2018, Accountability and Information Security

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches

Data breaches Accountability Risk Advertising

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. That user, “ Exorn ,” has posts dating back to August 2018.

Hacking

Hacking Cybercrime Advertising Data breaches

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. Pierluigi Paganini.

Government

Government Hacking Cyber Attacks Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. Only share the personal information you absolutely have to provide with the genetic testing company.

Insurance

Insurance Accountability Risk Data breaches

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. A USPS brochure advertising the features and benefits of Informed Visibility. Image: USPS.com.

Accountability

Accountability Authentication Identity Theft Advertising

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

The IPv6 addresses were traced to Verizon Wireless, which told the investigators that the addresses were in use by an account belonging to Williams. On October 25, 2018, police obtained records showing that Molina’s Honda had been impounded earlier that year after Molina’s stepfather was caught driving the car without a license.

Surveillance

Surveillance Wireless Accountability Architecture

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Impacts vary depending on users’ browsers, cookies, and third-party account activity. ” The potential exposed data includes IP addresses, third-party identifiers/cookies, and, in some cases, information about a patient’s treatment or provider if included in a URL or button text. added Atrium Health.

Data breaches

Data breaches Identity Theft Accountability Technology

DUCKTAIL operation targets Facebook’s Business and Ad accounts

Security Affairs

JULY 27, 2022

Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook’s Business and Ads platform.

Accountability

Accountability Malware Media Marketing

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Security Affairs

DECEMBER 25, 2024

In 2018, the Lazarus APT group targeted several cryptocurrency exchanges , including the campaign tracked as Operation AppleJeus discovered in August 2018. The company assured customers their Bitcoin (BTC) deposits would be fully guaranteed. ” reads the press release published by FBI. FBI concludes.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Cybercrime

RotaJakiro Linux backdoor has flown under the radar since 2018

Security Affairs

APRIL 28, 2021

The malware remained undetected for years while threat actors were employing it in attacks to harvest and exfiltrate sensitive information from infected devices. The name RotaJakiro comes from the fact that the family uses rotate encryption and behaves differently for root/non-root accounts when executing. Pierluigi Paganini.

Encryption

Encryption Malware IoT Accountability

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. Bleeping Computer, which has validated the authenticity of the archive, reported that the latest record in the database was created on October 12th, 2018. accounts exposed appeared first on Security Affairs.

Accountability

Accountability Hacking Data breaches Passwords

Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked

Security Affairs

AUGUST 19, 2020

Chinese hackers have hacked thousands of Taiwan Government email accounts belonging at least 10 Taiwan government agencies, officials said. Chinese hackers have gained access to around 6,000 email accounts belonging to at least 10 Taiwan government agencies, officials said. Pierluigi Paganini. SecurityAffairs – hacking, Taiwan).

Government

Government Hacking Accountability Advertising

Twitter removes 100 accounts linked to Russia disseminating disinformation

Security Affairs

FEBRUARY 23, 2021

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance.

Accountability

Accountability Government Internet Internet

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Facebook says it took down 2.19 billion accounts in Q1 2019

Security Affairs

MAY 24, 2019

Social network giant Facebook revealed it recently disabled billions of accounts operated by “bad actors” and that five percent of active accounts are fake. billion accounts in the first quarter of 2019, the number if doubled respect the number of accounts blocked in the prior quarter. Pierluigi Paganini.

Accountability

Accountability Advertising Technology Cybersecurity

One million cracked Poshmark accounts being sold online

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. Earlier in August, Poshmark , a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories, disclosed a data breach that took place in May 2018.

Accountability

Accountability Data breaches Passwords Advertising

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

It can steal accounts, send messages, steal crypto, monitor browsing, intercept SMS, and more. ” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. .” 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Security Affairs

JUNE 4, 2020

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. “The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

Accountability

Accountability Phishing DNS Cryptocurrency

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Spyware

Spyware Surveillance Software Hacking

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site The site looks exactly like the real Airbnb, includes pictures of the requested property, and steers visitors toward signing in or to creating a new account. co.uk , airbnb.pt-anuncio[.]com

Scams

Scams Advertising Accountability Phishing

Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted

Security Affairs

JULY 7, 2019

Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., Hackers at least created 11 new GitHub repositories in compromised Canonical account. the company behind the Ubuntu Linux distribution. ” states the Canonical team.

Accountability

Accountability Advertising Cryptocurrency Hacking

UK ICO fines British Airways £183 Million under GDPR over 2018 security breach

Security Affairs

JULY 8, 2019

The UK Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect the personal information of roughly 500,000 customers during 2018 security breach. “The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. .

Data breaches

Data breaches Advertising Hacking Mobile

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom.

Architecture

Architecture Internet Internet Malware

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in ” reported ZDNet. Pierluigi Paganini.

Accountability

Accountability Cybercrime Hacking Retail

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The security breach impacted a limited number of customers, only 836 individuals. The carrier states that personal financial account information and call records were not affected by the security breach. In 2018, data breach exposed personal information of up to 2 million customers.

Mobile

Mobile Telecommunications Data breaches Hacking

T-Mobile suffered a new data breach, 37 million accounts have been compromised

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches

Data breaches Mobile Accountability Telecommunications

South Korean Woori Bank is accused of unauthorized use of customer data

Security Affairs

FEBRUARY 11, 2020

Unauthorized use of customer information by Woori Bank, ‘crime act’ for customers. The bank changed 23,000 passwords in 2018 without consent. It is controversial that Woori Bank changed the p assword s of 23,000 customer dormant accounts without consent in July 2018. About the author: ???

Banking

Banking Passwords Accountability Advertising

DMM Bitcoin halts operations six months after a $300 million cyber heist

Security Affairs

DECEMBER 3, 2024

Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services. SBI VC Trade published a notice regarding the basic agreement on the transfer of accounts and assets held by DMM Bitcoin. billion yen), from its wallets.

Cryptocurrency

Cryptocurrency Financial Services Accountability Hacking

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. When we found the security vulnerability we took measures to fix it. 5.38??????????????

Accountability

Accountability Passwords Advertising Internet

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. The technologies existing in 2018 will undoubtedly differ from those that exist in 2020. Equifax was not special in this regard.

Data privacy

Data privacy Data breaches Insurance Information Security

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

million phone numbers that are part of Dubsmash data breach that occurred in 2018. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million December 2018 Shein.com 42 million June 2018 Fotolog.com 33.5 million December 2018 CafePress.com 23.6

Data breaches

Data breaches Advertising Passwords Hacking

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Upon compromising the domain administrator account, threat actors could distributee malware to other systems on the same network. ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

Accessing an online account, users could make several actions, such as manage insurance claims and pay bills. “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt access to State Farm online accounts.

Insurance

Insurance Data breaches Financial Services Passwords

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

15, 2018, the Royal Canadian Mounted Police (RCMP) charged then 27-year-old Bloom, of Thornhill, Ontario, with selling stolen personal identities online through the website LeakedSource[.]com. LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts.

Hacking

Hacking Accountability Data breaches Marketing

Czech intelligence report warns of Russian and Chinese activity in the country

Security Affairs

NOVEMBER 26, 2019

A Czech intelligence report states that Russian and Chinese cyberspies carried out several attacks against the country during 2018. Cezch intelligence believe s that agents of all the Russian intelligence services were secretly operating on the Czech soil in 2018.

Cyber Attacks

Cyber Attacks Advertising Information Security Government

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile

Mobile Data breaches Telecommunications Accountability

T-Mobile suffered a new data breach

Security Affairs

DECEMBER 29, 2021

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. “Affected customers fall into one of three categories. .”

Data breaches

Data breaches Mobile Accountability Wireless

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” Security news site Bleeping Computer reported on the T-Systems Ryuk ransomware attack on Dec. In our Dec.

Passwords

Passwords Ransomware Password Management Malware

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 3, 2025

CVE-2018-8639 (CVSS score of 7.8) – an elevation of privilege vulnerability that impacts Windows when the Win32k component fails to properly handle objects in memory. ” reads the advisory. “To exploit this vulnerability, an attacker would first have to log on to the system.

Small Business

Small Business Authentication Hacking Accountability

Google issued 40,000 alerts of State-Sponsored attacks in 2019

Security Affairs

MARCH 27, 2020

The number of alerts decreased by 25% when compared to 2018, possible reasons for this drop could be the increased efficiency of defense measures implemented by Google, but we cannot underestimate the risk of an increased level of sophistication of the attacks that allowed nation-state actors to fly under the radar.

Phishing

Phishing Accountability Advertising Malware

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The funds were stolen by North Korean actors in 2018, as detailed in the civil forfeiture complaint also unsealed today.” According to the Treasury and DOJ, Tian and Li received funds from North Korea-controlled accounts in at least two cases. ” reads the press release published by the DoJ. million from another exchange.

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

The General Data Protection Regulation ( GDPR ), enacted in 2018, has set a new standard for data privacy across the European Union (EU). The Irish Data Protection Commission found that Instagram’s default settings made children’s accounts visible to the public, exposing personal information like phone numbers and email addresses.

Data privacy

Data privacy Risk Surveillance Government

SolarWinds hackers breached 27 state attorneys’ offices

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. ” reads the update provided by DoJ.

Accountability

Accountability Hacking Information Security Government

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Webinars

Trending Sources

Norway blames China-linked APT31 for 2018 government hack

Webinars

DNA testing company vanishes along with its customers’ genetic data

USPS Site Exposed Data on 60 Million Users

Google Responds to Warrants for “About” Searches

New Atrium Health data breach impacts 585,000 individuals

DUCKTAIL operation targets Facebook’s Business and Ad accounts

DMM Bitcoin $308M Bitcoin heist linked to North Korea

RotaJakiro Linux backdoor has flown under the radar since 2018

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked

Twitter removes 100 accounts linked to Russia disseminating disinformation

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Facebook says it took down 2.19 billion accounts in Q1 2019

One million cracked Poshmark accounts being sold online

SEC announces sanctions against entities over email account hacking

New Triada Trojan comes preinstalled on Android devices

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

‘Land Lordz’ Service Powers Airbnb Scams

Hackers compromised a Canonical GitHub account, Ubuntu source code was not impacted

UK ICO fines British Airways £183 Million under GDPR over 2018 security breach

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Hundreds of C-level executives credentials available for $100 to $1500 per account

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

T-Mobile suffered a new data breach, 37 million accounts have been compromised

South Korean Woori Bank is accused of unauthorized use of customer data

DMM Bitcoin halts operations six months after a $300 million cyber heist

538 Million Weibo users’ records being sold on Dark Web

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

Threat actors are offering for sale 550 million stolen user records

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

American Insurance firm State Farm victim of credential stuffing attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Czech intelligence report warns of Russian and Chinese activity in the country

T-Mobile customers were hit with SIM swapping attacks

T-Mobile suffered a new data breach

The Hidden Cost of Ransomware: Wholesale Password Theft

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

Google issued 40,000 alerts of State-Sponsored attacks in 2019

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Increased GDPR Enforcement Highlights the Need for Data Security

SolarWinds hackers breached 27 state attorneys’ offices

Stay Connected