The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

Security Affairs

MARCH 20, 2025

The use of popular instant messaging apps on both mobile and desktop devices broadens the attack surface, creating uncontrolled information exchange channels that bypass security measures. DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint.

Firmware 120

Firmware Government Firewall Malware 120

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes. score of 6.8.

Hacking 135

Hacking Firmware Encryption Manufacturing 135

Security Affairs

FEBRUARY 26, 2025

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Data collection 102

Data collection Spyware Media Surveillance 102

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 123

Malware Phishing DNS Cybercrime 123

Schneier on Security

JUNE 8, 2021

A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. ” It’s a similar attitude to corporate executives who believe that they can’t be hacked — and equally naive. This is just one of many risks to our normal civilian computer supply chains. This is not speculative.

Software 363

Software Cybersecurity Backups Manufacturing 363

Security Affairs

DECEMBER 23, 2024

NSO Group continued using WhatsApp exploits, including spyware called Erised, even after being sued for violating anti-hacking laws. from April 29, 2018, to May 10, 2020). Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,NSO Group)

Spyware 108

Spyware Surveillance Software Hacking 108

Security Affairs

AUGUST 18, 2024

The technique is effective across different fingerprint matchers and datasets and has potential applications in both security and computational creativity research. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, MasterPrints)

Architecture 139

Architecture Hacking Risk Information Security 139

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN 134

VPN Government Hacking Accountability 134

Security Affairs

FEBRUARY 5, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-45195 (CVSS score of 9.8) Microsoft.NET Framework Information Disclosure Vulnerability CVE-2018-9276 (CVSS score of 7.2)

Authentication 63

Authentication Hacking Cybersecurity Software 63

Security Affairs

MAY 19, 2021

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. SecurityAffairs – hacking, Mercedes). Follow me on Twitter: @securityaffairs and Facebook.

Hacking 134

Hacking Firmware Engineering Software 134

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software 131

Software Architecture Media Engineering 131

Security Affairs

OCTOBER 23, 2020

In March 2018, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. Hackers also targeted Exim mail agents ( CVE 2019-10149 ) and Fortinet SSL VPNs ( CVE-2018-13379 ). Pierluigi Paganini.

Government 141

Government Hacking Advertising Passwords 141

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking 144

Hacking Engineering Data breaches Advertising 144

SecureWorld News

JANUARY 18, 2023

Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program. The third installment of the "Hack the Pentagon" bug bounty program comes almost five years after the second one, which was unveiled in April 2018.

Hacking 101

Hacking Government Information Security Cybersecurity 101

Security Affairs

DECEMBER 16, 2024

Development traces back to at least 2018. “As security improvements make zero-click and other remote spyware attacks prohibitively expensive or unfeasible, authorities may increasingly turn to infecting devices with spyware through physical access to a device. . At this time, the origin of NoviSpy remains unclear.

Spyware 105

Spyware Surveillance Technology Mobile 105

Security Affairs

DECEMBER 6, 2024

In November 2018, Hospital network Atrium Health suffered another data breach , hackers accessed patients’ personal information after compromising the technology solutions provider AccuDoc. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Atrium Health)

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Security Affairs

DECEMBER 26, 2024

The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,botnet)

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Krebs on Security

NOVEMBER 21, 2018

No special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular Web browser like Chrome or Firefox. A USPS brochure advertising the features and benefits of Informed Visibility. .”

Accountability 278

Accountability Authentication Identity Theft Advertising 278

Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016. ” concludes the report.

Spyware 77

Spyware Surveillance Encryption Malware 77

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks.

CSO 240

CSO CISO Insurance Risk 240

Security Affairs

APRIL 19, 2021

The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018. The tools were published on a Telegram channel named Hack Boss that was created on November 26, 2018, and has over 2,500 subscribers.

Cryptocurrency 145

Cryptocurrency Hacking Malware Banking 145

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. In April 2018, Schuchman develops a new DDoS botnet alone, it was based on the Qbot malware family.

DDOS 145

DDOS IoT Advertising Internet 145

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless 144

Wireless VPN Software Hacking 144

Security Affairs

MAY 30, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. The flaw resides in WebKit and impacts macOS version 10.13.3

Spyware 136

Spyware Malware Surveillance Mobile 136

Security Affairs

APRIL 7, 2021

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. was used at the time of the attack), which enabled the attackers to exploit the CVE-2018-13379 vulnerability and gain access to the enterprise network.” ” continues Kaspersky.

VPN 129

VPN Ransomware Antivirus Firmware 129

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP.

Passwords 136

Passwords Hacking Information Security 136

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) X through 3.3.4. CISA orders federal agencies to fix this flaw by October 19, 2023.

Hacking 133

Hacking Risk Cybersecurity Information Security 133

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware 63

Malware Cryptocurrency Mobile Firmware 63

Security Affairs

MARCH 3, 2025

CVE-2018-8639 (CVSS score of 7.8) – an elevation of privilege vulnerability that impacts Windows when the Win32k component fails to properly handle objects in memory. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA ) ” reads the advisory.

Small Business 58

Small Business Authentication Hacking Accountability 58

Security Affairs

DECEMBER 21, 2021

A Russian national was extradited to the US from Switzerland after he was charged for trading information stolen from hacked U.S. The Russian national Vladislav Klyushin (41) was extradited to the United States from Switzerland to face charges for his alleged role in a scheme whose participants traded on information stolen from U.S.

Identity Theft 124

Identity Theft Penetration Testing Hacking Passwords 124

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware 143

Spyware Surveillance Software Architecture 143

Security Affairs

DECEMBER 3, 2024

Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Bitcoin)

Cryptocurrency 62

Cryptocurrency Financial Services Accountability Hacking 62

Security Affairs

OCTOBER 25, 2021

Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. “Notably, these infections occurred after Hubbard complained to NSO Group that he was targeted by the Saudi-linked KINGDOM Pegasus operator in June 2018.” Pierluigi Paganini.

Spyware 121

Spyware Hacking Backups Accountability 121

Security Affairs

JUNE 17, 2020

Tbps that took place in March 2018. Tbps that took place in March 2018. Tbps , it was a Memcached DDoS reflection attack blocked by NETSCOUT Arbor in March 2018. SecurityAffairs – DDoS, hacking). Tbps appeared first on Security Affairs. AWS announced it has mitigated a 2.3 ” concludes the report.

DDOS 145

DDOS Advertising Internet Internet 145