2018 and Hacking - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

2018 Retrospective

Troy Hunt

JANUARY 3, 2019

Here's my 2018 highlights, starting with travel: Travel "Oh yeah, I'm totally gonna travel less this year" - me every single year In reality, my travel ended up looking like this: That's the same number as last year, 4 more days and another 8,000km. Probably with my 2018 events page which lists everything I did of a public nature.

Passwords

Passwords Technology Government InfoSec

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.

Hacking

Hacking Marketing Cybercrime Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches

Data breaches Accountability Risk Advertising

Hacked by Police

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat was trapped.

Hacking

Hacking Telecommunications Encryption Firewall

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

Marriott Was Hacked -- Again

Schneier on Security

APRIL 2, 2020

This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 name, mailing address, email address, and phone number) Loyalty Account Information (e.g., linked airline loyalty programs and numbers). Preferences (e.g.,

Hacking

Hacking Accountability Data breaches Government

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. agarwal_mohit) January 5, 2018. Sooner or later, big repositories of data will be abused. Can you prove otherwise?

Hacking

Hacking Government Encryption Risk

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. police as part of an FBI investigation into the MGM hack. Image: Amitai Cohen twitter.com/amitaico. Click to enlarge.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Technical Report of the Bezos Phone Hack

Schneier on Security

JANUARY 24, 2020

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it.

Hacking

Hacking Backups Spyware Encryption

What’s most interesting about the Florida water system hack? That we heard about it at all.

Krebs on Security

FEBRUARY 10, 2021

The only federal law that applies to the cybersecurity of water treatment facilities in the United States is America’s Water Infrastructure Act of 2018 , which requires water systems serving more than 3,300 people “to develop or update risk assessments and emergency response plans.” NO NEWS IS GOOD NEWS?

Hacking

Hacking Media Cybersecurity Ransomware

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN.

Accountability

Accountability Hacking Media Mobile

This Simple Hack Could Tank Your Business

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking

Hacking Phishing Risk Accountability

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Krebs on Security

FEBRUARY 13, 2019

In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked. 12, the U.S. Justice Department announced the arrest of Timothy Dalton Vaughn , a 20-year-old from Winston-Salem, N.C.

Hacking

Hacking DDOS Government Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking

Hacking Social Engineering Phishing Scams

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to “script kiddies,” a derisive reference to low-skilled online hooligans. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider. based ISP Staminus come to mind).

Hacking

Hacking DDOS Backups Accountability

Malware Installed in Asus Computers Through Hacked Update Process

Schneier on Security

MARCH 28, 2019

The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.]. Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.

Hacking

Hacking Malware

Warning To Employers And Their Former Employees: Ex-Engineer Sentenced To 2 Years In Prison For Hacking Cisco’s WebEx

Joseph Steinberg

DECEMBER 14, 2020

The post Warning To Employers And Their Former Employees: Ex-Engineer Sentenced To 2 Years In Prison For Hacking Cisco’s WebEx appeared first on Joseph Steinberg. Million in damage (including $1 Million of refunds to impacted customers and $1.4

Engineering

Engineering Hacking Accountability Scams

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware

Ransomware Hacking Encryption Penetration Testing

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] 15, 2018, the Royal Canadian Mounted Police (RCMP) charged then 27-year-old Bloom, of Thornhill, Ontario, with selling stolen personal identities online through the website LeakedSource[.]com.

Hacking

Hacking Accountability Data breaches Marketing

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

VPN

VPN Passwords Software Telecommunications

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

It's just another day on the internet when the news is full of headlines about accounts being hacked. The second story was about a number of verified Twitter accounts having been "hacked" and then leveraged in Bitcoin scams. link] — Troy Hunt (@troyhunt) November 6, 2018. — Troy Hunt (@troyhunt) November 7, 2018.

Passwords

Passwords Accountability Hacking Education

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Security Affairs

DECEMBER 25, 2024

Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors. In 2018, the Lazarus APT group targeted several cryptocurrency exchanges , including the campaign tracked as Operation AppleJeus discovered in August 2018. FBI concludes.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Cybercrime

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. 30, the U.S. gg , an e-commerce platform that caters to the same clientele as Sellix.

eCommerce

eCommerce Cybercrime Accountability Passwords

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Troy Hunt

MARCH 15, 2020

I want to talk about 3 upcoming events which Scott Helme and I are going to be running our Hack Yourself First workshop at starting with this one: NDC Security Australia, 26-27 March, AU$800 This is an extra special event that we've only just decided to run. but due to it going online, it looks like "I'm going" to Denmark!

Hacking

Hacking Technology Software Risk

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

But in all likelihood, there will be more than a handful of domain subscribers who take issue with that volume of people data sitting there in one corpus easily downloadable via a clear web hacking forum.

Data breaches

Data breaches Passwords B2B Technology

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. This quickly gets intricately technical.

Hacking

Hacking Energy and Utilities System Administration Accountability

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

NOVEMBER 1, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. ” concludes the report that includes Indicators of compromise for this threat.

Spyware

Spyware Media Malware Hacking

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

DECEMBER 1, 2020

“In early 2018, Vaughn demanded 1.5 As KrebsOnSecurity noted in 2019 , Vaughn’s identity was revealed by following the trail of clues from a gaming website he used that later got hacked. Timothy Dalton Vaughn from Winston-Salem, N.C. attorney for the Central District of California. Federal judge Otis D.

DDOS

DDOS Hacking Mobile Encryption

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Security Affairs

DECEMBER 4, 2024

Since 2012, Crimenetwork facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data. Nearly $100M in cryptocurrency was traded on the platform from 2018-2024, with operators taking 1-5% commissions. Source Computerworld.ch

Cybercrime

Cybercrime Cryptocurrency Hacking Internet

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

JUNE 21, 2021

In April, federal prosecutors unsealed an indictment against a 22-year-old from Kansas who’s accused of hacking into a public water system in 2019. The defendant in that case is a former employee of the water district he allegedly hacked. In February, we learned that someone hacked into the water treatment plan in Oldsmar, Fla.

Hacking

Hacking Accountability Cybersecurity Technology

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware) 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 Park was previously charged in 2018 in connection with the WannaCry and Sony Pictures attacks. billion from banks and other victims worldwide. Image: CISA.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. “As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said. .

Internet

Internet Internet Software Engineering

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

JANUARY 2, 2019

29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain. 2, 2018 shows the company is still struggling to restore services more than a week after the attack began. A status update shared by Data Resolution with affected customers on Jan.

Ransomware

Ransomware Malware Backups Accountability

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

JANUARY 19, 2021

The release was granted in part due to Ferizi’s 2018 diagnosis if asthma, as well as a COVID outbreak at the facility where he was housed in 2020. He admitted to hacking a U.S.-based ” [Side note: It may be little more than a coincidence, but my PayPal account was hacked in Dec.

Identity Theft

Identity Theft Government Social Engineering Accountability

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking

Hacking Penetration Testing Data breaches Authentication

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Krebs on Security

AUGUST 1, 2024

That loss amount equaled the total losses inflicted by Seleznev’s various carding stores, and other thefts attributed to members of the hacking forum carder[.]su prosecutors called a “$93 million hack-to-trade conspiracy.” Marine arrested in 2018 and accused of spying. countries.

Penetration Testing

Penetration Testing Cybercrime Hacking Government

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. The first documented attack against a Sophos facility is the one that targeted Cyberoam in 2018.

Firmware

Firmware Government Firewall Malware

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy

Krebs on Security

JUNE 19, 2019

1, 2018 and March 30, 2019 led to the theft of personal and medical information on 11.9 million spent on mailing more than 7 million individual notices to people whose information had been potentially hacked,” wrote Jeremy Hill. The company also reportedly slashed its staff from 113 to 25 at the end of 2018.

Data breaches

Data breaches Hacking

GPS Vulnerabilities

Schneier on Security

FEBRUARY 22, 2021

The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. A report on the technologies was submitted to Congress last week.

Backups

Backups Technology Hacking Cybersecurity

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Data collection

Data collection Spyware Media Surveillance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

2018 Retrospective

Webinars

Trending Sources

Breached Data Indexer ‘Data Viper’ Hacked

Webinars

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Hacked by Police

Twitter Hacking for Profit and the LoLs

Marriott Was Hacked -- Again

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Technical Report of the Bezos Phone Hack

What’s most interesting about the Florida water system hack? That we heard about it at all.

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

This Simple Hack Could Tank Your Business

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

When Low-Tech Hacks Cause High-Impact Breaches

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Malware Installed in Asus Computers Through Hacked Update Process

Warning To Employers And Their Former Employees: Ex-Engineer Sentenced To 2 Years In Prison For Hacking Cisco’s WebEx

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Hackers Were Inside Citrix for Five Months

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Inside the DemandScience by Pure Incubation Data Breach

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

New LightSpy spyware version targets iPhones with destructive capabilities

Bomb Threat, DDoS Purveyor Gets Eight Years

Poland probes Pegasus spyware abuse under the PiS government

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

How Cyber Safe is Your Drinking Water Supply?

New Triada Trojan comes preinstalled on Android devices

U.S. Indicts North Korean Hackers in Theft of $200 Million

Microsoft Issues Emergency Fix for IE Zero Day

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

New Charges Derail COVID Release for Hacker Who Aided ISIS

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

U.S. Trades Cybercriminals to Russia in Prisoner Swap

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy

GPS Vulnerabilities

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Stay Connected