Security Affairs

MARCH 25, 2025

Source: Daryna Antoniuk’s X account “The online systems of Ukrzaliznytsia suffered a large-scale targeted cyberattack. “The key objective of the enemy was not achieved: train movement is stable, running on time without delays, and all operational processes are running in backup mode. .”

Backups 117

Backups Cyber Attacks Media Hacking 117

Security Affairs

DECEMBER 4, 2024

Veeam Service Provider Console (VSPC) is a management and monitoring solution designed for service providers offering backup, disaster recovery, and cloud services. that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. ” reads the advisory.

Backups 113

Backups Ransomware Accountability Hacking 113

Security Affairs

OCTOBER 11, 2024

Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. reads the advisory.

Backups 130

Backups Ransomware VPN Authentication 130

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., continues the report.

Firewall 75

Firewall Hacking Malware Passwords 75

Malwarebytes

DECEMBER 2, 2024

Ptitsyn and his co-conspirators hacked not only large corporations but also schools, hospitals, nonprofits, and a federally recognized tribe, and they extorted more than $16 million in ransom payments.” Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Don’t get attacked twice.

Ransomware 117

Ransomware Backups Small Business Malware 117

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 106

Accountability Scams Hacking Cryptocurrency 106

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 141

Hacking Data breaches Advertising Backups 141

Security Affairs

OCTOBER 20, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

Schneier on Security

MAY 6, 2019

They obtained the data by hacking any one of the hundreds of companies you entrust with the data­ -- and you have no visibility into those companies' security practices, and no recourse when they lose your data. Enable two-factor authentication for all important accounts whenever possible. They have your address and phone number.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

Security Affairs

SEPTEMBER 13, 2021

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. SecurityAffairs – hacking, E2EE). Pierluigi Paganini.

Backups 100

Backups Encryption Passwords Accountability 100

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches 116

Data breaches Cryptocurrency Artificial Intelligence Cybercrime 116

Security Affairs

JUNE 16, 2023

An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico.

Backups 98

Backups Spyware Malware Accountability 98

Security Affairs

APRIL 8, 2023

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments.

Backups 98

Backups Spyware Ransomware Education 98

Security Affairs

JANUARY 25, 2021

The researcher Rajshekhar Rajaharia analyzed the leaked data, it is a MongoDB database of 6GB that contains three backup files with BuyUcoin data. The leaked data contains Name, Email, Mobile, bank account numbers, PAN Number, Wallets Details etc. What if someone used my account in any illegal activity. Pierluigi Paganini.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. Tripwire’s tips for all organizations on avoiding ransomware attacks include: Making secure offsite backups. healthcare organizations. “They are targeting a lot of U.S.

Healthcare 325

Healthcare Backups Ransomware Insurance 325

Security Affairs

DECEMBER 17, 2024

Recommendations include timely patching, using strong and unique passwords, enabling multi-factor authentication, implementing security tools to detect abnormal activity, auditing accounts, scanning for open ports, segmenting networks, updating antivirus software, and creating offline backups.

Architecture 107

Architecture Internet Internet Malware 107

Security Affairs

APRIL 4, 2023

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. CVSS score: 8.1).

Backups 98

Backups Ransomware Authentication Penetration Testing 98

Krebs on Security

JULY 29, 2022

” According to 911, the service was hacked in early July, and it was discovered that someone manipulated the balances of a large number of user accounts. 911 said the intruders abused an application programming interface (API) that handles the topping up of accounts when users make financial deposits with the service.

Cybercrime 320

Cybercrime Software VPN Backups 320

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.” ” reads an update provided by the company.

Backups 98

Backups Encryption Data breaches Passwords 98

Krebs on Security

DECEMBER 3, 2021

Verified was hacked at least twice in the past five years, and its user database posted online. Cyber intelligence platform Constella Intelligence told KrebsOnSecurity that the operns@gmail.com address was used in 2016 to register an account at filmai.in , which is a movie streaming service catering to Lithuanian speakers. com (2017).

Ransomware 348

Ransomware Passwords Accountability Cybercrime 348

Security Affairs

APRIL 25, 2023

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account.

Authentication 98

Authentication Accountability Backups Education 98

Krebs on Security

OCTOBER 8, 2020

This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have.

Cybercrime 352

Cybercrime Malware VPN Ransomware 352

Krebs on Security

APRIL 11, 2019

As first disclosed by KrebsOnSecurity last summer , Google maintains it has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes. a one-time token, key fob or mobile device).

Mobile 266

Mobile Authentication Passwords Accountability 266

Security Affairs

MARCH 23, 2025

They deploy web shells across subdomains, create admin accounts, and leverage tools like Mimikatz , Fast Reverse Proxy ( FRP ), and Impacket for lateral movement via RDP and PowerShell remoting, ensuring multiple entry points into victim networks. They stage and exfiltrate data, including confidential files and database backups, using SQLCMD.

Backups 67

Backups Healthcare Accountability Malware 67

SecureWorld News

MARCH 12, 2024

When a website gets hacked, the aftermath can be expensive and long-lasting, and the recovery process is often extremely difficult. But what happens if a hack has already occurred? Next, let's discuss the steps to take to recover from a hack. So, instead of panicking, relax and focus on fixing your hacked WordPress site.

Hacking 112

Hacking Passwords Backups Engineering 112

Krebs on Security

AUGUST 2, 2022

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. The various “iboss” email accounts appear to have been shared by multiple parties.

Malware 318

Malware Cybercrime Internet Internet 318

Krebs on Security

FEBRUARY 2, 2021

ValidCC , a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. Group-IB believes UltraRank is responsible for a slew of hacks that other security firms previously attributed to at least three distinct cybercrime groups.

Cybercrime 255

Cybercrime Media Accountability Hacking 255

CyberSecurity Insiders

NOVEMBER 18, 2021

At this stage, the attacker's task is to create a stable channel for delivering various hacking tools and auxiliary data onto the target system. This includes the ability to install software, change its settings, manage backup operations, and more. Once approved, the user's request will be approved for their account.

Accountability 133

Accountability Passwords Authentication Social Engineering 133

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.

Accountability 100

Accountability Authentication Phishing Data breaches 100

Security Affairs

MARCH 12, 2023

Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised. We are working with that customer and have suspended account access as we resolve the issue. The threat actors compromised the single account after having obtained its login credentials.

Accountability 98

Accountability Backups Cybercrime CISO 98

Hacker Combat

FEBRUARY 23, 2021

How to fix your hacked Joomla site is becoming one of the hot topics. If that gets hacked, you need to fix it as soon as possible, because it’s about your brand’s reputation. But just a hack can shatter it down in few seconds. Hence, here you can learn one of the best ways to fix your hacked Joomla site. Make a Backup.

Hacking 95

Hacking Backups Accountability VPN 95

Krebs on Security

JANUARY 2, 2019

29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain. The company has not yet responded to requests for comment. But according to a status update shared by Data Resolution with affected customers on Dec. 29, 2018.

Ransomware 259

Ransomware Malware Backups Accountability 259

Security Affairs

JUNE 1, 2020

Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site ( resources.joomla.org ) on an unsecured Amazon Web Services S3 bucket operated by the company. “JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket.

Data breaches 137

Data breaches Backups Passwords Advertising 137

Security Affairs

AUGUST 12, 2020

The City of Lafayette, Colorado, USA, has been forced to pay $45,000 because they were unable to restore necessary files from backup. The City did not disclose technical details of the hack either the family of ransomware that infected its systems, it only stated that it does not believe any data was stolen. Pierluigi Paganini.

Backups 143

Backups Advertising Ransomware Hacking 143

Krebs on Security

SEPTEMBER 30, 2023

“Experience in backup, increase privileges, mikicatz, network. was also used to register an account at the online game stalker[.]so The above accounts, as well as the email address semen_7907@mail.ru , were all registered or accessed from the same Yekaterinburg Internet address mentioned previously: 31.192.175.63.

Ransomware 277

Ransomware Accountability Cybercrime Backups 277

Security Affairs

FEBRUARY 11, 2025

The Talos researchers discovered a number of features implemented by Phobos allowing operators to establish persistence in a targeted system, perform speedy encryption, and remove backups. Disable system recovery, backup and shadow copies and the Windows firewall. Embedded configuration with more than 70 options available.

Ransomware 71

Ransomware Encryption Backups Malware 71