Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available).

Manufacturing 110

Manufacturing Cybercrime Passwords Authentication 110

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom.

Architecture 107

Architecture Internet Internet Malware 107

Veracode Security

FEBRUARY 17, 2022

Injection flaws were the number one flaw category under the OWASP 2017, and, currently, injection flaws hold the number three spot in the OWASP 2021. SQL injection flaws have impacted every industry as well as enterprises that already have a mature information security program in place. It can happen, and it can be catastrophic!

Authentication 136

Authentication Information Security 136

Security Affairs

FEBRUARY 7, 2021

The database includes a script named count_total.sh, which was also included in 2017’s Breach Compilation. Much like 2017’s Breach Compilation, COMB’s data is organized by alphabetical order in a tree-like structure, and it contains the same scripts for querying emails and passwords. COMB also includes the query.sh

Passwords 145

Passwords Hacking Accountability Banking 145

Security Affairs

FEBRUARY 11, 2022

Below is the list of the vulnerabilities added to the catalog: CVE ID Description Patch Deadline CVE-2021-36934 Microsoft Windows SAM Local Privilege Escalation Vulnerability 2/24/2022 CVE-2020-0796 Microsoft SMBv3 Remote Code Execution Vulnerability 8/10/2022 CVE-2018-1000861 Jenkins Stapler Web Framework Deserialization of Untrusted Data 8/10/2022 (..)

IoT 140

IoT Accountability Authentication Hacking 140

Security Affairs

DECEMBER 12, 2024

The surveillance tool family has been active since 2017, the experts highlighted that it requires physical access to the target device to initiate operations. “EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China.”

Surveillance 64

Surveillance Mobile Spyware Malware 64

Security Affairs

OCTOBER 16, 2024

More precise information was not revealed to TecMundo so as not to completely expose the attacker’s identity.” CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017. However, the Brazilian national turned into more complex cybercriminal activities by 2022.

Data breaches 126

Data breaches Media Cybercrime Accountability 126

Schneier on Security

AUGUST 8, 2022

In 2017, NIST received eighty-two post-quantum algorithm submissions from all over the world. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Then, with input from the cryptographic community, NIST crowns a winner.

Encryption 359

Encryption Architecture Engineering Information Security 359

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Seashell Blizzard (aka Sandworm , BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRUs Main Center for Special Technologies (GTsST).

Telecommunications 106

Telecommunications DNS Passwords Hacking 106

Security Affairs

JANUARY 21, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads.” . “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. ” reads the advisory.

IoT 82

IoT Malware Hacking Cybercrime 82

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware 144

Ransomware Authentication Malware Hacking 144

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” In the final stage, the attackers deployed KimaLogger or RandomQuery keyloggers to record keystrokes.

Phishing 78

Phishing Malware Security Intelligence Hacking 78

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” ” That was Bruce’s response at a conference hosted by U.S.

Software 363

Software Cybersecurity Backups Manufacturing 363

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking 144

Hacking Data breaches Information Security Engineering 144

Security Affairs

JUNE 19, 2020

to target at least two different Russian organizations in 2017, which we are revealing for the first time.” wasn’t known to be vulnerable and thus most likely is not on the radar of security companies being exploited.” but also all other versions up to v3.0.0. ” reads the analysis published by Palo Alto Networks.

Malware 144

Malware Advertising InfoSec Hacking 144

Krebs on Security

JUNE 22, 2022

Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru “Thanks to you, we are now developing in the field of information security and anonymity!,” The employees who kept things running for RSOCKS, circa 2016.

Advertising 313

Advertising Cybercrime System Administration Hacking 313

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. ” reported the Tagesschau website.

Hacking 144

Hacking Accountability Malware Cybersecurity 144

Security Affairs

NOVEMBER 23, 2024

Microsoft has tracked Nady, linked to phishing services since 2017. The PhaaS was created by “MRxC0DER,” previously associated with the “ Caffeine Phishing Kit.” The researchers were among the first to discover the real identity of identity of MRxC0DER.

Phishing 72

Phishing Cybercrime Financial Services Media 72

Security Affairs

JANUARY 6, 2024

billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck filed a $1.4

Insurance 133

Insurance Manufacturing Ransomware Healthcare 133

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication 72

Authentication Hacking Software Information Security 72

Security Affairs

MARCH 30, 2021

In January 2018, White hackers from Google Project Zero disclosed vulnerabilities , affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). The issue could be exploited by attackers to steal sensitive data processed by the CPU.

Technology 143

Technology Malware Hacking Information Security 143

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Hacking 143

Hacking Firmware Mobile Penetration Testing 143

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware 138

Malware Cryptocurrency Ransomware Hacking 138

Security Affairs

MARCH 11, 2025

The file exploits a Microsoft Office Memory Corruption flaw, tracked as CVE-2017-11882 , to run a malicious shellcode and initiate a multi-level infection process. Its basic infection method is the use of an old Microsoft Office vulnerability, CVE-2017-11882 , which once again emphasizes the critical importance of installing security patches.”

Malware 67

Malware Government Phishing Hacking 67

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN 134

VPN Software Internet Internet 134

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. Between September an October 2017, Schuchman and his accomplices developed a new version of Satori named Okiru. In November 2017 the trio created a new version named Masuta , that targeted GPON routers. ” continues the DoJ.

DDOS 145

DDOS IoT Advertising Internet 145

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking 230

Hacking Accountability Data breaches Marketing 230

Security Affairs

JANUARY 22, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads. Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. reads the advisory.

DDOS 69

DDOS Malware Internet Internet 69

Security Affairs

FEBRUARY 24, 2022

CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) in attacks aimed at critical infrastructure worldwide.

Telecommunications 145

Telecommunications Malware Government Hacking 145

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption 125

Encryption Antivirus Malware Hacking 125

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware 98

Firmware Hacking Cybercrime Information Security 98

Security Affairs

MAY 6, 2024

Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. In July 2017 law enforcement shut down the virtual currency exchange.

Cryptocurrency 130

Cryptocurrency Computers and Electronics Identity Theft Hacking 130

Security Affairs

JULY 22, 2020

The two hackers are Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko, US authorities aim at receiving information that could lead to their arrest. In the second half of 2017, the United States Securities and Exchange Commission (SEC) disclosed it was the victim of a cyber-attack in 2016.

Advertising 142

Advertising Hacking Government Cyber Attacks 142

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017.

Data breaches 144

Data breaches Internet Internet Engineering 144

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” ” reads the press release published by DoJ.

Cryptocurrency 128

Cryptocurrency Spyware Cybercrime Hacking 128

Security Affairs

JUNE 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection. The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Hacking 133

Hacking Risk Cybersecurity Information Security 133

Security Affairs

SEPTEMBER 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. ” Attackers can exploit the flaw to take over websites running the widely used image-enhancing app.

Hacking 125

Hacking Cybersecurity Software Risk 125