2018, Hacking and Information Security - Cyber Security Informer

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. Pierluigi Paganini.

Government

Government Hacking Cyber Attacks Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

M?ris Bot infects MikroTik routers compromised in 2018

Security Affairs

SEPTEMBER 14, 2021

The network equipment maker MikroTik revealed that the routers were previously compromised in 2018. The vendor explained that the devices haven’t been properly secured, even if the security patches released by MikroTik at the time were installed. If somebody got your password in 2018, just an upgrade will not help.

DDOS

DDOS Firewall Passwords Internet

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

Hacking

Hacking Penetration Testing Data breaches Authentication

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Phishing DNS Cybercrime

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. ” It’s a similar attitude to corporate executives who believe that they can’t be hacked — and equally naive. This is just one of many risks to our normal civilian computer supply chains. This is not speculative.

Software

Software Cybersecurity Backups Manufacturing

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Security Affairs

AUGUST 18, 2024

The technique is effective across different fingerprint matchers and datasets and has potential applications in both security and computational creativity research. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MasterPrints)

Architecture

Architecture Hacking Risk Information Security

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN

VPN Government Hacking Accountability

Hacking the infotainment system used in Mercedes-Benz cars

Security Affairs

MAY 19, 2021

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. SecurityAffairs – hacking, Mercedes). Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Firmware Engineering Software

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

In March 2018, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. Hackers also targeted Exim mail agents ( CVE 2019-10149 ) and Fortinet SSL VPNs ( CVE-2018-13379 ). Pierluigi Paganini.

Government

Government Hacking Advertising Passwords

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches

Data breaches Accountability Risk Advertising

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall

Firewall Hacking Malware Passwords

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

No special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular Web browser like Chrome or Firefox. A USPS brochure advertising the features and benefits of Informed Visibility. .”

Accountability

Accountability Authentication Identity Theft Advertising

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. was used at the time of the attack), which enabled the attackers to exploit the CVE-2018-13379 vulnerability and gain access to the enterprise network.” ” continues Kaspersky.

VPN

VPN Ransomware Antivirus Firmware

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware

Spyware Surveillance Architecture Software

Russian national extradited to US for trading on stolen Information

Security Affairs

DECEMBER 21, 2021

A Russian national was extradited to the US from Switzerland after he was charged for trading information stolen from hacked U.S. The Russian national Vladislav Klyushin (41) was extradited to the United States from Switzerland to face charges for his alleged role in a scheme whose participants traded on information stolen from U.S.

Identity Theft

Identity Theft Penetration Testing Hacking Passwords

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018. The tools were published on a Telegram channel named Hack Boss that was created on November 26, 2018, and has over 2,500 subscribers.

Cryptocurrency

Cryptocurrency Hacking Malware Banking

Experts found a macOS version of the sophisticated LightSpy spyware

Security Affairs

MAY 30, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. The flaw resides in WebKit and impacts macOS version 10.13.3

Spyware

Spyware Malware Surveillance Mobile

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) X through 3.3.4. CISA orders federal agencies to fix this flaw by October 19, 2023.

Hacking

Hacking Risk Cybersecurity Information Security

A new Linux variant of FASTCash malware targets financial systems

Security Affairs

OCTOBER 15, 2024

In November 2018, Symantec first discovered the FastCash Trojan , which was used by the North Korea-linked APT group Lazarus in a series of attacks against ATMs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Malware) LTS distributions.

Malware

Malware Banking Hacking Accountability

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP.

Passwords

Passwords Hacking Information Security

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

Old vulnerabilities in Cisco products actively exploited in the wild

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless

Wireless VPN Software Hacking

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Security Affairs

OCTOBER 25, 2021

Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. “Notably, these infections occurred after Hubbard complained to NSO Group that he was targeted by the Saudi-linked KINGDOM Pegasus operator in June 2018.” Pierluigi Paganini.

Spyware

Spyware Hacking Backups Accountability

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks.

CSO

CSO CISO Insurance Risk

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

Empire Market owners charged with operating $430M dark web marketplace

Security Affairs

JUNE 17, 2024

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020. 1, 2018, the indictment states.” District Court in Chicago.”

Marketing

Marketing Cryptocurrency DDOS Scams

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

Hladyr was sentenced in the Western District of Washington, he was arrested in Dresden, Germany, in 2018, at the request of U.S. law enforcement and was extradited to the US where in September 2019, he pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking.

System Administration

System Administration Penetration Testing Malware Hacking

Did Israel infiltrate Lebanese telecoms networks?

Security Affairs

SEPTEMBER 24, 2024

Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas. Israel has been sending text messages, recordings, and hacking radio networks to warn Lebanese citizens to evacuate certain areas in the country, likely due to an imminent full-scale strike. Ibrahim said.

Hacking

Hacking Spyware Mobile Media

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Security Affairs

DECEMBER 4, 2024

Since 2012, Crimenetwork facilitated the sale of illegal goods and services, including drugs, forged documents, hacking tools, and stolen data. Nearly $100M in cryptocurrency was traded on the platform from 2018-2024, with operators taking 1-5% commissions. Source Computerworld.ch

Cybercrime

Cybercrime Cryptocurrency Hacking Internet

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

” In July 2018, a Greek lower court agreed to extradite Vinnik to France to face charges of hacking, money laundering , extortion, and involvement in organized crime. French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018.

Cryptocurrency

Cryptocurrency Computers and Electronics Identity Theft Hacking

China-linked APT41 breached Taiwanese research institute

Security Affairs

AUGUST 4, 2024

” ShadowPad is a modular remote access trojan (RAT) sold exclusively to Chinese hacking groups. This loader, derived from an anti-AV tool called CS-Avoid-Killing found on GitHub and written in Simplified Chinese, is promoted in various Chinese hacking forums and tutorials. ” continues the report.

Malware

Malware Government Hacking Accountability

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

In this post, I present an abstract from the original analysis that I suggest reading, below the annual increase in the number of breaches: Year Number of Scams Year Increase In Number of Breaches (%) 2021 76 2020 – 2021 145% 2020 31 2019 – 2020 19% 2019 26 2018 – 2019 73%. SecurityAffairs – hacking, crypto security breaches).

Cryptocurrency

Cryptocurrency Scams Marketing Hacking

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. SecurityAffairs – hacking, BSI).

Antivirus

Antivirus Software Manufacturing Information Security

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Security Affairs

DECEMBER 4, 2023

. — Microsoft Threat Intelligence (@MsftSecIntel) December 1, 2023 DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CACTUS ransomware)

Ransomware

Ransomware Malware Banking Hacking

Operation GhostShell: MalKamak APT targets aerospace and telco firms

Security Affairs

OCTOBER 7, 2021

The threat actors have been targeting the above industries since at least 2018. “Assessments as to the identity of the operators and authors of ShellClient resulted in the identification of a new Iranian threat actor dubbed MalKamak that has operated since at least 2018 and remained publicly unknown thus far.”

Telecommunications

Telecommunications Malware Hacking Information Security

SolarWinds hackers breached 27 state attorneys’ offices

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The vulnerabilities listed in the advisory are: CVE-2018-13379 Fortinet CVE-2019-9670 Zimbra CVE-2019-11510 Pulse Secure CVE-2019-19781 Citrix CVE-2020-4006 VMware.

Accountability

Accountability Hacking Information Security Government

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

Hacking

Hacking Technology Government Malware

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 6, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog. Talos also discovered that APT41 created a custom loader to inject a proof-of-concept for CVE-2018-0824 directly into memory.

Hacking

Hacking Government Cybersecurity Malware

Swedish court suspended the ban on Huawei equipment

Security Affairs

NOVEMBER 12, 2020

In April 2018, the UK GCHQ intelligence agency warned UK telcos firms of the risks of using ZTE equipment and services for their infrastructure. In December 2018, a Czech cyber-security agency is warned against using Huawei and ZTE technologies because they pose a threat to state security. Pierluigi Paganini.

Wireless

Wireless Internet Internet Manufacturing

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

NOVEMBER 1, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. ” concludes the report that includes Indicators of compromise for this threat.

Spyware

Spyware Media Malware Hacking

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S. Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018. SecurityAffairs – hacking, Russia-linked threat actors). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware

Malware Cyber threats Government Hacking

Norway blames China-linked APT31 for 2018 government hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Trending Sources

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

M?ris Bot infects MikroTik routers compromised in 2018

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Threat actor has been targeting the aviation industry since at least 2018

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Vulnerabilities in Weapons Systems

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

APT hacked a US municipal government via an unpatched Fortinet VPN

Hacking the infotainment system used in Mercedes-Benz cars

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Chinese national charged for hacking thousands of Sophos firewalls

USPS Site Exposed Data on 60 Million Users

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Russian national extradited to US for trading on stolen Information

Crooks made more than $560K with a simple clipboard hijacker

Experts found a macOS version of the sophisticated LightSpy spyware

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

A new Linux variant of FASTCash malware targets financial systems

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Old vulnerabilities in Cisco products actively exploited in the wild

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Poland probes Pegasus spyware abuse under the PiS government

Empire Market owners charged with operating $430M dark web marketplace

A member of the FIN7 group was sentenced to 10 years in prison

Did Israel infiltrate Lebanese telecoms networks?

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

China-linked APT41 breached Taiwanese research institute

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

The German BSI agency recommends replacing Kaspersky antivirus software

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

Operation GhostShell: MalKamak APT targets aerospace and telco firms

SolarWinds hackers breached 27 state attorneys’ offices

US DoJ indicts four members of China-linked APT40 cyberespionage group

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Swedish court suspended the ban on Huawei equipment

New LightSpy spyware version targets iPhones with destructive capabilities

Russia-linked threat actors targets critical infrastructure, US authorities warn

Stay Connected