article thumbnail

Latest on the SVR’s SolarWinds Hack

Schneier on Security

Separately, it seems that the SVR conducted a dry run of the attack five months before the actual attack: The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company’s software update servers. We know at minimum they had access Oct.

Hacking 338
article thumbnail

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

Security Affairs

National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since at least August 2019. The CVE-2019-10149 flaw, aka “The Return of the WIZard,” affects versions 4.87

Software 142
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

2011 said he was a system administrator and C++ coder. The indictment against Khoroshev says he used the hacker nickname Putinkrab , and Intel 471 says this corresponds to a username that was first registered across three major Russian cybercrime forums in early 2019. ” Putinkrab’s final post came on August 23, 2019.

article thumbnail

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer. info , allproxy[.]info It shows that in Oct.

article thumbnail

Lousy IoT Security

Schneier on Security

OTA -- over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption (CVE-2019-16270, CVE-2019-16274). Unauthenticated web server: a web server running Android OS on port 8080 discloses all whiteboards stored locally on the device (CVE-2019-16271). These aren't subtle vulnerabilities.

IoT 137
article thumbnail

Cisco fixes a static default credential issue in Smart Software Manager tool

Security Affairs

“The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.” ” An attacker could exploit the flaw by using this default account to connect to a vulnerable system and obtain read and write access to system data.

Software 142
article thumbnail

Adconion Execs Plead Guilty in Federal Anti-Spam Case

Krebs on Security

In 2019, AFRINIC fired a top employee after it emerged that in 2013 he quietly commandeered millions of IPs from defunct African entities or from those that were long ago acquired by other firms, and then conspired to sell an estimated $50 million worth of the IPs to marketers based outside Africa.