The Hacker News

MARCH 18, 2025

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.

125

125

Schneier on Security

SEPTEMBER 23, 2020

UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack , but there were no documented fatalities from that event. A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. The police are treating this as a homicide.

Ransomware 363

Ransomware Hacking 363

Adam Shostack

JANUARY 2, 2025

I'm always looking for interesting books to read. These are the books that I enjoyed enough to recommend in Q2. I'm always looking for interesting books to read. These are the books that I enjoyed enough to recommend in Q2. Cyber Zero Days, Thousands of Nights , by Lillian Ablion and Andy Bogart.

Manufacturing 130

Manufacturing Engineering 130

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro's VDI unit, Microsoft has no plans to patch the vulnerability.

Government 100

Government Social Engineering Engineering Malware 100

Krebs on Security

JANUARY 22, 2025

This is interesting given a comment on Caturegli’s LinkedIn post from an ex-Cloudflare employee who linked to a report he co-authored on a similar typo domain apparently registered in 2017 for organizations that may have mistyped their AWS DNS server as “ awsdns-06.ne ne ” instead of “ awsdns-06.net.”

DNS 362

DNS Internet Internet Risk 362

Schneier on Security

MARCH 9, 2021

WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.

Technology 363

Technology Software Malware 363

Krebs on Security

JULY 1, 2021

Equifax’s 2017 megabreach that exposed the personal and financial details of 145.5 million Americans may have shocked the public, but it did little to stop more than a million employers from continuing to sell Equifax their employee payroll data, Bloomberg found in late 2017. Intuit’s FAQ on the changes is here.

Small Business 360

Small Business Financial Services Government Media 360

Schneier on Security

MARCH 4, 2021

Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers. Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe (CVE-2017-0005), and fixed it in a bumper March update. Lots of news articles about this.

System Administration 253

System Administration Government Hacking 253

Security Affairs

FEBRUARY 25, 2025

The two vulnerabilities are: CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability CVE-2017-3066 (CVSS score of 9.8)

Hacking 98

Hacking Cybersecurity Risk Cybercrime 98

Krebs on Security

NOVEMBER 5, 2024

However, in a 2020 lawsuit he filed against the CIA, Binns himself acknowledged having visited a previously ISIS-controlled area of Syria prior to moving to Turkey in 2017. put him on a terror watch list after he traveled to Syria in 2017. since 2017.

Cybercrime 282

Cybercrime Mobile Media Hacking 282

Schneier on Security

FEBRUARY 16, 2021

It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner.

Advertising 316

Advertising Malware 316

Schneier on Security

DECEMBER 7, 2021

Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds (..)

362

362

Schneier on Security

JUNE 18, 2020

The Washington Post is reporting on an internal CIA report about its "Vault 7" security breach: The breach -- allegedly committed by a CIA employee -- was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release " Vault 7 ," and U.S.

Hacking 247

Hacking Cybersecurity 247

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

Adware 143

Adware Spyware Mobile Technology 143

Security Boulevard

FEBRUARY 4, 2025

Founded in 2017 and headquartered in Portland, Oregon, DeepSurface’s RiskAnalyzer platform contextualizes, using roughly 50. This week, AttackIQ acquired DeepSurface to broaden its vulnerability and attack path management capabilities to help enterprises identify and mitigate the most pressing vulnerabilities in their environments.

Risk 102

Risk Cybersecurity 102

Security Affairs

DECEMBER 9, 2024

In September 2017, theaccountancy firm giant revealed thatwas targeted by a sophisticated attack that compromised the confidential emails and plans of some of its blue-chip clients. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking 122

Hacking Ransomware Accountability Architecture 122

Schneier on Security

FEBRUARY 10, 2023

A recent example comes from the 2017 Tax Cuts and Jobs Act. companies avoided paying nearly US$200 billion in taxes in 2017 alone. That same 2017 U.S. That 2017 earned income tax bug for military families hasn’t yet been fixed. The 2017 tax law capped income tax deductions for property taxes.

Hacking 255

Hacking Artificial Intelligence Government Software 255

Schneier on Security

JANUARY 25, 2022

billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software. Merck suffered US$1.4

Insurance 220

Insurance Cyber Attacks Government Malware 220

Security Affairs

MARCH 20, 2025

The third issue added to the KeV catalog is a directory traversal vulnerability, tracked as CVE-2017-12637 , in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5. dot dot) in the query string, as exploited in the wild in August 2017.

Backups 70

Backups Hacking Cybersecurity Malware 70

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack.

Identity Theft 288

Identity Theft Data breaches Data collection Hacking 288

Krebs on Security

MAY 7, 2021

The company’s website says Hempton has been around since 2017, but the domain name was only registered in late November 2020. This 2017 story from New Zealand financial news site interest.co.nz Kulikova deleted Bernard’s former companies from her LinkedIn profile shortly after last year’s series). Hemptonllp[.]com

Scams 330

Scams Cryptocurrency Advertising Marketing 330

Schneier on Security

FEBRUARY 3, 2022

. “Everyone thinks their data is the messiest in the world, and mine maybe is because it’s taken from people who don’t want us to have it, frankly,” said Herrera’s immediate predecessor at the NSA, the computer scientist Deborah Frincke, during a 2017 talk at Stanford.

Big data 313

Big data Surveillance Technology Data collection 313

Daniel Miessler

MARCH 24, 2021

Related posts: My RSA 2017 Recap. Try not to skip steps, i.e., it’s best to make the move to unique, quality passwords stored in a manager before you add 2FA. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this. The Real Internet of Things: Details and Examples.

Authentication 363

Authentication Passwords Internet Internet 363

Security Affairs

JANUARY 15, 2025

ZDI researchers pointed out that this is the largest number of vulnerabilities addressed in by Microsoft montly security updates since 2017. 11 of these vulnerabilities are rated Critical, and the other are rated Important in severity. are actively exploited in the wild.

Authentication 112

Authentication Hacking Information Security 112

Krebs on Security

FEBRUARY 4, 2020

That’s interesting because the article in question was actually a 2017 KrebsOnSecurity story about a mobile app tied to a competing booter service that happened to share some of the same content as Quantum Stresser. Attorney Adam Alexander.

Internet 330

Internet Internet Government Accountability 330

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Cryptocurrency 363

Cryptocurrency Phishing Accountability Cybercrime 363

Security Affairs

APRIL 2, 2025

In July 2017, Dr.Web researchers discovered many smartphonemodels were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices of several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.

Malware 116

Malware Cryptocurrency Mobile Firmware 116

Zero Day

JANUARY 9, 2025

If you have an older MacOS device lying around, why not install Linux to give it a new life?

122

122

Krebs on Security

JUNE 7, 2022

But these dangerous hoaxes can quickly turn deadly: In March 2019, 26-year-old serial swatter Tyler Barriss was sentenced to 20 years in prison for making a phony emergency call to police in late 2017 that resulted in the shooting death of an innocent Kansas resident.

Cybercrime 343

Cybercrime Internet Internet Web Fraud 343

Krebs on Security

AUGUST 14, 2020

Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space. R1 RCM declined to discuss the strain of ransomware it is battling or how it was compromised. Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Schneier on Security

DECEMBER 18, 2020

This SAML forgery technique has been known and used by cyber actors since at least 2017.

Authentication 363

Authentication Hacking Accountability Cybersecurity 363

The Hacker News

MAY 7, 2024

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022.

Cryptocurrency 128

Cryptocurrency 128

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime 283

Cybercrime DDOS Advertising Hacking 283

Schneier on Security

JUNE 25, 2020

Back in 2017, I catalogued nineteen security and privacy guideline documents for the Internet of Things. We hope that our work provides a basis for the community to build on in order to better understand best practices, identify and reach consensus on specific practices, and then find ways to motivate relevant stakeholders to follow them.

IoT 273

IoT Manufacturing Internet Internet 273

Schneier on Security

AUGUST 21, 2023

China has been doing this every year since 2017.) I was a big fan of DARPA’s AI capture-the-flag event in 2016 , and am happy to see that DARPA is again inciting research in this area.

Cybersecurity 234

Cybersecurity Small Business Government Software 234

Krebs on Security

JULY 20, 2021

Levashov was arrested in 2017 while in Barcelona, Spain with his family. According to a lengthy April 2017 story in Wired.com , he got caught because he violated a basic security no-no : He used the same log-in credentials to both run his criminal enterprise and log into sites like iTunes.

Antivirus 348

Antivirus Cybercrime Identity Theft Scams 348

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available).

Manufacturing 109

Manufacturing Cybercrime Passwords Authentication 109