Schneier on Security

JANUARY 16, 2025

.” Details : To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

Malware 243

Malware Hacking Software 243

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government 144

Government Hacking Ransomware Insurance 144

Security Affairs

DECEMBER 8, 2024

On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. In 2023, upon discovering the cyber attack, the Anna Jaques Hospital took the impacted systems down and launched an investigation into the security breach. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches 116

Data breaches Insurance Healthcare Ransomware 116

Krebs on Security

APRIL 11, 2023

On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206 , which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code. iOS 15.5.7, and macOS 12.6.5 and 11.7.6.

Social Engineering 295

Social Engineering Ransomware Internet Internet 295

Krebs on Security

NOVEMBER 1, 2024

In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware. SecureWorks said these attacks had been going on since at least March 2023. million phishing attempts in 2023.” A scan of social media networks showed this is not an uncommon scam.

Phishing 263

Phishing Accountability Artificial Intelligence Cybercrime 263

Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 330

Hacking Accountability Passwords Cybersecurity 330

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

Krebs on Security

AUGUST 15, 2024

We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida. USDoD said the data stolen from National Public Data had traded hands several times since it was initially stolen in December 2023.

Hacking 350

Hacking Data breaches Identity Theft Accountability 350

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 336

Hacking Cybercrime Phishing Passwords 336

Security Affairs

MARCH 24, 2025

The Cloak ransowmare group has been active since at least 2023 and breached more than one hundred organizations across the years. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware) ” reads a report published by Halcyon.

Ransomware 102

Ransomware Hacking Social Engineering VPN 102

Krebs on Security

JULY 11, 2023

They include CVE-2023-32049 , which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Software 246

Software Malware Antivirus Ransomware 246

Schneier on Security

OCTOBER 14, 2024

It can also exploit CVE-2023-33246, a vulnerability with a severity rating of 10 out of 10 that was patched last year in Apache RocketMQ, a messaging and streaming platform that’s found on many Linux machines. North Korea is the government we know that hacks cryptocurrency in order to fund its operations.

Malware 264

Malware Cryptocurrency Internet Internet 264

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. Source: Reliaquest.com. ” The DOJ said it also recovered more than 6.5

Hacking 310

Hacking Malware Ransomware Government 310

Krebs on Security

MARCH 7, 2025

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing…

Password Management 260

Password Management Hacking Passwords 260

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 258

Retail Advertising Cryptocurrency Marketing 258

Schneier on Security

MAY 17, 2024

“The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums,” reads a dedicated subdomain on the FBI’s IC3 portal. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc ”

Hacking 312

Hacking Accountability Ransomware Internet 312

Security Affairs

JANUARY 4, 2025

“ Flax Typhoon is a China-linked hacking group that has been active since 2021, it targets critical infrastructure globally, exploiting vulnerabilities for persistent access. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. critical infrastructure sectors.“

Cybersecurity 122

Cybersecurity IoT Hacking Technology 122

Krebs on Security

NOVEMBER 5, 2024

Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required).

Cybercrime 277

Cybercrime Mobile Media Hacking 277

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile 113

Mobile Telecommunications Data breaches Hacking 113

Tech Republic Security

JULY 8, 2024

Last year, hackers breached an online forum used by OpenAI employees and stole confidential information about the firm’s AI systems.

Hacking 191

Hacking Artificial Intelligence Cybersecurity 191

Security Affairs

JANUARY 21, 2025

.” Below is the list of flaws discovered by the researchers: CVE-2024-37602 CVE-2024-37600 CVE-2024-37603 CVE-2024-37601 CVE-2023-34406 CVE-2023-34397 CVE-2023-34398 CVE-2023-34399 CVE-2023-34400 CVE-2023-34401 CVE-2023-34402 CVE-2023-34403 CVE-2023-34404 The details for each of the above flaws will be published here: [link].

Software 132

Software Architecture Media Engineering 132

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency 105

Cryptocurrency Hacking Government Accountability 105

Tech Republic Security

JULY 12, 2024

Businesses and individuals with AT&T accounts from May 1, 2022 to October 31, 2022 and on January 2, 2023 will be notified if their data was affected.

Hacking 198

Hacking Accountability Big data Telecommunications 198

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 136

Data collection Authentication Government Hacking 136

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. The Treasury Department sanctioned the ransomware actor.

Ransomware 117

Ransomware Healthcare Hacking Malware 117

Security Affairs

JANUARY 25, 2025

In February 2023, Cisco fixed a critical flaw, tracked as CVE-2023-20032(CVSS score: 9.8), in ClamAV product. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser. Google OSS-Fuzz reported this vulnerability.

Antivirus 133

Antivirus Software Engineering Malware 133

Security Affairs

OCTOBER 16, 2024

. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on the Tor network since 2023, in cooperation with the Swedish police, and confiscated their contents. The darknet market has been active since February 2023, it was used by criminals to sell narcotics anonymously.

Marketing 120

Marketing Cybercrime Scams Hacking 120

Security Affairs

DECEMBER 19, 2024

Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. The researcher also noticed that the vulnerability CVE-2023-34990 can be chained with CVE-2023-48782 (CVSS score of 8.8) through 8.6.5

Wireless 104

Wireless Authentication Healthcare Education 104

Security Affairs

DECEMBER 3, 2024

In March 2023, Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. ” reported TechCrunch.

Spyware 117

Spyware Government Surveillance Hacking 117

Schneier on Security

SEPTEMBER 17, 2024

From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware.

Malware 303

Malware Social Engineering Engineering Hacking 303

Security Affairs

NOVEMBER 21, 2024

The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio , LastPass , DoorDash , and Mailchimp. Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109

Security Affairs

FEBRUARY 26, 2025

The two vulnerabilities are: CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability The first vulnerability, CVE-2023-34192 (CVSS score: 9.0), is a cross-site scripting (XSS) issue in Synacor ZCS.

Authentication 101

Authentication Hacking Cybersecurity Risk 101

Security Affairs

DECEMBER 23, 2024

The decision stems from a March 2023 investigation and aligns with the EDPB’s guidance on AI-driven services and personal data processing. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ChatGPT) ” reads the press release published by Italy’s Garante.

Artificial Intelligence 107

Artificial Intelligence Data collection Data breaches Hacking 107

Security Affairs

JANUARY 31, 2025

In October 2024, VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked as CVE-2023-34051 , in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The vulnerability CVE-2023-34051 (CVSS score 8.1)

Authentication 106

Authentication Hacking Cybersecurity Information Security 106

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, NETGEAR )

Firmware 108

Firmware Authentication Hacking Information Security 108

Krebs on Security

DECEMBER 4, 2024

image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. An image tweeted by Matveev showing the Justice Department’s wanted poster for him on a t-shirt. “Mother Russia will help you.

Cybercrime 233

Cybercrime Ransomware Cryptocurrency Government 233

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 107

Architecture Internet Internet Malware 107