2021, Hacking and Information Security - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, REvil ransomware gang )

Ransomware

Ransomware Hacking Malware Cybercrime

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. Victims include AMD and Keralty.

Hacking

Hacking Healthcare Backups Ransomware

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

Under-resourced Information Security Managers were not performing their business as usual role (including a NIST-based cybersecurity review of systems) but were working on evaluating security controls for the COVID-19 vaccination system.

Antivirus

Antivirus Hacking Ransomware CISO

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Mazda Connect) ” reads the advisory.

Hacking

Hacking Firmware Software Manufacturing

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Security Affairs

MARCH 3, 2025

authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binances BNB Chain.

Cryptocurrency

Cryptocurrency Hacking Cyber Attacks Marketing

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Hacking Government

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

Russia first blocked Tor in 2021, but at the time the censorship was bypassed via bridges. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, WebTunnel bridges) .” reads the announcement published by Tor Project.

Government

Government Internet Internet Hacking

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software

Software Architecture Media Engineering

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, NETGEAR )

Firmware

Firmware Authentication Hacking Information Security

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. This approach allowed covert access, credential theft, and data exfiltration while bypassing traditional security audits.

Telecommunications

Telecommunications DNS Passwords Hacking

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). Top three for beginning: hacking, error, and social.

Data breaches

Data breaches Social Engineering Ransomware Phishing

Finnish police linked APT31 to the 2021 parliament attack

Security Affairs

MARCH 26, 2024

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. According to the police, the offences were committed between autumn 2020 and early 2021.

Hacking

Hacking Government Technology Information Security

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

Ransomware

Ransomware Healthcare Hacking Malware

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024. Attorney Erek L.

Cybercrime

Cybercrime Ransomware Healthcare Education

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

Security Affairs

OCTOBER 11, 2022

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. Please review KB89027 for more information.”

Authentication

Authentication Hacking Information Security

China-linked spies target Asian Telcos since at least 2021

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS

DNS Malware Media Encryption

Acer Philippines disclosed a data breach after a third-party vendor hack

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data.

Data breaches

Data breaches Computers and Electronics Hacking Cybercrime

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

The Apache Software Foundation urges organizations to address a vulnerability, tracked as CVE-2021-31805, affecting Struts versions ranging 2.0.0 SecurityAffairs – hacking, Apache). The post CVE-2021-31805 RCE bug in Apache Struts was finally patched appeared first on Security Affairs. To nominate, please visit:?

Software

Software Hacking Cybersecurity Information Security

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents , threat actors used the malware to target European shipping firms (2024), European governments (2021-2023), Chinese dissident groups, and Indo-Pacific governments, including Taiwan and Japan. A French law enforcement agency has gained access to the C2 server (45.142.166.112) used to control the malware.

Malware

Malware Government Hacking Cybersecurity

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Security Affairs

FEBRUARY 2, 2025

A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. By 2021, key members had founded WeCodeSolutions in Lahore, seemingly to legitimize their earnings from HeartSender.

Cybercrime

Cybercrime Advertising Phishing Hacking

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication

Authentication Hacking Software Information Security

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe. . “Organizations can defend against password spraying by building credential hygiene and hardening cloud identities.”

Passwords

Passwords Wireless VPN Accountability

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

SEPTEMBER 10, 2023

Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. Margaret’s Health announced it is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system.

Hacking

Hacking Ransomware Healthcare Cyber Attacks

A ransomware attack disrupted services at Pittsburgh Regional Transit

Security Affairs

DECEMBER 26, 2024

In April 2021, China-linked APT breached New York Citys Metropolitan Transportation Authority (MTA) network exploiting a Pulse Secure zero-day. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Pittsburgh Regional Transit)

Ransomware

Ransomware Cyber Attacks Hacking Cybersecurity

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021. SecurityAffairs – hacking, AiTM phishing). The post Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021? appeared first on Security Affairs. Pierluigi Paganini.

Phishing

Phishing Authentication Social Engineering Passwords

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

Security Affairs

SEPTEMBER 30, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Motel One ) The post ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One appeared first on Security Affairs. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Hacking

Hacking Ransomware Manufacturing Media

U.S. authorities charged an Iranian national for long-running hacking campaign

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. According to DoJ, from at least in or about 2016 through or about April 2021, Nasab and other co-conspirators carried out a coordinated multi-year campaign to breach computers worldwide. ” concludes DoJ.

Hacking

Hacking Identity Theft Social Engineering Accountability

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking

Hacking Ransomware Computers and Electronics Marketing

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Security Affairs

SEPTEMBER 24, 2023

The Alphv ransomware group claims to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles. On September 23, the group announced the hack of the company and the theft of sensitive data, including partners’ documents. Clarion Japan is the Japanese subsidiary of Clarion Co.,

Manufacturing

Manufacturing Hacking Data breaches Ransomware

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

China-linked APT UNC3886 exploits VMware zero-day since 2021

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.

Firewall

Firewall Accountability Malware Hacking

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.A. , the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Hacking

Hacking Ransomware Data breaches Manufacturing

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.

Scams

Scams Media Cryptocurrency Cybercrime

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

In January 2021, law enforcement authorities in the U.S. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware) million as a result of the offenses charged in the indictment. The law enforcement also seized $454,530.19 in cryptocurrency obtained from ransom payments.

Ransomware

Ransomware Healthcare Government Cryptocurrency

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, SOC Burnout)

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, DLP Risk Assessment)

Risk

Risk Cybersecurity Data breaches Cyber threats

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., ” Stern wrote.

Ransomware

Ransomware Cryptocurrency DDOS Scams

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 8, 2025

Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist Serbian student activists phone hacked using Cellebrite zero-day exploit Qilin ransomware gang claimed responsibility for the Lee Enterprises attack Meta fired 20 employees for leaking information, more firings expected International Press Newsletter Cybercrime U.S.

Data breaches

Data breaches Hacking Artificial Intelligence Cybercrime

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Four REvil Ransomware members sentenced for hacking and money laundering

Trending Sources

RansomHouse gang claims the hack of the Loretto Hospital in Chicago

On the Irish Health Services Executive Hack

Mazda Connect flaws allow to hack some Mazda vehicles

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Experts found multiple flaws in Mercedes-Benz infotainment system

Netgear urges users to upgrade two flaws impacting WiFi router models

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Finnish police linked APT31 to the 2021 parliament attack

Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Russian Phobos ransomware operator faces cybercrime charges

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Poland probes Pegasus spyware abuse under the PiS government

VMware has yet to fix CVE-2021-22048 flaw in vCenter Server disclosed one year ago

China-linked spies target Asian Telcos since at least 2021

Acer Philippines disclosed a data breach after a third-party vendor hack

CVE-2021-31805 RCE bug in Apache Struts was finally patched

FBI deleted China-linked PlugX malware from over 4,200 US computers

Law enforcement seized the domains of HeartSender cybercrime marketplaces

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Chinese threat actors use Quad7 botnet in password-spray attacks

Rhysida Ransomware gang claims to have hacked three more US hospitals

A ransomware attack disrupted services at Pittsburgh Regional Transit

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

U.S. authorities charged an Iranian national for long-running hacking campaign

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

New Leak Shows Business Side of China’s APT Menace

China-linked APT UNC3886 exploits VMware zero-day since 2021

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Crazy Evil gang runs over 10 highly specialized social media scams

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

From Risk Assessment to Action: Improving Your DLP Response

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected