2016, Information Security and Internet

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising

Advertising Cybercrime System Administration Hacking

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. For a quick visual breakdown of each update released today and its severity level, check out the this Patch Tuesday post from the SANS Internet Storm Center.

Backups

Backups Ransomware Cyber threats Phishing

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015.

Internet

Internet Internet Encryption Government

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Many of the infected systems were Internet of Things (IoT) devices , including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. “Thanks to you, we are now developing in the field of information security and anonymity!,” RSOCKS, circa 2016.

Cybercrime

Cybercrime Advertising IoT Malware

Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex

Security Affairs

JANUARY 9, 2025

The Ukrainian Cyber Alliance has been active since 2016, the Pro-Ukraine group has targeted Russian entities since the invasion of Ukraine. The group published a series of screenshots as proof of the security breach. Internet should work for many. First, we will raise the telephony and call center.”

Backups

Backups Internet Internet Hacking

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. In December 2016 , the Turkish blocked social media in the country to prevent the sharing of a video of the executions of Turkish soldiers by the IS group. ”added Netblocks. .

Media

Media Data collection Internet Internet

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Security Affairs

SEPTEMBER 21, 2019

The bad side of all of these adventure is, now I have my research materials scattering around all over the internet during these past three years (smile). The post MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) appeared first on Security Affairs. The background.

Malware

Malware Advertising Security Awareness Media

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

"id":null, "title":"partner", "description":null, "location":null, "position_type":"Past", "company_name":"report uri", "company_url":"linkedin.com/company/report-uri", "start_date_year":2017, "end_date_year":null, "start_date_month":11, "end_date_month":null, "company_website":null, "company_size":"1-10", "company_industry":"internet" }, {. "id":null,

Data breaches

Data breaches Technology Software Accountability

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Security Affairs

JULY 10, 2019

Worse, the Internet, the rise of smartphones, and the culture of social media allow us to access these things from anywhere. Fortunately, there are options available to parents when it comes to controlling YouTube and Internet access. Over 90,000 revealing photos were leaked on the Internet, many of which contained underage nudity.

Internet

Internet Internet Media Accountability

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. “Around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the Internet without restrictions. ” reads the alert published by the BSI.

Information Security

Information Security Internet Internet Healthcare

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

The Last Watchdog

MAY 15, 2023

Funso Richard , Information Security Officer at Ensemble , highlighted the gravity of these threats. Notably, in 2016, Nissan suspended a remote telematics system in its all-electric hatchback, the Leaf, due to a vulnerability in the NissanConnect app’s server. Acohido Pulitzer Prize-winning business journalist Byron V.

Malware

Malware Manufacturing IoT Software

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this. This was in 2016, when Poitras built a secure room in New York to house the documents. I visited him once in Moscow, in 2016.

Surveillance

Surveillance Computers and Electronics Government Encryption

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The infamous Locky ransomware was first spotted in the wild in February 2016. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.

IoT

IoT Advertising DDOS Authentication

Former CIA analyst pleaded guilty to leaking top-secret documents

Security Affairs

JANUARY 21, 2025

A former CIA analyst, Asif William Rahman, pleaded guilty to leaking top-secret National Defense Information on social media in 2024. Asif William Rahman, a former CIA analyst with Top-Secret clearance since 2016, pleaded guilty to leaking classified information on social media in October 2024. “After Oct.

Media

Media Mobile Internet Internet

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). “Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. ” reported Trend Micro. ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

Analysis of the RECON/Attack Surface Management Space

Daniel Miessler

DECEMBER 9, 2020

This is partially because I founded a company, called HELIOS, back in 2016, which I separated from at the end of 2018. I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory / Attack Surface Management spaces. And although I am no longer actively involved in the space I still follow it from a distance. The players.

Marketing

Marketing Internet Internet Information Security

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis. In November 2016, the master decryption keys for Crysis were released online, victims of CrySis versions 2 and 3 were able to recover their files. The source is offered for a price as low as $2,000, as reported by ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Malware

Malware Phishing Surveillance Internet

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

SC Magazine

APRIL 12, 2021

Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. Three of them are right next to each other and those 24 run 70 percent of the Internet.”. Photo by Sean Gallup/Getty Images). The plan was ‘not credible’.

Internet

Internet Internet Backups Media

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. “How many of these are vulnerable?

Advertising

Advertising Authentication Internet Internet

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The data stolen by Nikulin were available on the cybercrime underground between 2015 and 2016, they were offered for sale by multiple traders. Source: US Defense Watch.com. ” reads the post published ZDNet.

Hacking

Hacking Cybercrime Advertising Data breaches

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. The vulnerability impacts Hikvision cameras and NVRs, a list of affected products was published in the security advisory published by the vendor. It will not be detectable by any logging on the camera itself.”.

Hacking

Hacking Firmware IoT Internet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.” ” reads the alert. Microsoft has taken down 120 of the 128 servers that were composing the Trickbot infrastructure.

Healthcare

Healthcare Ransomware Cybercrime Advertising

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

Onapsis set up honeypots to study the attacks against SAP installs and determined that the following vulnerabilities are being actively scanned for and exploited: • CVE-2010-5326 • CVE-2018-2380 • CVE-2016-3976 • CVE-2016-9563 • CVE-2020-6287 • CVE-2020-6207. ” concludes the report. ” concludes the report.

Risk

Risk Architecture Accountability Cybersecurity

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” banking Trojan and was used to spread Zeus-like banking trojan (i.e.

Banking

Banking Malware Telecommunications Antivirus

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The group was involved also in the string of attacks that targeted 2016 Presidential election. The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. ” continues the report. ” concludes the report.

Phishing

Phishing Accountability Advertising DNS

Yomi Hunter Catches the CurveBall

Security Affairs

JANUARY 21, 2020

Many system administrators and companies were rushing to update internet exposed machines, like web servers or gateways, worried about possible remote code execution, reviving the EternalBlue /WannaCry crisis in their mind. . There was a little misunderstanding during the first hours after the disclosure of the CVE-2020-0601 vulnerability.

Malware

Malware Advertising System Administration Risk

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019. ” reads the report published by Crowdstrike.

Telecommunications

Telecommunications Mobile Hacking Architecture

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. The company states that the attacker can exploit the flaw only if he has access to the device network or the device has direct interface with the Internet.

Firmware

Firmware DDOS Malware IoT

DDoS-for-Hire Services operator sentenced to 13 months in prison

Security Affairs

NOVEMBER 15, 2019

According to the authorities, Betabooter was used by one of the subscribers to the service in November 2016 to hit the school district in the Pittsburgh, Pennsylvania area, with a series of DDoS attacks. The man was sentenced on one count of conspiracy to cause damage to internet-connected computers for launching millions of DDoS attacks.

DDOS

DDOS Computers and Electronics Advertising Internet

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, the Sony Pictures hack , the FASTCash ATM attacks against banks, and attacks on multiple cryptocurrency exchanges. To differentiate methods from other North Korean malicious cyber activity, the U.S.

Banking

Banking Malware Advertising Hacking

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. Before we dive into the specific cybersecurity concerns, let us remind you about the attack that took place in October 2016. Malware, phishing, and web. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. ” reads the analysis published by Microsoft.

IoT

IoT DDOS Malware Firmware

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. In May, Internet scans found nearly one million systems vu lnerable to the BlueKeep flaw. ” reads a blog post published by Intezer.

Cryptocurrency

Cryptocurrency Internet Internet Malware

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. Disable the iptables firewall so that the malware will have full access to the internet.

Malware

Malware Cryptocurrency Firewall Cybercrime

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

Security Affairs

JULY 24, 2020

Researchers from Rapid7 scanned the Internet for ASA/FTD devices, it reported the presence of 85,000 units, 398 of which are spread across 17% of the Fortune 500.

Firewall

Firewall Advertising Software Hacking

A total of six hackers already become millionaires on HackerOne

Security Affairs

AUGUST 29, 2019

“I hope our achievements will encourage other hackers, young and old, to test their skills, become part of our supportive community, rake in some extra $$$’s along the way and make the internet a much safer place for people.”. joined the $1M hacker ranks by hacking for improved internet security.

Internet

Internet Internet Advertising Hacking

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

Kaspersky first documented the operations of the group in 2016. The threat actors used the implant against a South Korean online newspaper, the APT group also relied on an Internet Explorer exploit and used another backdoor named BLUELIGHT (previously reported by security firms Volexity and Kaspersky ).

Accountability

Accountability Malware Cyber Attacks Media

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. The vulnerability impacts Hikvision cameras and NVRs, a list of affected products was published in the security advisory published by the vendor. It will not be detectable by any logging on the camera itself.”.

Hacking

Hacking Firmware Internet Internet

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

Fbot is one of the Mirai’s variants, and Mirai is the Linux malware that originally has been detected in August 2016 by the same team who wrote the last analysis mentioned above. And will discuss the mysteries that can be seen after Fbot has been detected. The background before Fbot Mirai variant.

DDOS

DDOS IoT Malware Advertising

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

MAY 20, 2023

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. CVE-2016-6415 – Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability.

Internet

Internet Internet Mobile Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Microsoft Patches Six Zero-Day Security Holes

Trending Sources

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Data Enrichment, People Data Labs and Another 622M Email Addresses

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

German BSI warns of 17,000 unpatched Microsoft Exchange servers

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

Snowden Ten Years Later

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

New Mirai variant includes exploit for a flaw in Comtrend Routers

Former CIA analyst pleaded guilty to leaking top-secret documents

Russia-linked APT28 and crooks are still using the Moobot botnet

Analysis of the RECON/Attack Surface Management Space

Source code of Dharma ransomware now surfacing on public hacking forums

APT28 targets key networks in Europe with HeadLace malware

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Hikvision cameras could be remotely hacked due to critical flaw

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

SAP systems are targeted within 72 hours after updates are released

BotenaGo botnet targets millions of IoT devices using 33 exploits

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Yomi Hunter Catches the CurveBall

China-linked LightBasin group accessed calling records from telcos worldwide

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

DDoS-for-Hire Services operator sentenced to 13 months in prison

North Korea-linked APT group BeagleBoyz targets banks

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

A new Zerobot variant spreads by exploiting Apache flaws

New variant of Linux Botnet WatchBog adds BlueKeep scanner

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

A total of six hackers already become millionaires on HackerOne

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Over 80,000 Hikvision cameras can be easily hacked

The Mystery of Fbot

US CISA warns of a Samsung vulnerability under active exploitation

Stay Connected