Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) ” reads the advisory.

Hacking 128

Hacking Firmware Software Manufacturing 128

Krebs on Security

MAY 11, 2021

By all accounts, the most pressing priority this month is CVE-2021-31166 , a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level. 5, 2021 to Microsoft was in Exchange Server.

Wireless 315

Wireless Internet Internet Backups 315

Schneier on Security

JULY 13, 2021

Interesting attack : Masquerading as UK scholars with the University of London’s School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information.

Hacking 362

Hacking Phishing Accountability Cybersecurity 362

Krebs on Security

DECEMBER 19, 2022

men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. conspired to hack into Yahoo email accounts belonging to victims in the United States.

Hacking 328

Hacking Media Passwords Accountability 328

Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 325

Hacking Government Accountability Technology 325

Schneier on Security

FEBRUARY 11, 2022

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices : The report notes that: The HSE did not have a Chief Information Security Officer (CISO) or a “single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction. (..)

Antivirus 351

Antivirus Hacking Ransomware CISO 351

Krebs on Security

MARCH 5, 2021

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. 6, 2021, a day when most of the world was glued to television coverage of the riot at the U.S. ’ But how are they securing their non-cloud products?

Hacking 364

Hacking Software Government Internet 364

Krebs on Security

FEBRUARY 16, 2022

The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes. .” In their online statement about the hack (updated on Feb. Image: Ke-la.com. ” Update, 2:00 p.m., com, moslempress[.]com,

Hacking 295

Hacking Ransomware Media Accountability 295

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. North Korea is the government we know that hacks cryptocurrency in order to fund its operations. Aqua Security researchers have also observed the malware serving as a backdoor to install other families of malware.

Malware 263

Malware Cryptocurrency Internet Internet 263

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking 324

Hacking Social Engineering Phishing Scams 324

Krebs on Security

DECEMBER 13, 2022

In November 2021, KrebsOnSecurity detailed how Pompompurin abused a vulnerability in an FBI online portal designed to share information with state and local law enforcement authorities, and how that access was used to blast out thousands of hoax email messages — all sent from an FBI email and Internet address.

Hacking 363

Hacking Energy and Utilities Cybercrime Accountability 363

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Security Affairs

JANUARY 4, 2025

. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity 121

Cybersecurity IoT Hacking Technology 121

Krebs on Security

DECEMBER 4, 2024

image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. An image tweeted by Matveev showing the Justice Department’s wanted poster for him on a t-shirt. “Mother Russia will help you.

Cybercrime 230

Cybercrime Ransomware Cryptocurrency Government 230

Security Affairs

MARCH 3, 2025

authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binances BNB Chain.

Cryptocurrency 63

Cryptocurrency Hacking Cyber Attacks Marketing 63

Krebs on Security

FEBRUARY 10, 2021

“Some utilities are afraid that if their vulnerabilities are shared the hackers will have some inside knowledge on how to hack them,” Arceneaux said. “He was defending this person who’d hacked into a drinking water system and had gotten all the way to the pumps and control systems,” Weiss recalled.

Hacking 359

Hacking Media Cybersecurity Ransomware 359

Schneier on Security

NOVEMBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking on “Securing a World of Physically Capable Computers” at @Hack on November 29, 2021. The list is maintained on this page.

Hacking 305

Hacking 305

Krebs on Security

FEBRUARY 9, 2023

” Only one of the men sanctioned today is known to have been criminally charged in connection with hacking activity. Secret Service determined that he ran a massive “money mule” scheme, which used phony job offers to trick people into laundering money stolen from hacked small to mid-sized businesses in the United States.

Hacking 235

Hacking Cybercrime Ransomware Government 235

Adam Shostack

JANUARY 2, 2025

Tremendous training opportunities in threat modeling and other topics at Appsec Global 2021 The trainings for OWASP Appsec Global have just been announced!

Hacking 130

Hacking 130

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 135

Data collection Authentication Government Hacking 135

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SEC) The SEC fined the four companies for having downplayed the impact of the attack.

Hacking 114

Hacking Risk Cybersecurity Government 114

Schneier on Security

FEBRUARY 8, 2021

SonicWall is tracking it as SNWLID-2021-0001. Neither SonicWall nor NCC Group said that the hack involving the SonicWall zero-day was linked to the larger hack campaign involving SolarWinds. The SMA 100 series is a line of secure remote access appliances.

Hacking 349

Hacking Engineering Cybersecurity 349

Security Affairs

DECEMBER 2, 2024

Russia first blocked Tor in 2021, but at the time the censorship was bypassed via bridges. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, WebTunnel bridges) .” reads the announcement published by Tor Project.

Government 126

Government Internet Internet Hacking 126

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software 131

Software Architecture Media Engineering 131

eSecurity Planet

MARCH 24, 2025

A sophisticated supply chain hack targeting Oracle Cloud has exfiltrated a staggering 6 million records. The initial access was gained by hacking the login endpoint (login.(region-name).oraclecloud.com), CloudSEKs XVigil uncovered that threat actor rose87168 began selling the stolen data on March 21. region-name).oraclecloud.com),

Risk 121

Risk Passwords Hacking Encryption 121

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. ” Only 4 percent of respondents to an FCC poll said their organization received a new J-1 visa in 2021, and 46 percent said their bureaus were understaffed because of a lack of visas.

Hacking 243

Hacking Passwords Internet Internet 243

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities.

Retail 254

Retail Advertising Cryptocurrency Marketing 254

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, NETGEAR )

Firmware 108

Firmware Authentication Hacking Information Security 108

Troy Hunt

JANUARY 1, 2021

Ok, so these may not be 2021 breaches but I betcha that by next week's update there'll be brand new ones from the new year to discuss. I'll talk more about the last past of the trip then as well as those all new fresh 2021 data breaches I'm sure we'll have by Friday. It's a new year! With lots of breaches to discuss already ?

Data breaches 335

Data breaches Password Management Scams Passwords 335

Security Affairs

MARCH 26, 2024

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. According to the police, the offences were committed between autumn 2020 and early 2021.

Hacking 135

Hacking Government Technology Information Security 135

Schneier on Security

SEPTEMBER 24, 2021

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits: One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools. At the top of the food chain are the government-sponsored hackers.

Hacking 334

Hacking Government Ransomware Technology 334

Security Affairs

FEBRUARY 13, 2025

“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. Since 2021, Seashell Blizzards subgroup has used web shells for persistence, the group was observed exploiting Microsoft Exchange (CVE-2021-34473) and Zimbra (CVE-2022-41352).

Telecommunications 106

Telecommunications DNS Passwords Hacking 106

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. The hacked third-party company manages the Acer employee attendance data. ph1ns told Bleeping Computer that Acer was hacked, but threat actors did not deploy any ransomware. .

Data breaches 137

Data breaches Computers and Electronics Hacking Cybercrime 137

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

Ransomware 117

Ransomware Healthcare Hacking Malware 117

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS 134

DNS Malware Media Encryption 134

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109