2018, Information Security and Internet

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

OCTOBER 9, 2020

On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers. The Post said U.S.

Ransomware

Ransomware Internet Internet Passwords

Massive DDoS attack brought down 25% Iranian Internet connectivity

Security Affairs

FEBRUARY 9, 2020

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%.

DDOS

DDOS Internet Internet Telecommunications

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

M?ris Bot infects MikroTik routers compromised in 2018

Security Affairs

SEPTEMBER 14, 2021

Last week, the Russian Internet giant Yandex has been targeting by the largest DDoS attack in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown. If somebody got your password in 2018, just an upgrade will not help.

DDOS

DDOS Firewall Passwords Internet

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN

VPN Internet Internet Media

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023. ” concludes the report.

Cybercrime

Cybercrime Internet Internet Scams

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

” Between 2018 and 2019 the researchers assessed 28 telecom operators in Europe, Asia, Africa, and South America and verifies the presence of the vulnerabilities in the GTP protocol. phone number) of a real subscriber and impersonate him to access the Internet. Faults in the GTP protocol directly impact 5G networks.”

Mobile

Mobile Internet Internet Advertising

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Internet

Internet Internet Phishing Scams

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Security Affairs

DECEMBER 10, 2022

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a widely-deployed SSL VPN solution for remote and mobile users, for this reason, it is a target of attacks by multiple threat actors. ” reads the post published by Censys. Pierluigi Paganini.

Internet

Internet Internet VPN Mobile

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Security Affairs

DECEMBER 4, 2024

“The Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime ( ZIT ) – and the Federal Criminal Police Office ( BKA ) arrested one of the administrators of the criminal trading platform” Crimenetwork” on Monday. .”

Cybercrime

Cybercrime Cryptocurrency Hacking Internet

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. .” That was Bruce’s response at a conference hosted by U.S. This is not speculative.

Software

Software Cybersecurity Backups Manufacturing

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. and Yandex.ru

Internet

Internet Internet DNS Cyber Attacks

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware. According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019.

Spyware

Spyware Government Surveillance Hacking

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. And it is increasingly apparent that the advertising-supported Internet is heading for a crash.).

Surveillance

Surveillance Wireless Accountability Architecture

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Security Affairs

AUGUST 19, 2020

Microsoft’s August 2020 Patch Tuesday security updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks in the wild. The two issues are a Windows spoofing bug and a remote code execution flaw in Internet Explorer. The flaw is related to Windows incorrectly validating file signatures.

Advertising

Advertising Malware Internet Internet

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP). The experts focused their analysis on the Mercedes-Benz User Experience (MBUX) infotainment system, which was first presented by the carmaker in 2018. The MBUX system consists of several key components.

Software

Software Architecture Media Engineering

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

At issue is a well-known security and privacy threat called “ namespace collision ,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Alas, in 2018, the.llc TLD was born and began selling domains.

DNS

DNS Internet Internet Authentication

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China has long targeted global internet service providers and recent attacks are aligned with past operations linked to Beijing. Wall Street Journal reported. and around the globe.”

Mobile

Mobile Telecommunications Data breaches Hacking

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” .” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. In April 2018, Schuchman develops a new DDoS botnet alone, it was based on the Qbot malware family.

DDOS

DDOS IoT Advertising Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Internet Internet

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. “Internet users found that 538 million Weibo user records are being sold on dark web marketplace.

Accountability

Accountability Passwords Advertising Internet

Swedish court suspended the ban on Huawei equipment

Security Affairs

NOVEMBER 12, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Wireless

Wireless Internet Internet Manufacturing

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Mobile

Mobile Manufacturing Internet Internet

Czech public radio says Huawei Czech Unit secretly collected data

Security Affairs

JULY 22, 2019

In December 2018, the Czech National Cyber and Information Security Agency warned against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. The Chinese firm was already excluded by several countries from building their 5G internet networks.

Manufacturing

Manufacturing Internet Internet Advertising

AWS mitigated largest DDoS attack ever of 2.3 Tbps

Security Affairs

JUNE 17, 2020

Tbps that took place in March 2018. Tbps that took place in March 2018. The protocol is used to connect, search, and modify shared internet directories, a CLDAP DDoS can amplify traffic to 70 times its volume. Tbps , it was a Memcached DDoS reflection attack blocked by NETSCOUT Arbor in March 2018.

DDOS

DDOS Advertising Internet Internet

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking

Hacking Penetration Testing Data breaches Authentication

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Wireless

Wireless Internet Internet Advertising

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Related: ‘Cyber Pearl Harbor’ happens every day Some 15 months earlier, in March 2018, Atlanta was hit by a similar assault, and likewise refused to pay a $51,000 ransom, eating $17 million in damage. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Ransomware

Ransomware Internet Internet Hacking

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

In 2018, we learned that hackers had disrupted various communications systems used by American natural gas pipeline companies by breaching the third-party operators of those systems; while those attacks did not disrupt gas supplies, they did cause reporting problems and billing delays. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. In April 2018 , Schuchman develops a new DDoS botnet alone, it was based on the Qbot malware family.

IoT

IoT DDOS Internet Internet

Czech cyber-security agency warns over Huawei, ZTE security threat

Security Affairs

DECEMBER 18, 2018

. “The main issue is a legal and political environment of the People’s Republic of China, where (the) aforementioned companies primarily operate,” reads a statement issued by the Czech National Cyber and Information Security Agency. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Advertising Internet Internet

Insider Threat to Google as it fires 36 employees in 2020

CyberSecurity Insiders

AUGUST 16, 2021

Well, this is indeed an interesting news piece to all those who are interested in Information Security. Insider Threat has not only forced Google to terminate 26 people in 2019 and 18 in 2018, but it also made the web search giant belief less on manpower and employee more AI driven robots.

Data privacy

Data privacy Internet Internet Information Security

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

The flaw discovered by SEC Consult Vulnerability Lab researchers has been tracked as CVE-2018-9195, the experts also published a proof-of-concept (PoC) code to trigger it. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. .”

Encryption

Encryption Antivirus Advertising DNS

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

The Last Watchdog

JANUARY 9, 2024

The market has also grown by 1,600% since 2018 , displaying an interest that shows no signs of slowing. Everyone in the company is responsible for maintaining information security and applying protective measures in line with established policies. These industries are growing in popularity and demand.

Technology

Technology Cybersecurity Risk Mobile

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464.

DDOS

DDOS Malware Advertising Passwords

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption

Encryption Government Artificial Intelligence Surveillance

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Malware Internet Internet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

Ryuk first appeared in the threat landscape in August 2018 as a derivative of the Hermes 2.1 ransomware, that was first spotted in late 2017 and was available for sale on the open market as of August 2018. Several groups of experts linked both TrickBot and Ryuk threats to cybercrime gangs operating out of Russia.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

In March 2018, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

Data breaches

Data breaches Passwords Advertising Telecommunications

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Report: U.S. Cyber Command Behind Trickbot Tricks

Webinars

Trending Sources

Massive DDoS attack brought down 25% Iranian Internet connectivity

Webinars

Reading the 2019 Internet Crime Complaint Center (IC3) report

M?ris Bot infects MikroTik routers compromised in 2018

Russian internet watchdog Roskomnadzor bans six more VPN services

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

ICANN Launches Service to Help With WHOIS Lookups

At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet

Authorities shut down Crimenetwork, the Germany’s largest crime marketplace

Vulnerabilities in Weapons Systems

Russia is going to disconnect from the internet as part of a planned test

Poland probes Pegasus spyware abuse under the PiS government

Google Responds to Warrants for “About” Searches

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

Experts found multiple flaws in Mercedes-Benz infotainment system

Local Networks Go Global When Domain Names Collide

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Developer of DDoS Mirai based botnets sentenced to prison

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

538 Million Weibo users’ records being sold on Dark Web

Swedish court suspended the ban on Huawei equipment

Belgium telecom operators Proximus and Orange drop Huawei

Czech public radio says Huawei Czech Unit secretly collected data

AWS mitigated largest DDoS attack ever of 2.3 Tbps

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Sweden bans Huawei and ZTE from building its 5G infrastructure

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Creator of multiple IoT botnets, including Satori, pleaded guilty

Czech cyber-security agency warns over Huawei, ZTE security threat

Insider Threat to Google as it fires 36 employees in 2020

Some Fortinet products used hardcoded keys and weak encryption for communications

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Encryption: One Of The Most Powerful Ways To Keep Data Private – But Governments Want To Outlaw It

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Russia-linked Energetic Bear APT behind San Francisco airport attacks

A new Zerobot variant spreads by exploiting Apache flaws

Stay Connected