Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking 144

Hacking Engineering Data breaches Advertising 144

Security Affairs

FEBRUARY 7, 2021

billion login credentials, has been leaked on a popular hacking forum. billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking forum, the collection aggregates data from past leaks, such as Netflix, LinkedIn , Exploit.in , Bitcoin, and more. SecurityAffairs – hacking, COMB). More than 3.2

Passwords 145

Passwords Hacking Accountability Banking 145

Security Affairs

APRIL 19, 2021

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, smart meters).

Hacking 136

Hacking Accountability Phishing Internet 136

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising 308

Advertising Cybercrime System Administration Hacking 308

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics 136

Computers and Electronics Engineering Hacking Data breaches 136

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.” Pierluigi Paganini.

Ransomware 145

Ransomware Authentication Malware Hacking 145

Security Affairs

FEBRUARY 11, 2022

SecurityAffairs – hacking, CISA). The post CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs. With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368. Pierluigi Paganini.

IoT 143

IoT Accountability Authentication Hacking 143

Security Affairs

JUNE 26, 2020

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. SecurityAffairs – hacking, 5G). The post New Lucifer DDoS botnet targets Windows systems with multiple exploits appeared first on Security Affairs. Pierluigi Paganini.

DDOS 142

DDOS Malware Advertising Passwords 142

Security Affairs

JULY 22, 2020

The US State Department and Secret Service offered $2 million in reward money for help capturing two Ukrainian hackers that have been charged with hacking and selling insider corporate data stolen from the Securities and Exchange Commission. At the time, hackers were focused on non-public information stored in its EDGAR filing system.

Advertising 142

Advertising Hacking Government Cyber Attacks 142

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems.

VPN 141

VPN Hacking Engineering Information Security 141

Security Affairs

JUNE 9, 2023

Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox ) The post Russians charged with hacking Mt. Gox in 2011 and money laundering.

Hacking 98

Hacking Cryptocurrency Advertising Banking 98

Security Affairs

FEBRUARY 15, 2024

The office said it has been monitoring and defending against “constant” hacking attempts presumed to be related to North Korea but “it’s not that the presidential office’s security system got hacked.” South Korea is a privileged target of cyber espionage operations carried out by North Korea-linked APT groups. Recently, a U.N.

Hacking 138

Hacking Government Accountability Information Security 138

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, commercial spyware )

Cryptocurrency 136

Cryptocurrency Spyware Cybercrime Hacking 136

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. ” It’s a similar attitude to corporate executives who believe that they can’t be hacked — and equally naive.

Software 363

Software Cybersecurity Backups Manufacturing 363

Security Affairs

JUNE 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection. The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Hacking 140

Hacking Risk Cybersecurity Information Security 140

Security Affairs

AUGUST 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The KONNI malware also employed in at least two campaigns in 2017. SecurityAffairs – hacking, KONNI RAT). Pierluigi Paganini.

Phishing 142

Phishing Malware Advertising Architecture 142

Security Affairs

MAY 6, 2024

Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. In July 2017 law enforcement shut down the virtual currency exchange.

Cryptocurrency 138

Cryptocurrency Computers and Electronics Identity Theft Hacking 138

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency.

Advertising 140

Advertising Hacking Cybercrime Cryptocurrency 140

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. SecurityAffairs – hacking, industrial enterprises). ” concludes the report.

Encryption 133

Encryption Antivirus Malware Hacking 133

Security Affairs

JUNE 19, 2020

to target at least two different Russian organizations in 2017, which we are revealing for the first time.” wasn’t known to be vulnerable and thus most likely is not on the radar of security companies being exploited.” SecurityAffairs – hacking, Turla). but also all other versions up to v3.0.0. of the driver. .

Malware 144

Malware InfoSec Advertising Hacking 144

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. SecurityAffairs – hacking, BSI).

Antivirus 123

Antivirus Software Manufacturing Information Security 123

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020. Pierluigi Paganini.

VPN 140

VPN Software Internet Internet 140

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware 142

Malware Cryptocurrency Ransomware Hacking 142

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. Pierluigi Paganini.

DDOS 145

DDOS IoT Advertising Internet 145

Security Affairs

MARCH 30, 2021

In January 2018, White hackers from Google Project Zero disclosed vulnerabilities , affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Technology 145

Technology Malware Hacking Information Security 145

Security Affairs

SEPTEMBER 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, CISA )

Hacking 133

Hacking Cybersecurity Software Risk 133

Security Affairs

JUNE 11, 2021

“Al Jazeera Media Network was subjected to a series of cyber hacking attempts to penetrate some of its platforms and websites this week.” Al-Jazeera added that its service provider was able to detect the attacks and stop the hacking attempts. SecurityAffairs – hacking). ” concludes the press release.

Cyber Attacks 142

Cyber Attacks Media Hacking Spyware 142

Security Affairs

JULY 14, 2020

million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. The hacker claims to have obtained the database from the hack of the DataViper monitoring service operated by the security firm Night Lion Security. SecurityAffairs – hacking, data breach). ” reported ZDNet.

Data breaches 145

Data breaches Advertising Hacking Cybercrime 145

Security Affairs

FEBRUARY 24, 2022

CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) in attacks aimed at critical infrastructure worldwide.

Telecommunications 145

Telecommunications Malware Government Hacking 145

Security Affairs

JANUARY 2, 2022

Year Total Money Lost ($) Year Increase In Money Lost (%) 2021 4,250,000,000 2020 – 2021 185% 2020 1,490,000,000 2019 – 2020 -57% 2019 3,500,156,000 2018 – 2019 259% 2018 974,000,000 2017 – 2018 51% 2017 645,901,000 2016 – 2017 341% 2016 146,509,000 2015 – 2016 -64%. SecurityAffairs – hacking, crypto security breaches).

Cryptocurrency 126

Cryptocurrency Scams Marketing Hacking 126

Security Affairs

MARCH 25, 2024

The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in the Middle East. In January 2022, US Cyber Command (USCYBERCOM) officially linked the MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS).

Phishing 142

Phishing Social Engineering Telecommunications Accountability 142

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017. Pierluigi Paganini.

Data breaches 145

Data breaches Internet Internet Engineering 145

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. SecurityAffairs – hacking, SynAck). Pierluigi Paganini.

Ransomware 125

Ransomware Encryption Authentication Internet 125

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media 143

Media Accountability Telecommunications Government 143

Security Affairs

AUGUST 25, 2024

. ” Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer.” ” reads the advisory. CISA orders federal agencies to fix this vulnerability by September 13, 2024.

Firewall 134

Firewall Authentication Hacking Cybersecurity 134

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware 145

Firmware Spyware Surveillance Hacking 145

Security Affairs

OCTOBER 13, 2020

The news is not surprising for people working in the cyber security sector, the British military claims to have had an offensive cyber capability for a decade. Intelligence experts pointed out that the British government already conducted offensive hacking operations, including the one that targeted the ISIS in 2017.

Government 145

Government Advertising Hacking Cyber Attacks 145