Event, Hacking and Information Security

On the Irish Health Services Executive Hack

Schneier on Security

FEBRUARY 11, 2022

It had no documented cyber incident response runbooks or IT recovery plans (apart from documented AD recovery plans) for recovering from a wide-scale ransomware event. Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. The antivirus server was later encrypted in the attack).

Antivirus

Antivirus Hacking Ransomware CISO

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

million records containing employee data on the hacking forum BreachForums. Compromised data includes names, contact information, building locations, email addresses, and more. Exposed data did not include Social Security numbers or financial information. A threat actor using the handle Nam3L3ss leaked over 2.8

Data breaches

Data breaches Hacking Ransomware Technology

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Security Affairs

OCTOBER 24, 2024

On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. ” reads the announcement published by ZDI. ” reads the announcement published by ZDI. CONFIRMED!!

Hacking

Hacking Information Security

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection

Data collection Engineering Malware Hacking

Scammers live-streamed on YouTube a fake Apple crypto event

Security Affairs

SEPTEMBER 10, 2022

Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. SecurityAffairs – hacking, scam).

Scams

Scams Advertising Hacking Information Security

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., concludes the report.

Firewall

Firewall Hacking Malware Passwords

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications

Telecommunications Software Technology Healthcare

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

. “The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.” Upon detecting specific events (e.g.,

Banking

Banking Malware Accountability Phishing

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. “By exploiting the event timing between clicks, attackers can seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. ” concludes the post.

Accountability

Accountability Authentication Hacking Information Security

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics

Computers and Electronics Banking Marketing Hacking

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware

Malware Encryption Phishing Hacking

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. disclosed a data breach that exposed its customers’ credit card data after threat actors hacked a third-party application from its e-commerce providerBigCommerce. ” concludes the notification.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

This widespread geographical distribution of “Free Leaksmas” event highlights the extensive global reach and severe impact of these cybercriminal activities.

Identity Theft

Identity Theft Data breaches Hacking Government

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities. ” concludes the report.

Ransomware

Ransomware Encryption Passwords Backups

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) The company has disabled public access to the site while we continue the investigation.

Cybercrime

Cybercrime Data breaches Technology Banking

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

On November 20, a verified Bohemia administrator provided on the dark web forum Dread information about the disruptions affecting the marketplace. “The statement claims that in a “shameful and disgruntled set of events” a lead developer went “rogue”, withdrawing small amounts of Bitcoin (BTC) over a period of just over a month.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

. “In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,California Cryobank)

Data breaches

Data breaches Banking Insurance Hacking

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

DECEMBER 21, 2020

In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor” reads the post published by Mic rosoft. “In

Hacking

Hacking Malware Software Information Security

Sophisticated hacking campaign uses Windows and Android zero-days

Security Affairs

JANUARY 12, 2021

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. And who puts "informational" event logging in their Android downloader malware? SecurityAffairs – hacking, Project Zero). Pierluigi Paganini.

Hacking

Hacking Engineering Malware Information Security

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

“Following these events, and during 2024, various cyberattacks against other entities, public bodies and even Spanish universities took place.” “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.” ” continues the press release.

Cybercrime

Cybercrime Government Data breaches Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

“The attackers have identified a method that causes login events to be logged in the Non-Interactive Sign-In logs, which may result in reduced security visibility and response.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Passwords

Passwords Accountability Authentication Malware

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

Severe monitoring events are flagged and shared on WeChat for internal handling, raising privacy concerns due to China’s cybersecurity laws. A leaked document from September 2023 shows tasks related to sensitive word detection and forwarding asset identifiers to Zhao Nannan, linked to political events in Shanghai.

Government

Government Cybersecurity Hacking Internet

ESXi ransomware attacks use SSH tunnels to avoid detection

Security Affairs

JANUARY 27, 2025

Configuring log forwarding is essential to streamline monitoring and centralize event capture. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ESXi ransomware attacks)

Ransomware

Ransomware Authentication Hacking Cybersecurity

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

Related: High-profile healthcare hacks in 2021. The risks are real, and the impact of cybersecurity events continues to grow. Healthcare organizations often single out Personal Identifiable Information (PII) and Protected Health Information (PHI). What additional business information is critical? Scheduling?

Healthcare

Healthcare Cyber Attacks Education Social Engineering

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, data breach) The company disabled public access to the site while we continue the investigation.

Data breaches

Data breaches Cybercrime Authentication Technology

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

DECEMBER 2, 2022

Keyboard and mouse apps connect to a server on a desktop or laptop computer and transmit mouse and keyboard events to a remote server. SecurityAffairs – hacking, Android Keyboard). The post Android Keyboard Apps with 2 Million downloads can remotely hack your device appeared first on Security Affairs.

Hacking

Hacking Authentication Mobile Passwords

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

Security Affairs

AUGUST 19, 2021

On January 31, 2020 the Bureau receives its second CISA request to investigate the compromised servers and a few days later, on February 5, 2020, the Bureau confirmed that other servers were hacked. SecurityAffairs – hacking, Citrix). ” states the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Firewall Ransomware Accountability

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’

Security Boulevard

NOVEMBER 20, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’ appeared first on Security Boulevard.

Hacking

Hacking Architecture Education Information Security

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Security Affairs

OCTOBER 20, 2023

This will ensure that the HTTP Server feature is not unexpectedly enabled in the event of a system reload.” VulnCheck researchers observed that the vulnerability was exploited in a large-scale hacking campaign targeting Cisco IOS XE routers and switches. concludes the advisory that also includes Indicators of Compromise (IoCs).”After

Hacking

Hacking Internet Internet Accountability

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Notably, another prominent ransomware group DragonForce took the lead capitalizing on these events. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, BlackLock)

Ransomware

Ransomware Cybersecurity Healthcare Accountability

Get ready for the 2021 Google CTF

Google Security

JUNE 18, 2021

Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Whether you’re a seasoned CTF player or just curious about cyber security and ethical hacking, we want you to join us. Our annual Google CTF is back! Teams can register at [link]. in prize money.

Hacking

Hacking Engineering Information Security

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

We encourage all customers to follow security, identity, and compliance best practices. In the event a customer suspects they may have exposed their credentials, they can start by following the steps listed in this post. As always, customers can contact AWS Support with any questions or concerns about the security of their account.

Encryption

Encryption Ransomware Authentication Accountability

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

Security Affairs

MARCH 23, 2023

The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day of the event, the organization awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities demonstrated by the participants. Master of Pwn points.

Hacking

Hacking Information Security

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

Security Affairs

MARCH 24, 2023

The researchers @hoangnx99 , @rskvp93 , and @_q5ca from Team Viettel ( @vcslab ) chained 2 vulnerabilities to hack Microsoft Teams. The team also won the Tesla Model 3 they have hacked. The researcher dungdm ( @_piers2 ) of Team Viettel ( @vcslab ) exploited an uninitialized variable and a UAF bug to hack Oracle VirtualBox.

Hacking

Hacking Media Information Security

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

critical infrastructure in the event of a major crisis or conflict with the United States. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China)

VPN

VPN Government Malware Manufacturing

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

NOVEMBER 16, 2023

At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 The leaked information also had employee names and emails. Those logs were mainly attributable to cybersecurity software such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM).

IoT

IoT Government Cyber threats Software

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

My Definitions of Event, Alert, and Incident. A definitions reminder: Incident : A security event that compromises the integrity, confidentiality or availability of an information asset. For incidents, the breakdown was: dos (hacking), phishing (social), other, and then ransomware (malware). Content extraction.

Data breaches

Data breaches Social Engineering Ransomware Phishing

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. SecurityAffairs – hacking, Pwn2Own Vancouver 2022 ).

Hacking

Hacking Cybersecurity Information Security

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Security Affairs

MARCH 24, 2025

They patched the Event Tracing for Windows (ETW) to suppress event logs and bypassed the Antimalware Scan Interface (AMSI) by modifying amsi.dll, allowing malicious PowerShell execution. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, China)

Telecommunications

Telecommunications Encryption Accountability Firewall

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Security Affairs

MAY 19, 2022

Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). Below is the list of hacking attempts against Microsoft Teams: SUCCESS – Hector “p3rr0” Peralta was able to demonstrate an improper configuration against Microsoft Teams.

Hacking

Hacking Cybersecurity Information Security

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

Security Affairs

JUNE 1, 2023

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. ” In the event that the security breach is verified, it is reasonable to speculate that the ransomware group might have compromised sensitive and possibly classified information.

Technology

Technology Hacking Ransomware Manufacturing

On the Irish Health Services Executive Hack

Amazon discloses employee data breach after May 2023 MOVEit attacks

Trending Sources

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Scammers live-streamed on YouTube a fake Apple crypto event

Chinese national charged for hacking thousands of Sophos firewalls

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Russia warns financial sector organizations of IT service provider LANIT compromise

New version of Android malware FakeCall redirects bank calls to scammers

DoubleClickjacking allows clickjacking on major websites

A crime ring compromised Italian state databases reselling stolen info

PLAYFULGHOST backdoor supports multiple information stealing features

ZAGG disclosed a data breach that exposed its customers’ credit card data

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Bitdefender released a decryptor for the ShrinkLocker ransomware

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Cactus ransomware gang claims the Schneider Electric hack

California Cryobank, the largest US sperm bank, disclosed a data breach

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Sophisticated hacking campaign uses Windows and Android zero-days

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

A large botnet targets M365 accounts with password spraying attacks

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

ESXi ransomware attacks use SSH tunnels to avoid detection

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

Cisco states that the second data leak is linked to the one from October

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

New Leak Shows Business Side of China’s APT Menace

DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

BlackLock Ransomware Targeted by Cybersecurity Firm

Get ready for the 2021 Google CTF

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

China’s Volt Typhoon botnet has re-emerged

Vietnam Post exposes 1.2TB of data, including email addresses

Analysis of the 2021 Verizon Data Breach Report (DBIR)

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

BlackCat claims the hack of the Casepoint legal technology platform used by US agencies

Stay Connected