Information and Internet - Cyber Security Informer

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Robot Dog Internet Jammer

Schneier on Security

JULY 24, 2024

A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media. The Border Security Expo is open only to law enforcement and defense contractors. ” Slashdot thread. . ” Slashdot thread.

Internet

Internet Internet Computers and Electronics Media

Transacting in Person with Strangers from the Internet

Krebs on Security

SEPTEMBER 9, 2022

But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions. These safe trading places exist because sometimes in-person transactions from the Internet don’t end well for one or more parties involved. Nearly all U.S. Nearly all U.S.

Internet

Internet Internet Banking Surveillance

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

DECEMBER 5, 2023

Before the internet, putting someone under surveillance was expensive and time-consuming. Surveillance has become the business model of the internet, and there’s no reasonable way for us to opt out of it. What was manual and individual has become bulk and mass. Spying is another matter. Corporations will spy on people.

Surveillance

Surveillance Internet Internet Government

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The CIA triad has evolved with the Internet. The emphasis on making information available overshadowed other concerns. the Internet of today. The first is granular access, which allows users and organizations to maintain precise control over who can access and modify what information and for what purposes.

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. We possess the tools to craft a better, more trustworthy internet.

Internet

Internet Internet Technology Risk

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Kaspersky did not respond to repeated requests for comment. Image: cidr-report.org.

Malware

Malware Antivirus Software DDOS

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Hacking Cybercrime Advertising Data breaches

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

“All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims. com), and uses a similar Google Forms page to collect information from would-be members. ” Further reading: Silent Push report, Russian Intelligence Targeting its Citizens and Informants.

Phishing

Phishing Government Engineering Internet

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. ” “Thus, this information should be taken cautiously until confirmed. Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking

Hacking Accountability Government Social Engineering

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS

DDOS Internet Internet Government

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability

Accountability Banking Internet Internet

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware

Malware Adware Education Phishing

Omni Family Health data breach impacts 468,344 individuals

Security Affairs

OCTOBER 18, 2024

Omni Family Health is notifying nearly 470,000 individuals that their personal information was compromised in a data breach resulting from a cyberattack that occurred earlier this year. The organization discovered the security breach on August 7, 2024, following claims that information was taken from its systems and leaked on the dark web.

Data breaches

Data breaches Healthcare Insurance Engineering

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. This could dovetail with a national information privacy law. The last thing we need is a patchwork of 50 different laws across the States.

CISO

CISO CSO Risk Cyber threats

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet

Internet Internet Technology Engineering

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. Medical records including diagnoses, treatment history, test results and other medical information that should be private.

Identity Theft

Identity Theft Education Risk Phishing

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

The ultimate goal of these kits, he said, is to phish enough information from victims that their payment cards can be added to mobile wallets and used to buy goods at physical stores, online, or to launder money through shell companies.

Phishing

Phishing Scams Mobile Passwords

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

“In an email to staff sent Thursday, the chief information officer at the Consumer Financial Protection Bureau warned that internal and external work-related meetings and conversations that involve nonpublic data should only be held on platforms such as Microsoft Teams and Cisco WebEx and not on work-issued or personal phones.”

Hacking

Hacking Internet Internet Government

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware

Ransomware Internet Internet Phishing

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The cybersecurity firm stated that it does not have sufficient information about any indicators of compromise. We are actively investigating this activity.” 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

8037 or newer The vendor also provided the following mitigation: “To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.”

Firewall

Firewall Firmware VPN Authentication

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Governments are concerned about protecting citizen information that passes over the Internet and about protecting classified information that moves within its network. Financial services firms have to protect sensitive data like customers bank account information.

Encryption

Encryption Financial Services Technology Risk

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

MARCH 14, 2024

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., In recent years, automakers, including G.M.,

Insurance

Insurance Internet Internet Surveillance

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The cybersecurity firm states that it does not have sufficient information about any indicators of compromise.

Firewall

Firewall Authentication Internet Internet

German Police Raid DDoS-Friendly Host ‘FlyHosting’

Krebs on Security

MARCH 31, 2023

Authorities in Germany this week seized Internet servers that powered FlyHosting , a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. The German authorities did not name the suspects or the Internet service in question. This post will be updated in the event they respond.

DDOS

DDOS Internet Internet Cybercrime

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. “We

Mobile

Mobile Telecommunications Data breaches Hacking

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Kill switch: Blocks your device’s internet access if the VPN connection drops. It ensures that data remains secure and private during transmission or storage.

VPN

VPN Antivirus Internet Internet

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Internet

Internet Internet Phishing Scams

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

Barnett said Microsoft’s advisory for this bug doesn’t quite join the dots, but successful exploitation appears to mean that portions of heap memory could be improperly dumped into a log file, which could then be combed through by an attacker hungry for privileged information. “A relatively low CVSSv3 base score of 4.6

System Administration

System Administration Engineering Internet Internet

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

However, when improperly configured or left exposed to the internet, HMIs become prime targets for cyberattacks. According to Casey Ellis, Founder and Advisor at Bugcrowd, safety-critical control systems like HMIs "should never be on the Internet." Exposing HMI systems to the Internet can have serious consequences," Raju explains.

Internet

Internet Internet Risk Passwords

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. “It’s possible this is a shakedown by Kaliningrad authorities of a local internet thug who has tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published Dec.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Google now allows digital fingerprinting of its users

Malwarebytes

FEBRUARY 19, 2025

As we reported in July, 2024, the tech giant said that due to feedback from authorities and other stakeholders in advertising, Google was looking at a new path forward in finding the balance between privacy and an ad-supported internet. They will even be able to make an informed guess if you visit the same site with a different browser.

Advertising

Advertising VPN Internet Internet

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 31, 2025

Last week, Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Researchers at SANS Internet Storm Center warned that the two issues are actively exploited in attacks. reads the advisory.

Software

Software Passwords Internet Internet

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

. “These offenders have been traveling nationwide, using stolen credit card information to purchase gift cards and launder funds,” Knox County Chief Deputy Bernie Lyon wrote. “During Mondays operation, we recovered gift cards valued at over $23,000, all bought with unsuspecting victims information.”

Phishing

Phishing Mobile Scams Banking

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

Source NewsBytes The Port of Seattle first reported experiencing an internet and web systems outage. The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. Please visit our cyberattack webpage for additional information.”

Data breaches

Data breaches Ransomware Cyber Attacks Manufacturing

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. terabytes of sensitive information compromised, the breach affected approximately 500,000 residents, nearly 55% of the city’s population.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Accountability

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Clicking to view the “live stream” of the funeral takes one to a newly registered website that requests credit card information. The Internet address of livestreamnow[.]xyz Livestreamnow[.]xyz

Scams

Scams DNS Internet Internet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The core Manipulaters product is Heartsender , a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365 , Yahoo , AOL , Intuit , iCloud and ID.me , to name a few.

Phishing

Phishing Cybercrime Advertising Malware

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Security Affairs

OCTOBER 24, 2024

As additional information becomes available through our investigations, Mandiant will update this blog’s attribution assessment.” Mandiant urges organizations that may have their FortiManager exposed to the internet to conduct a forensic investigation. ” continues the report. 202 on the default port TCP/541.

Authentication

Authentication Internet Internet Hacking

Internet Archive data breach impacted 31M users

Internet Archive was breached twice in a month

Trending Sources

Robot Dog Internet Jammer

Transacting in Person with Strangers from the Internet

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Web 3.0 Requires Data Integrity

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

When Getting Phished Puts You in Mortal Danger

France’s second-largest telecoms provider Free suffered a cyber attack

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Stark Industries Solutions: An Iron Hammer in the Cloud

Scammer robs homebuyers of life savings in $20 million theft spree

Booking.com Phishers May Leave You With Reservations

Warning over free online file converters that actually install malware

Omni Family Health data breach impacts 468,344 individuals

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

SonicWall warns of an exploitable SonicOS vulnerability

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

Automakers Are Sharing Driver Data with Insurers without Consent

Palo Alto Networks warns of potential RCE in PAN-OS management interface

German Police Raid DDoS-Friendly Host ‘FlyHosting’

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Do you actually need a VPN? Your guide to staying safe online!

ICANN Launches Service to Help With WHOIS Lookups

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

U.S. Offered $10M for Hacker Just Arrested by Russia

Google now allows digital fingerprinting of its users

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Arrests in Tap-to-Pay Scheme Powered by Phishing

Port of Seattle ‘s August data breach impacted 90,000 people

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Stay Connected