Hacking, Internet and Risk - Cyber Security Informer

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

On the Catastrophic Risk of AI

Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”

Risk

Risk Artificial Intelligence Technology Internet

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. and its allies for hacking activities in July. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Meanwhile, while business logic hacks, supply chain holes, and cyber extortion continue to loom large. Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard.

Cyber threats

Cyber threats CISO IoT Phishing

How internet-facing webcams could put your organization at risk

Tech Republic Security

MARCH 13, 2023

The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic. By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight.

Internet

Internet Internet Risk IoT

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes.

Software

Software Risk Artificial Intelligence Cyber Attacks

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. What follows is a set of basic security hygiene steps that will significantly reduce your risk online. don’t install software from random places on the internet.

Risk

Risk Passwords Password Management Accountability

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option.

CISO

CISO CSO Risk Cyber threats

This Simple Hack Could Tank Your Business

Adam Levin

JULY 24, 2020

Barely a day goes by without news of an elite hacking team creating a more stealth exploit– malware , elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. Cyberattacks are constantly getting more sophisticated.

Hacking

Hacking Phishing Risk Accountability

Twitter Hacking for Profit and the LoLs

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking

Hacking Accountability Scams Media

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

. “InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads. This is a developing story. Updates will be noted here with timestamps.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

Security Affairs

MARCH 27, 2025

The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, is a US-based telecommunications company that provides broadband internet, cable TV, and phone services. is known for offering high-speed internet and competitive pricing in markets where it competes with larger providers. ” WOW!

Hacking

Hacking Telecommunications Data breaches Internet

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SecureWorld News

OCTOBER 16, 2024

have reported that their devices have been hacked. The flaw has exposed the widely distributed smart vacuums to manipulation by bad actors, raising concerns about the cybersecurity of internet-connected home devices. Later, he realized that despite the vile language, the hack could've been much worse. The video is unnerving.

IoT

IoT Hacking Risk Internet

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. “To minimize the potential impact of an SSH vulnerability, we recommend restricting firewall management to trusted sources or disabling firewall SSH management from Internet access.”

Firewall

Firewall Firmware VPN Authentication

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet. It helps mitigate security risks by flagging these files for restricted execution. The 7-Zip users should install the latest version as soon as possible.

Software

Software Internet Internet Hacking

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. In particular, we recommend that you immediately ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking

Hacking B2B Authentication Software

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

With RSA Conference 2021 technical sessions getting underway today, I sat down with Fred Kneip, CEO of CyberGRX , to hash over the notion that a lot of good could come from more systematic sharing of the risk profiles that large enterprises routinely compile with respect to their third-party contractors. Crowdsourcing risk profiles.

Risk

Risk Cyber Risk Insurance Banking

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

It's just another day on the internet when the news is full of headlines about accounts being hacked. The second story was about a number of verified Twitter accounts having been "hacked" and then leveraged in Bitcoin scams. The account holder is the victim but they must also share they blame.

Passwords

Passwords Accountability Hacking Education

Hacker Leaks 270,000 Samsung Customer Records—Stolen Credentials Were Left Unchecked for Years

eSecurity Planet

APRIL 2, 2025

In a troubling security breach, a hacker exposed the personal data of over 270,000 Samsung customers in Germany, freely dumping it on the internet. The hack, attributed to a cybercriminal operating under the alias GHNA, occurred when the attacker accessed a system used by Samsungs German customer service.

Identity Theft

Identity Theft Cybersecurity Scams Accountability

How Hacker's hack Android Devices

Hacker's King

JANUARY 8, 2025

You may also like to read: How Hackers Spy On Hacked Phone? How To Detect and Secure Yourself Hacker's Most Preferred Hacking Techniques These techniques can be described as the most liked techniques of users to hack Android devices. By using this technique, hackers extract any information required to hack your Android device.

Hacking

Hacking Spyware Antivirus Passwords

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” Experts believe that threat actors are aimed at gathering intelligence.

Mobile

Mobile Government Telecommunications Internet

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The security breach poses a major national security risk. Wall Street Journal reported.

Mobile

Mobile Telecommunications Data breaches Hacking

MY TAKE: Will companies now heed attackers’ ultimatum in the MOVEit-Zellis supply chain hack?

The Last Watchdog

JUNE 12, 2023

The cybersecurity community is waiting for the next shoe to drop in the wake of the audacious MOVEit-Zellis hack orchestrated by the infamous Russian hacking collective, Clop. ” Post SolarWinds This is a prime example of what multi-stage supply chain hacks have morphed into two years after the milestone SolarWinds hack.

Hacking

Hacking Risk Cyber threats Cybercrime

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

The Last Watchdog

MAY 31, 2022

Related: Log4J’s long-run risks. It supplies a unified vulnerability and risk management solution that automates vulnerability management processes and workflows. This kind of thing can be rectified by adopting risk-assessment principles alongside CD/CI. Risk-tolerance security. That’s changing — dramatically.

Risk

Risk Digital transformation Software Technology

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches

Data breaches Cryptocurrency Cybercrime Artificial Intelligence

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

OCTOBER 6, 2024

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” ” reported the WSJ. Wall Street Journal reported.

Hacking

Hacking Government Internet Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] us , a site unabashedly dedicated to helping people hack email and online gaming accounts. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Internet

Internet Internet Software Engineering

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

The security breach poses a major national security risk. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” Experts suspect the state-sponsored hackers have gathered extensive internet traffic and potentially compromised sensitive data.

Government

Government Telecommunications Surveillance Risk

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

The same types of security risks impact businesses, whatever their size. They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. This can be compounded by certain enterprises using the Internet of Things (IoT) that don’t have good security.

Hacking

Hacking Penetration Testing Data breaches Authentication

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 31, 2025

Researchers at SANS Internet Storm Center warned that the two issues are actively exploited in attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, Cisco Smart Licensing Utility vulnerability) The IT giant also released software updates that address these flaws.

Software

Software Passwords Internet Internet

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Nearly 7,000 flights were canceled. Tallying the total cost will take time.

Marketing

Marketing Software Internet Internet

Vladimir Putin’s Thank You Letter To Pro-Ukraine Hackers

Joseph Steinberg

MARCH 8, 2022

Thank you for not listening to your own cybersecurity experts when they told you to “ Stop hacking Russian websites – you are helping the Russians, not the Ukrainians.” And, of course, you also put your own nations at future risk through your support for vigilantism and anarchy.

Hacking

Hacking Artificial Intelligence Penetration Testing Government

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Related: Poll confirms rise of Covid 19-related hacks. A VPN encrypts all internet traffic so that it is unreadable to anyone who intercepts it. This keeps your information away from prying eyes, such as internet service providers and hackers. The main problem for remote workers is the threat to online security.

VPN

VPN Passwords Firewall Risk

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised. The attack goes to show that, truly, nothing Internet-connected is sacred."

Password Management

Password Management Passwords CISO Cybersecurity

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Security Affairs

OCTOBER 24, 2024

Mandiant urges organizations that may have their FortiManager exposed to the internet to conduct a forensic investigation. “Organizations that may have their FortiManager exposed to the internet should conduct a forensic investigation immediately.” ” concludes Mandiant. ” concludes Mandiant.

Authentication

Authentication Internet Internet Hacking

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Security Affairs

FEBRUARY 19, 2025

The company warns that the risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. The security vendor recommends restricting access to trusted internal IP addresses to minimize the risk of exploitation. h4 >= 11.2.4-h4

Firewall

Firewall Authentication Architecture Internet

Bad Consumer Security Advice

Schneier on Security

DECEMBER 4, 2018

To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack into a VPN. I get that unsecured Wi-Fi is a risk, but does anyone actually follow this advice?

Accountability

Accountability Passwords VPN Mobile

U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 7, 2025

“This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA Known Exploited Vulnerabilities catalog )

Authentication

Authentication Internet Internet Hacking

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing. During transit the message remains encrypted the entire time it is moving across the internet. What that means is only the person sending it and the person receiving it can read it.

Encryption

Encryption Identity Theft Media Telecommunications

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. But like nearly all innovation, there are risks involved.

IoT

IoT Manufacturing Internet Internet

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

The security breach poses a major national security risk. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk.” Experts suspect the state-sponsored hackers have gathered extensive internet traffic and potentially compromised sensitive data.

Government

Government Telecommunications Surveillance Risk

Internet Archive was breached twice in a month

On the Catastrophic Risk of AI

Webinars

Trending Sources

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Webinars

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

How internet-facing webcams could put your organization at risk

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

10 Behaviors That Will Reduce Your Risk Online

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

This Simple Hack Could Tank Your Business

Twitter Hacking for Profit and the LoLs

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)

CISA Order Highlights Persistent Risk at Network Edge

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SonicWall warns of an exploitable SonicOS vulnerability

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Hacker Leaks 270,000 Samsung Customer Records—Stolen Credentials Were Left Unchecked for Years

How Hacker's hack Android Devices

T-Mobile detected network intrusion attempts and blocked them

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

MY TAKE: Will companies now heed attackers’ ultimatum in the MOVEit-Zellis supply chain hack?

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Microsoft Issues Emergency Fix for IE Zero Day

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

The CrowdStrike Outage and Market-Driven Brittleness

Vladimir Putin’s Thank You Letter To Pro-Ukraine Hackers

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Bad Consumer Security Advice

U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog

Americans urged to use encrypted messaging after large, ongoing cyberattack

New IoT Security Regulations

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Stay Connected