

Data Enrichment, People Data Labs and Another 622M Email Addresses

Microsoft has taken legal and technical action to dismantle the Zloader botnet

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Source code of Dharma ransomware now surfacing on public hacking forums

BotenaGo botnet targets millions of IoT devices using 33 exploits

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Over 80,000 Hikvision cameras can be easily hacked

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

China-linked LightBasin group accessed calling records from telcos worldwide

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

UK and US sanctioned 11 members of the Russia-based TrickBot gang

SAP systems are targeted within 72 hours after updates are released

Social marketplace Trustanduse exposes nearly half a million users

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Cybersecurity Report: August 11, 2015

Analysis of the RECON/Attack Surface Management Space

Data Breach Cover Up: Uber's Former CSO Faces Up to 8 Years Behind Bars

Ongoing Xurum attacks target Magento 2 e-stores

75% of medical infusion pumps affected by known vulnerabilities

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Stay Connected