Security Affairs

DECEMBER 21, 2019

Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw. Experts warn that threat actors continue to exploit the CVE-2018-0296 flaw to target Cisco ASA and Firepower Appliance. ” read the security advisory published by Cisco.

Firewall 96

Firewall Advertising Software Risk 96

Security Affairs

SEPTEMBER 23, 2021

BulletProofLink has been active since 2018, it was used by multiple threat actors in either one-off or monthly subscription-based business models. SecurityAffairs – hacking, phishing). The post BulletProofLink, a large-scale phishing-as-a-service active since 2018 appeared first on Security Affairs. Pierluigi Paganini.

Phishing 115

Phishing Cybercrime Advertising Hacking 115

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 124

Malware Phishing DNS Cybercrime 124

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 144

Government Hacking Cyber Attacks Information Security 144

Security Affairs

MAY 13, 2019

Yoroi Cyber Security Annual Report 2018 – In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. Download the Yoroi Cyber Security Report 2018. SecurityAffairs – Yoroi Cyber Security Annual Report, malware).

Malware 108

Malware Advertising DNS Surveillance 108

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes. score of 6.8.

Hacking 136

Hacking Firmware Encryption Manufacturing 136

SecureWorld News

JANUARY 18, 2023

Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program. The third installment of the "Hack the Pentagon" bug bounty program comes almost five years after the second one, which was unveiled in April 2018.

Hacking 78

Hacking Government Information Security Cybersecurity 78

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). The post ShinyHunters hacked Pluto TV service, 3.2M A hacker has shared 3.2

Accountability 128

Accountability Hacking Data breaches Passwords 128

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 107

Accountability Hacking Financial Services Cybersecurity 107

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

AUGUST 19, 2020

According to the security expert Tal Be’ery , the vulnerability, dubbed GlueBall, has been known since August 2018, because a malware sample exploiting it was uploaded to VirusTotal. SecurityAffairs – hacking, CVE-2020-1464 ). MSI) files signed by any software developer. . Pierluigi Paganini.

Advertising 112

Advertising Malware Internet Internet 112

Security Affairs

APRIL 8, 2019

Bahrain, 08.04.2019 – Group-IB, an international company that specializes in preventing cyberattacks , and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8

Artificial Intelligence 97

Artificial Intelligence Government Banking Advertising 97

Security Affairs

JULY 8, 2019

The UK Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect the personal information of roughly 500,000 customers during 2018 security breach. “The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. .

Data breaches 102

Data breaches Advertising Hacking Mobile 102

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN 136

VPN Government Hacking Accountability 136

Security Affairs

AUGUST 28, 2020

A former Cisco employee has pleaded guilty to hacking charges and intentionally causing damage to the systems of his company. SecurityAffairs – hacking, hacking). The post Former Cisco employee pleads guilty to hacking, damaging company systems appeared first on Security Affairs. Pierluigi Paganini.

Hacking 139

Hacking Advertising Accountability Risk 139

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking 145

Hacking Malware Advertising DNS 145

Security Affairs

MAY 19, 2021

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. SecurityAffairs – hacking, Mercedes). Follow me on Twitter: @securityaffairs and Facebook.

Hacking 135

Hacking Firmware Engineering Software 135

Security Affairs

SEPTEMBER 24, 2024

Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas in the country, likely due to an imminent full-scale strike. Ibrahim said.

Hacking 134

Hacking Spyware Mobile Media 134

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8

Hacking 124

Hacking Cyber Attacks Passwords Software 124

Security Affairs

APRIL 13, 2021

The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Hacking 96

Hacking Media Government Information Security 96

Security Affairs

JULY 4, 2019

Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows. The post Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – Sodin, ransomware).

Ransomware 107

Ransomware Encryption Advertising Architecture 107

Security Affairs

OCTOBER 15, 2024

In November 2018, Symantec first discovered the FastCash Trojan , which was used by the North Korea-linked APT group Lazarus in a series of attacks against ATMs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Malware) LTS distributions.

Malware 132

Malware Banking Hacking Accountability 132

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking 130

Hacking VPN Advertising Government 130

Security Affairs

MAY 30, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. The flaw resides in WebKit and impacts macOS version 10.13.3

Spyware 137

Spyware Malware Surveillance Mobile 137

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP.

Passwords 137

Passwords Hacking Information Security 137

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The experts that analyzed the malicious code employed in the hack found many similarities with a piece of malware used in a previous attack against a German Government network that took place in 2014.

Hacking 115

Hacking Cyber Attacks Identity Theft Government 115

Security Affairs

DECEMBER 22, 2019

In January 2018, Burns is suspected to have accessed systems operated by Jet2 and its parent company, Dart Group. On January 18, 2018, he removed user accounts from the compromised systems, locking out over 2,000 Jet2 employees from accessing the company’s systems, including their emails. SecurityAffairs – Jet2 airline, hacking).

Hacking 92

Hacking Advertising Accountability Software 92

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) X through 3.3.4. CISA orders federal agencies to fix this flaw by October 19, 2023.

Hacking 134

Hacking Risk Cybersecurity Information Security 134

Security Affairs

JULY 8, 2020

The US Department of Justice has indicted a hacker named Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks. The US Department of Justice has indicted a hacker that goes online with the moniker Fxmsp for hacking over three hundred organizations worldwide and selling access to their networks.

Hacking 113

Hacking Antivirus Advertising Cybercrime 113

Security Affairs

NOVEMBER 17, 2019

Each working exploit receives a cash prize and points that are assigned to the team that devised it, like the popular Pwn2Own hacking contest. Since the decision of the Chinese Government, the TianfuCup was set up for the first time in the fall of 2018. They earned a bonus of $30,000. — TianfuCup (@TianfuCup) November 16, 2019.

Hacking 108

Hacking Advertising Financial Services Government 108

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. On October 18, 2019, Zaidi pled guilty for his participation in the hacking activity. Ticketmaster already paid $110 million in 2018 to settle a civil suit brought by Songkick, which merged with CrowdSurge in 2015.

Hacking 120

Hacking Passwords Accountability Cybercrime 120

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware 143

Spyware Surveillance Architecture Software 143

Security Affairs

JUNE 17, 2024

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020. 1, 2018, the indictment states.” District Court in Chicago.”

Marketing 130

Marketing Cryptocurrency DDOS Scams 130

Security Affairs

APRIL 22, 2020

Two zero-day flaws in the default mailing app pre-installed on iPhones and iPads allow attackers to hack the devices just by sending emails. The post Hacking Apple iPhones and iPads by sending emails to the victims appeared first on Security Affairs. “The newly released beta update of 13.4.5 ” ZecOps concludes.

Hacking 142

Hacking Advertising Accountability Risk 142

Security Affairs

OCTOBER 23, 2020

In March 2018, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. Hackers also targeted Exim mail agents ( CVE 2019-10149 ) and Fortinet SSL VPNs ( CVE-2018-13379 ). Pierluigi Paganini.

Government 142

Government Hacking Advertising Passwords 142

Security Affairs

JUNE 27, 2019

In 2018 PCM generated roughly $2.2 Krebs speculates that intruders could be the same that hacked the Indian IT outsourcing giant Wipro Ltd. According to RiskIQ, the group that hacked Wipro has been active since at least 2016, it was focused on targeting gift card providers. SecurityAffairs – PCM, hacking).

Hacking 111

Hacking Advertising Accountability Data breaches 111