Information and Internet - Cyber Security Informer

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Robot Dog Internet Jammer

Schneier on Security

JULY 24, 2024

A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media. The Border Security Expo is open only to law enforcement and defense contractors. ” Slashdot thread. . ” Slashdot thread.

Internet

Internet Internet Computers and Electronics Media

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Hi, robot: Half of all internet traffic now automated

Malwarebytes

APRIL 16, 2025

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic. Bad bots do all kinds of unpleasant things.

Internet

Internet Internet Passwords Artificial Intelligence

Windscribe Acquitted on Charges of Not Collecting Users’ Data

Schneier on Security

APRIL 28, 2025

Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather than pursuing information through standard corporate channels.

VPN

VPN Internet Internet Data collection

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Schneier on Security

DECEMBER 5, 2023

Before the internet, putting someone under surveillance was expensive and time-consuming. Surveillance has become the business model of the internet, and there’s no reasonable way for us to opt out of it. What was manual and individual has become bulk and mass. Spying is another matter. Corporations will spy on people.

Surveillance

Surveillance Internet Internet Government

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies , could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Risk

Risk Artificial Intelligence Mobile Encryption

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

SEPTEMBER 14, 2023

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. We possess the tools to craft a better, more trustworthy internet.

Internet

Internet Internet Technology Risk

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The CIA triad has evolved with the Internet. The emphasis on making information available overshadowed other concerns. the Internet of today. The first is granular access, which allows users and organizations to maintain precise control over who can access and modify what information and for what purposes.

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

BEARHOST prides itself on the ability to evade blocking by Spamhaus , an organization that many Internet service providers around the world rely on to help identify and block sources of malware and spam. Kaspersky did not respond to repeated requests for comment. Image: cidr-report.org.

Malware

Malware Antivirus Software DDOS

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. “We have been playing cat and mouse for a while with these guys,” said Matt Sciberras , chief information security officer at Invicti.

Hacking

Hacking Cybercrime Advertising Data breaches

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. ” “Thus, this information should be taken cautiously until confirmed. Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

“All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims. com), and uses a similar Google Forms page to collect information from would-be members. ” Further reading: Silent Push report, Russian Intelligence Targeting its Citizens and Informants.

Phishing

Phishing Government Engineering Internet

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking

Hacking Accountability Government Social Engineering

No, it’s not OK to delete that new inetpub folder

Malwarebytes

APRIL 14, 2025

Since the empty folder is generally associated with an Internet Information Services (IIS) feature that most users will not be running, this called for an explanation. Internet Information Services (IIS) is a web server platform created by Microsoft to host websites, web applications, and services on Windows systems.

Internet

Internet Internet Authentication Accountability

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. from fake websites (phishing sites) disguised as websites of real securities companies.” ” reads the FSA’s alert.

Financial Services

Financial Services Passwords Accountability Antivirus

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS

DDOS Internet Internet Government

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. The entered information went straight to the phishers and allowed the criminals to monitor the emails of those employees.

Accountability

Accountability Banking Internet Internet

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals. Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details.

Data breaches

Data breaches Unstructured Data Identity Theft Healthcare

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. Medical records including diagnoses, treatment history, test results and other medical information that should be private.

Identity Theft

Identity Theft Education Risk Phishing

Omni Family Health data breach impacts 468,344 individuals

Security Affairs

OCTOBER 18, 2024

Omni Family Health is notifying nearly 470,000 individuals that their personal information was compromised in a data breach resulting from a cyberattack that occurred earlier this year. The organization discovered the security breach on August 7, 2024, following claims that information was taken from its systems and leaked on the dark web.

Data breaches

Data breaches Healthcare Insurance Engineering

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. This could dovetail with a national information privacy law. The last thing we need is a patchwork of 50 different laws across the States.

CISO

CISO CSO Risk Cyber threats

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

According to the market share website statista.com , booking.com is by far the Internet’s busiest travel service, with nearly 550 million visits in September. In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. ” Ryan English , an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory.

Internet

Internet Internet Technology Engineering

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

The ultimate goal of these kits, he said, is to phish enough information from victims that their payment cards can be added to mobile wallets and used to buy goods at physical stores, online, or to launder money through shell companies.

Phishing

Phishing Scams Mobile Passwords

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

“In an email to staff sent Thursday, the chief information officer at the Consumer Financial Protection Bureau warned that internal and external work-related meetings and conversations that involve nonpublic data should only be held on platforms such as Microsoft Teams and Cisco WebEx and not on work-issued or personal phones.”

Hacking

Hacking Internet Internet Government

Google now allows digital fingerprinting of its users

Malwarebytes

FEBRUARY 19, 2025

As we reported in July, 2024, the tech giant said that due to feedback from authorities and other stakeholders in advertising, Google was looking at a new path forward in finding the balance between privacy and an ad-supported internet. They will even be able to make an informed guess if you visit the same site with a different browser.

Advertising

Advertising VPN Internet Internet

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The cybersecurity firm stated that it does not have sufficient information about any indicators of compromise. We are actively investigating this activity.” 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

8037 or newer The vendor also provided the following mitigation: “To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.”

Firewall

Firewall Firmware VPN Authentication

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Probably the most active Internet address accessing Snatch’s darknet site is 193.108.114[.]41 top , sntech2ch[.]top

Ransomware

Ransomware Internet Internet Phishing

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

MARCH 14, 2024

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., In recent years, automakers, including G.M.,

Insurance

Insurance Internet Internet Surveillance

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as: Personal identifying information (PII) including Social Security Numbers (SSN). Financial information, like your banking credentials and crypto wallets.

Malware

Malware Adware Education Phishing

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The cybersecurity firm states that it does not have sufficient information about any indicators of compromise.

Firewall

Firewall Authentication Internet Internet

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The cyber spies stole information belonging to targeted individuals that was subject to U.S. “T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,” a company spokeswoman told WSJ. “We

Mobile

Mobile Telecommunications Data breaches Hacking

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Kill switch: Blocks your device’s internet access if the VPN connection drops. It ensures that data remains secure and private during transmission or storage.

VPN

VPN Antivirus Internet Internet

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

However, when improperly configured or left exposed to the internet, HMIs become prime targets for cyberattacks. According to Casey Ellis, Founder and Advisor at Bugcrowd, safety-critical control systems like HMIs "should never be on the Internet." Exposing HMI systems to the Internet can have serious consequences," Raju explains.

Internet

Internet Internet Risk Passwords

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Internet

Internet Internet Phishing Scams

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. “It’s possible this is a shakedown by Kaliningrad authorities of a local internet thug who has tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published Dec.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

Barnett said Microsoft’s advisory for this bug doesn’t quite join the dots, but successful exploitation appears to mean that portions of heap memory could be improperly dumped into a log file, which could then be combed through by an attacker hungry for privileged information. “A relatively low CVSSv3 base score of 4.6

System Administration

System Administration Engineering Internet Internet

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. terabytes of sensitive information compromised, the breach affected approximately 500,000 residents, nearly 55% of the city’s population.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website. Easily the longest story this year was an investigation into Stark Industries Solutions , a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

The domain registrar NameCheap found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K. Internet address was used to operate a Discord account that specified a cryptocurrency wallet when asking another user to send funds. ” U.S. ” U.S.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Governments are concerned about protecting citizen information that passes over the Internet and about protecting classified information that moves within its network. Financial services firms have to protect sensitive data like customers bank account information.

Encryption

Encryption Financial Services Technology Risk

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. Compare the internet with ecological systems. Nearly 7,000 flights were canceled.

Marketing

Marketing Software Internet Internet

Internet Archive data breach impacted 31M users

Internet Archive was breached twice in a month

Webinars

Trending Sources

Robot Dog Internet Jammer

Webinars

Hi, robot: Half of all internet traffic now automated

Windscribe Acquitted on Charges of Not Collecting Users’ Data

The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

Experts Flag Security, Privacy Risks in DeepSeek AI App

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

Web 3.0 Requires Data Integrity

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

France’s second-largest telecoms provider Free suffered a cyber attack

When Getting Phished Puts You in Mortal Danger

FBI: Spike in Hacked Police Emails, Fake Subpoenas

No, it’s not OK to delete that new inetpub folder

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Stark Industries Solutions: An Iron Hammer in the Cloud

Scammer robs homebuyers of life savings in $20 million theft spree

South African telecom provider Cell C disclosed a data breach following a cyberattack

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Omni Family Health data breach impacts 468,344 individuals

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Booking.com Phishers May Leave You With Reservations

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Google now allows digital fingerprinting of its users

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

SonicWall warns of an exploitable SonicOS vulnerability

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Automakers Are Sharing Driver Data with Insurers without Consent

Warning over free online file converters that actually install malware

Palo Alto Networks warns of potential RCE in PAN-OS management interface

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Do you actually need a VPN? Your guide to staying safe online!

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

ICANN Launches Service to Help With WHOIS Lookups

U.S. Offered $10M for Hacker Just Arrested by Russia

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Happy 15th Anniversary, KrebsOnSecurity!

Alleged ‘Scattered Spider’ Member Extradited to U.S.

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The CrowdStrike Outage and Market-Driven Brittleness

Stay Connected