Information Security and Internet - Cyber Security Informer

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group.

Hacking

Hacking Cybercrime Advertising Data breaches

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. In a security advisory published Aug. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. ”

Internet

Internet Internet Technology Engineering

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs

OCTOBER 29, 2023

IT Army of Ukraine hacktivists have temporarily disrupted internet services in some of the territories that have been occupied by Russia. Ukrainian hacktivists belonging to the IT Army of Ukraine group have temporarily disabled internet services in some of the territories that have been occupied by the Russian army.

Internet

Internet Internet Telecommunications DDOS

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023.

Cybercrime

Cybercrime Internet Internet Scams

NSA buys internet browsing records from data brokers without a warrant

Security Affairs

JANUARY 29, 2024

National Security Agency (NSA) admitted to buying internet browsing records from data brokers to monitor Americans’ activity online without a court order. released documents that confirmed the National Security Agency (NSA) buys Americans’ internet browsing records without a court order. Senator Ron Wyden, D-Ore.,

Internet

Internet Internet Surveillance Government

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

OCTOBER 9, 2020

On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers. The Post said U.S.

Ransomware

Ransomware Internet Internet Passwords

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

Security Affairs

MARCH 9, 2024

The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762. This week, researchers at the Shadowserver Foundation announced that nearly 150,000 devices are still potentially impacted by the issue despite Fortinet added it to the catalog.

Internet

Internet Internet VPN Engineering

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085.

Internet

Internet Internet Ransomware Authentication

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. Palo Alto Networks recommended reviewing best practices for securing management access to its devices. . We are actively investigating this activity.” 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.”

Internet

Internet Internet DNS Telecommunications

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China-linked threat actors have breached several U.S. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

8037 or newer The vendor also provided the following mitigation: “To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.”

Firewall

Firewall Firmware VPN Authentication

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. ” Palo Alto Networks recommends reviewing best practices for securing management access to its devices.

Firewall

Firewall Authentication Internet Internet

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The Real Internet of Things: Details and Examples. How to use this model.

Authentication

Authentication Passwords Internet Internet

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

JULY 24, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. is a use-after-free issue in Microsoft Internet Explorer 6 through 8. is a use-after-free issue in Microsoft Internet Explorer 6 through 8.

Internet

Internet Internet Hacking Accountability

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

“We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” If you’ve ever thought about running a Tor bridge, now is the time.

Government

Government Internet Internet Hacking

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Daniel Miessler

DECEMBER 18, 2021

Just to point out to those panicking about this right now: this is a very uncommon situation to be vulnerable from this cve in a “readily exploitable from the internet” way. And the internet moves fast. And Nate figured this out like 4 days ago! So, if you’re already patched to 2.15 This also applies to the DoS that 2.17

Internet

Internet Internet Information Security

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Security Affairs

NOVEMBER 12, 2024

Below are the descriptions for these two vulnerabilities: CVE-2024-43451 : An NTLM Hash Disclosure Spoofing vulnerability in MSHTML allows attackers to extract a user’s NTLMv2 hash via Internet Explorer components in WebBrowser control. Although user interaction is needed, attackers can still exploit this to impersonate the victim.

Internet

Internet Internet Hacking Data breaches

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

Yet, it is important to understand that, if deployed without proper planning or otherwise utilized improperly, encryption can also become a dangerous double-edged sword; it can sometimes even detract from information security rather than enhance it.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." The attack goes to show that, truly, nothing Internet-connected is sacred." Identity security is paramount in today's threat landscape.

Password Management

Password Management Passwords CISO Cybersecurity

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

JANUARY 20, 2022

Zero Trust is a concept, an approach to information security that dramatically deviates from the approach commonly taken at businesses worldwide by security professionals for many years. . • Zero Trust cannot be purchased off the shelf even from a combination of vendors. So, what is Zero Trust – in layman’s terms?

Cybersecurity

Cybersecurity Artificial Intelligence Ransomware Social Engineering

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

was used by tens of millions of websites approximately 4% of all sites on the internet which highlights the severity of the incident, whose full impact is yet to be determined. However, delegating tasks also introduces new information security challenges. Why does it matter? According to Cloudflare, Polyfill.io

Internet

Internet Internet Risk Social Engineering

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.

Software

Software Internet Internet Hacking

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

At issue is a well-known security and privacy threat called “ namespace collision ,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. SSL/TLS certs). Image: Defcon.org.

DNS

DNS Internet Internet Authentication

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Security Affairs

OCTOBER 24, 2024

Mandiant urges organizations that may have their FortiManager exposed to the internet to conduct a forensic investigation. As additional information becomes available through our investigations, Mandiant will update this blog’s attribution assessment.” ” concludes Mandiant. ” concludes Mandiant.

Authentication

Authentication Internet Internet Hacking

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Security Affairs

FEBRUARY 19, 2025

The company warns that the risk is higher if the management interface is accessible from the internet or an untrusted network, directly or via a dataplane interface with a management profile. The security vendor recommends restricting access to trusted internal IP addresses to minimize the risk of exploitation.

Firewall

Firewall Authentication Architecture Internet

The Irony of InfoSec’s Reaction to Crytpo, NFTs, and Web3

Daniel Miessler

FEBRUARY 2, 2022

Like, holy s**t, we could very well be in the BBS days of a new type of internet. All this stuff going on—putting aside the hype—could end up being a new substrate for everything, just like the internet in the 90’s. And some hacker types definitely get it. Not everyone has gone negative on this stuff. Or maybe not.

InfoSec

InfoSec Internet Internet Cryptocurrency

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

Many of the exposed IP addresses belong to major providers such as Deutsche Telekom, Vodafone, and other major internet service providers. The majority of devices included in the data leak are located in Mexico (1,603), the USA (679), and Germany (208). FortiNet has yet to comment on the case.

VPN

VPN Passwords Firewall Firmware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Many of the infected systems were Internet of Things (IoT) devices , including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We

Cybercrime

Cybercrime Advertising IoT Malware

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. And it is increasingly apparent that the advertising-supported Internet is heading for a crash.).

Surveillance

Surveillance Wireless Accountability Architecture

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

. “Attackers have been seen exploiting these vulnerabilities by sending victims specially crafted PDFs, often attached in a phishing email, that when opened on the victim’s machine, the attacker is able to gain arbitrary code execution,” said Christopher Hass , director of information security and research at Automox.

Backups

Backups Ransomware Cyber threats Phishing

Omni Family Health data breach impacts 468,344 individuals

Security Affairs

OCTOBER 18, 2024

“On August 7, 2024, we became aware of claims that information was taken from our systems and posted on the dark web. The dark web is a hidden part of the internet that is not accessible through regular search engines like Google.

Data breaches

Data breaches Healthcare Insurance Engineering

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Chaput said the spammers used more than 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts. that were created from different Internet addresses in Vienna, Austria.

Scams

Scams DDOS Cryptocurrency Accountability

Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex

Security Affairs

JANUARY 9, 2025

Internet monitoring service NetBlocks confirmed a disruption in Nodexs connectivity following the attack on Tuesday night. Internet should work for many. First, we will raise the telephony and call center.” ” reads a message published by the Russian ISP on VKontakte. ” reads an update published by the company.

Backups

Backups Internet Internet Hacking

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

A cyber attack hit Iranian government sites and nuclear facilities Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution Iran and China-linked actors used ChatGPT for preparing attacks Internet Archive data breach impacted (..)

Data breaches

Data breaches Cryptocurrency Artificial Intelligence Cybercrime

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China has long targeted global internet service providers and recent attacks are aligned with past operations linked to Beijing. Wall Street Journal reported. and around the globe.”

Mobile

Mobile Telecommunications Data breaches Hacking

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

"id":null, "title":"partner", "description":null, "location":null, "position_type":"Past", "company_name":"report uri", "company_url":"linkedin.com/company/report-uri", "start_date_year":2017, "end_date_year":null, "start_date_month":11, "end_date_month":null, "company_website":null, "company_size":"1-10", "company_industry":"internet" }, {. "id":null,

Data breaches

Data breaches Technology Software Accountability

Internet Archive data breach impacted 31M users

Internet Archive was breached twice in a month

Trending Sources

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Welcoming the Czech Republic Government to Have I Been Pwned

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

NSA buys internet browsing records from data brokers without a warrant

Report: U.S. Cyber Command Behind Trickbot Tricks

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

SonicWall warns of an exploitable SonicOS vulnerability

Palo Alto Networks warns of potential RCE in PAN-OS management interface

CASMM (The Consumer Authentication Strength Maturity Model)

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

France’s second-largest telecoms provider Free suffered a cyber attack

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Story of the Year: global IT outages and supply chain attacks

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Local Networks Go Global When Domain Names Collide

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

The Irony of InfoSec’s Reaction to Crytpo, NFTs, and Web3

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Who and What is Behind the Malware Proxy Service SocksEscort?

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Google Responds to Warrants for “About” Searches

Microsoft Patches Six Zero-Day Security Holes

Omni Family Health data breach impacts 468,344 individuals

Interview With a Crypto Scam Investment Spammer

Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Why CISA is Warning CISOs About a Breach at Sisense

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Data Enrichment, People Data Labs and Another 622M Email Addresses

Stay Connected