2020, Hacking and Information Security - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system. Over 30,000 machines were running Windows 7 (out of support since January 2020).

Antivirus

Antivirus Hacking Ransomware CISO

How a researcher earned $100,000 hacking a Facebook server

Security Affairs

JANUARY 12, 2025

Sadeghipour made the headlines for other important disclosures, in October 2020 he was part of a team of researchers that received hundreds of thousands of dollars in bug bounties for reporting 55 vulnerabilities as part of the Apple bug bounty program. Other organizations could suffered similar issues.

Hacking

Hacking Media Information Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

“ Flax Typhoon is a China-linked hacking group that has been active since 2021, it targets critical infrastructure globally, exploiting vulnerabilities for persistent access. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co.,

Firewall

Firewall Hacking Malware Passwords

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 6, 2025

The vulnerability CVE-2020-15069 (CVSS score of 9.8) Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA Known Exploited Vulnerabilities catalog ) is a Remote Code Execution flaw in Microsoft Outlook. . ” reads the advisory published by Microsoft.

Firewall

Firewall Hacking Cybersecurity Risk

Brazilian citizen charged for threatening to release data stolen from a company in 2020

Security Affairs

DECEMBER 27, 2024

charges for allegedly threatening to release data stolen from a company in a March 2020 security breach. government has charged the Brazilian citizen Junior Barros De Oliveira, 29, with allegedly threatening to release data stolen from a company during a March 2020 security breach. A Brazilian citizen faces U.S.

Hacking

Hacking Government Data breaches Information Security

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. in attacks in the wild.

Ransomware

Ransomware VPN Education Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Russia-linked threat actors threaten the UK and its allies, minister to say

Security Affairs

NOVEMBER 25, 2024

He will allege that Russian state-aligned hacking groups have executed at least nine cyberattacks against NATO nations, targeting critical infrastructure. In September 2024, the FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020.

Cyber Attacks

Cyber Attacks Government Hacking Cyber threats

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Security Affairs

MARCH 8, 2025

The company announced it will enhance security measures, improve service quality, and promptly disclose updates while maintaining customer confidentiality. In May 2020, NTT Communications (NTT Com) disclosed a data breach that impacted hundreds of customers.

Data breaches

Data breaches Mobile Hacking Malware

New LightSpy spyware version targets iPhones with destructive capabilities

Security Affairs

NOVEMBER 1, 2024

The experts discovered five active C2 servers linked to the new version, with the latest deployment date listed as October 26, 2022, despite using a vulnerability patched in 2020. The authors utilized the publicly available Safari exploit CVE-2020-9802 for initial access and CVE-2020-3837 for privilege escalation.

Spyware

Spyware Media Malware Hacking

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. The attacks hit law enforcement agencies in Washington, D.C.

Ransomware

Ransomware Healthcare Hacking Malware

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

Security Affairs

SEPTEMBER 22, 2024

GreyNoise Intelligence firm warns of a mysterious phenomenon observed since January 2020, massive waves of spoofed traffic called Noise Storms. GreyNoise Intelligence has been tracking a mysterious phenomenon since January 2020 consisting of massive waves of spoofed traffic, tracked by the experts as ‘Noise Storms.’

DDOS

DDOS Internet Internet Cyber threats

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

NSO Group continued using WhatsApp exploits, including spyware called Erised, even after being sued for violating anti-hacking laws. 2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. continues the court filing.

Spyware

Spyware Surveillance Software Hacking

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability

Accountability Hacking Banking Government

A British national has been charged for his execution of a hack-to-trade scheme

Security Affairs

SEPTEMBER 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits.

Hacking

Hacking Accountability Passwords Cybercrime

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S.

Cybercrime

Cybercrime Advertising Phishing Hacking

A ransomware attack disrupted services at Pittsburgh Regional Transit

Security Affairs

DECEMBER 26, 2024

In April 2021, China-linked APT breached New York Citys Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. In December 2020, Egregor ransomware operators hit Metro Vancouvers transportation agency TransLink causing the disruption of its services and payment systems.

Ransomware

Ransomware Cyber Attacks Hacking Cybersecurity

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

pic.twitter.com/YJavUu53v3 — vx-underground (@vxunderground) October 7, 2023 BleepingComputer was able to verify with the help of the popular malware researcher Michael Gillespie that that source code is legitimate and is related to the first version of the ransomware that was employed in 2020.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. Abdali Hospital provides care to patients in numerous specialties.

Ransomware

Ransomware Hacking Manufacturing Healthcare

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts. Energy China [link] TL;DR That's huuuge!

Ransomware

Ransomware Hacking Engineering Manufacturing

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc. ? At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information of their TTPs and infrastructure. SecurityAffairs – hacking, North Korea).

Hacking

Hacking VPN Internet Internet

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.” SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Hacking Malware Encryption

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. King Edward VII’s Hospital in London has been breached by Rhysida Ransomware.

Ransomware

Ransomware Hacking Manufacturing Healthcare

Anonymous hacked other Russian organizations, some of the breaches could be severe

Security Affairs

APRIL 20, 2022

Synesis Surveillance System – Anonymous claims to have hacked the Synesis and Kipod surveillance systems. According to DDoSecrets, data was gathered in August 2020. One of the most active hacking crew, the Network Battalion 65, also claimed to have hacked another Russian bank, JSC Bank PSCB. GB in size.

Hacking

Hacking Banking Surveillance Engineering

Get ready for the 2021 Google CTF

Google Security

JUNE 18, 2021

Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? For those interested, we have published all 2020 Hackceler8 videos for your viewing pleasure here. Our annual Google CTF is back! Teams can register at [link]. in prize money.

Hacking

Hacking Engineering Information Security

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

In August 2020, the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware) million ransom to recover its files. and foreign government organizations.

Ransomware

Ransomware Healthcare Government Cryptocurrency

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware

Malware Software Technology Accountability

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Security Affairs

OCTOBER 16, 2024

. “A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

Data breaches

Data breaches Media Cybercrime Accountability

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Security Affairs

OCTOBER 16, 2022

According to Zimbra users, the vulnerability is actively exploited since early September 2020. SecurityAffairs – hacking, Zimbra). The post Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug appeared first on Security Affairs. a user wrote on the Zimbra forum. Pierluigi Paganini.

Hacking

Hacking Antivirus Telecommunications Engineering

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In that breach, which occurred in October 2020, a hacker using the handle “Ransom Man” threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand. By that time, Kivimäki was no longer in Finland, but the Finnish government nevertheless charged Kivimäki in absentia with the Vastaamo hack.

Cybercrime

Cybercrime Hacking Data breaches Banking

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Between 2020 and 2022, attackers launched multiple campaigns to exploit zero-day vulnerabilities in publicly accessible network appliances, focusing on WAN-facing services. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China-linked threat actors)

Firmware

Firmware Government Firewall Malware

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 23, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) In jQuery 1.0.3

Hacking

Hacking Cybersecurity Risk Information Security

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

pw has been registered and abandoned by several parties since 2014, but the most recent registration data available through DomainTools.com shows it was registered in March 2020 to someone in Krasnodar, Russia with the email address edgard011012@gmail.com. In May 2020, Zipper told another Lolzteam member that quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware) ” concludes the report that includes Indicators of compromise (IoCs).

Banking

Banking Phishing Malware Passwords

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. The group has been active since 2020, they use web shells for command execution and data theft.

Energy and Utilities

Energy and Utilities Passwords VPN Healthcare

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication

Authentication Hacking Software Information Security

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

At the end of October 2020, the US-CERT published a report on Kimuskys recent activities that provided information on their TTPs and infrastructure. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Emerald Sleet)

Phishing

Phishing Malware Security Intelligence Hacking

Apache fixed a critical SQL Injection in Apache Traffic Control

Security Affairs

DECEMBER 25, 2024

Early this month, The Apache Software Foundation released a security update to address a possible remote code execution flaw in Struts 2 that is related to the OGNL technology. The remote code execution flaw, tracked asCVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes.

Software

Software Hacking Technology Information Security

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

On the Irish Health Services Executive Hack

Trending Sources

How a researcher earned $100,000 hacking a Facebook server

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Chinese national charged for hacking thousands of Sophos firewalls

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Brazilian citizen charged for threatening to release data stolen from a company in 2020

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Russia-linked threat actors threaten the UK and its allies, minister to say

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

New LightSpy spyware version targets iPhones with destructive capabilities

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

Russian Phobos ransomware operator faces cybercrime charges

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

A British national has been charged for his execution of a hack-to-trade scheme

Law enforcement seized the domains of HeartSender cybercrime marketplaces

A ransomware attack disrupted services at Pittsburgh Regional Transit

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida ransomware gang claimed China Energy hack

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Anonymous hacked other Russian organizations, some of the breaches could be severe

Get ready for the 2021 Google CTF

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

3CX Breach Was a Double Supply Chain Compromise

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug

Alleged Extortioner of Psychotherapy Patients Faces Trial

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

Interview With a Crypto Scam Investment Spammer

Crooks are reviving the Grandoreiro banking trojan

China-linked APT Silk Typhoon targets IT Supply Chain

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

North Korea-linked APT Emerald Sleet is using a new tactic

Apache fixed a critical SQL Injection in Apache Traffic Control

Stay Connected