Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series.

Password Management 364

Password Management Passwords Encryption Architecture 364

Krebs on Security

NOVEMBER 4, 2022

” In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 270

Scams Artificial Intelligence Cryptocurrency Accountability 270

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. “My team is frustrated by the permissive nature of the platform,” Carbee said. Akiri said he notified the Washington D.C. ”

Banking 330

Banking Government Information Security Authentication 330

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Education 143

Education Government Hacking Risk 143

Security Affairs

DECEMBER 4, 2024

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.

Ransomware 132

Ransomware Telecommunications Healthcare Insurance 132

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations.

Accountability 315

Accountability Cryptocurrency Scams CISO 315

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 322

Malware Software Technology Accountability 322

Krebs on Security

OCTOBER 20, 2023

In an interview with KrebsOnSecurity, Okta’s Deputy Chief Information Security Officer Charlotte Wylie said Okta initially believed that BeyondTrust’s alert on Oct. Maiffret said BeyondTrust followed up with Okta on Oct. 2 was not a result of a breach in its systems. But she said that by Oct.

Social Engineering 329

Social Engineering Engineering Accountability Hacking 329

Security Affairs

MAY 23, 2024

Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Authentication 136

Authentication Hacking Information Security 136

Krebs on Security

SEPTEMBER 24, 2022

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”

Cybercrime 228

Cybercrime Data breaches Malware Ransomware 228

Security Affairs

SEPTEMBER 11, 2024

“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” ” reads the advisory published by the company. High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Critical) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Software 136

Software Authentication IoT Hacking 136

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities.

Phishing 139

Phishing Accountability Information Security Cyber Attacks 139

Security Affairs

JUNE 27, 2024

in April 2022. Technical details and PoC exploit code are publicly available since August 2022. Linux Kernel Flaw CVE-2022-2586 (CVSS score of 7.8) White hat hackers demonstrated an exploit for this issue during the Pwn2Own Vancouver 2022. is a code injection issue in the Jai-Ext open source project. and 1.3.12.

Hacking 130

Hacking Cybersecurity Risk Information Security 130

Schneier on Security

AUGUST 8, 2022

NIST was poised to make final algorithm selections in 2022, with a plan to have a draft standard available for public comment in 2023. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Cryptanalysis over the competition was brutal.

Encryption 358

Encryption Architecture Engineering Information Security 358

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “ In November 2022, Medibank announced that personal data belonging to around 9.7M

Government 141

Government Insurance Ransomware Hacking 141

Security Affairs

OCTOBER 19, 2024

The researchers pointed out that despite IE’s end of support in June 2022, the vulnerability still impacted certain Windows applications. Microsoft ended its support for IE in June 2022. The threat actors compromised a Korean online ad agency server, injecting vulnerability code into ad content scripts.

Internet 144

Internet Internet Engineering Malware 144

Security Affairs

JANUARY 30, 2024

in August 2022. “This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: [link] and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal() (CVE-2022-39046, an “uninitialized memory [read] from the heap”).”

Hacking 141

Hacking Software Information Security 141

Security Affairs

MAY 21, 2024

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

Hacking 144

Hacking Ransomware Phishing Malware 144

Security Affairs

DECEMBER 6, 2023

CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2022-22071 was included in our May 2022 public bulletin. Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks.

Surveillance 140

Surveillance Hacking Cybersecurity Risk 140

Krebs on Security

JANUARY 24, 2023

In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. “Thanks to you, we are now developing in the field of information security and anonymity!,” But that action did not name any defendants. Kloster’s blog enthused. “We

Cybercrime 259

Cybercrime Advertising IoT Malware 259

Security Affairs

MARCH 7, 2024

The figure marks a 22% surge in reported losses compared to 2022. In 2023, the FBI IC3 received a record number of complaints, totaling 880,418, which represents a nearly 10% increase in complaints received compared to 2022. billion in 2022 to $4.57 billion in 2023. billion in 2023 (+38%). billion in losses.

Cybercrime 143

Cybercrime Internet Internet Scams 143

Security Affairs

MAY 15, 2024

From March 2022 until March 2023, a separate version of BreachForums (hosted at breached.vc/.to/.co) The BreachForums hacking forum was launched in 2022 after the law enforcement authorities seized RaidForums as a result of Operation TOURNIQUET. According to the statement published by law enforcement on the site breachforums.ic3.gov

Hacking 140

Hacking Cybercrime Information Security 140

Security Affairs

JUNE 5, 2024

In August 2022, Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. Microsoft reported the issue to TikTok in February 2022, and the company quickly addressed it.

Accountability 139

Accountability Hacking Malware Information Security 139

Daniel Miessler

SEPTEMBER 12, 2021

It might be that it’s time for a bigger adjustment than ever for 2022. Instead, start with the purpose of the project and the output you want it to produce for a defined audience, and then look at the data, and then the list. In doing the first two, be willing to completely reconsider the list. A reframing.

Software 364

Software Information Security 364

Security Affairs

JANUARY 2, 2024

The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.

Ransomware 140

Ransomware Encryption Insurance Malware 140

Security Affairs

NOVEMBER 20, 2023

3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts. According to court documents, on November 18, 2022, Garrison launched the attack against the betting site, obtaining access to approximately 60,000 user accounts.

Accountability 142

Accountability Hacking Passwords Cybercrime 142

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. ” Orn advertising Araneida Scanner in Feb. 2023 on the forum Cracked.

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Krebs on Security

JULY 21, 2023

A review of the executives pages published by the 2022 list of Fortune 100 companies found only four — BestBuy , Cigna , Coca-Cola , and Walmart — that listed a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) in their highest corporate ranks.

CSO 217

CSO CISO Insurance Risk 217

Security Affairs

APRIL 9, 2024

BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. After the repository containing the open-source tool was taken down in September 2022, it has since been cloned and modified by other threat actors.

Engineering 139

Engineering Malware Phishing Hacking 139

Security Affairs

FEBRUARY 6, 2024

.” The attack chain starts with the exploitation of the CVE-2022-42475 vulnerability for FortiGate devices. reads the advisory published by the security vendor.

Malware 140

Malware Firmware VPN Backups 140

Daniel Miessler

JUNE 28, 2022

1/10 — Dave Kennedy (@HackingDave) June 17, 2022. We have brand new candidates lacking "hands on" experience coming into the workforce and finding it extremely difficult to find a job. One can absolutely argue that it isn’t Mangacorn’s responsibility to fix this, but that’s the problem isn’t it?

Cybersecurity 364

Cybersecurity Government Information Security 364

Security Affairs

DECEMBER 3, 2024

In June 2022, the controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least five countries in the region. “We will not allow the PiS machine to further destroy democracy, lead Poland to the East and sovietise our country,” Karnowski told Reuters.

Spyware 125

Spyware Government Surveillance Hacking 125

Security Affairs

JANUARY 23, 2024

The gang published some screenshots as proof of the attack, including passports, ID cards, and personal information of some employees. The Black Basta ransomware group has been active since April 2022 , like other ransomware operations, it implements a double-extortion attack model.

Hacking 144

Hacking Encryption Ransomware Insurance 144

Security Affairs

OCTOBER 4, 2023

action in network access logs presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory In September 2022, threat actors were observed targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign.

Software 144

Software Accountability Authentication Internet 144

Security Affairs

MAY 15, 2024

The FIOD arrested the man in Amsterdam in August 2022, it is accused of concealing criminal financial flows and facilitating money laundering using Tornado Cash. Tornado Cash was also used to launder more than $96 million of malicious cyber actors’ funds derived from the June 24, 2022 Harmony Bridge Heist, and at least $7.8

Cryptocurrency 132

Cryptocurrency Hacking Cybercrime Information Security 132

Security Affairs

FEBRUARY 9, 2024

In December 2023, Fortinet urged its customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices. The malware survives reboots and firmware upgrades.

VPN 138

VPN Firmware Malware Government 138

Security Affairs

OCTOBER 27, 2024

The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022. in March 2022. Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was arrested on October 8, 2021, while he was trying to enter Poland.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144