2017, Hacking and Information Security - Cyber Security Informer

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I This is not the first time that the company suffered a security breach.

Hacking

Hacking Data breaches Engineering Information Security

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015. ” continues the post.

Hacking

Hacking Accountability Malware Cybersecurity

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Security Affairs

OCTOBER 16, 2020

The Google Cloud team revealed that in September 2017 it has mitigated DDoS attack that reached 2.54 The Google Cloud team revealed that back in September 2017 it has mitigated a powerful DDoS attack that clocked at 2.54 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack.

DDOS

DDOS DNS Advertising Engineering

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. SecurityAffairs – Nazar, hacking). The post Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak appeared first on Security Affairs.

Hacking

Hacking Advertising Malware Engineering

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox ) The post Russians charged with hacking Mt. Gox in 2011 and money laundering.

Hacking

Hacking Cryptocurrency Advertising Banking

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

The spam messages are sent in various European languages, threat actors are exploiting the Microsoft Office and Wordpad CVE-2017-11882 vulnerability. pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD

Security Intelligence

Security Intelligence Advertising Malware Information Security

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection. The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Hacking

Hacking Risk Cybersecurity Information Security

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8

Hacking

Hacking Cyber Attacks Passwords Software

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems.

VPN

VPN Hacking Engineering Information Security

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

FEBRUARY 10, 2020

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The United States Department of Justice officially charged 4 members of the China’s PLA’s 54th Research Institute, a division of the Chinese military, with hacking into credit reporting agency Equifax.

Hacking

Hacking Data breaches Advertising Encryption

Sweden blames Russia for Swedish Sports Confederation hack

Security Affairs

APRIL 13, 2021

The Swedish Sports Confederation organization was compromised in 2017-18 by hackers working for Russian military intelligence, officials said. The information has been published openly and, based on these details, Swedish media have written articles which follow GRU’s narrative of discrediting athletes and sports organisations in the West.”.

Hacking

Hacking Media Government Information Security

Facebook’s official Twitter and Instagram accounts hacked by OurMine

Security Affairs

FEBRUARY 8, 2020

The social network giant Facebook is still the target of hackers, its Facebook and Instagram accounts have been hijacked by the popular hacking group Our M ine. Yesterdat the popular hacking group OurMine hacked the Twitter and Instagram accounts for Facebook and Messenger. SecurityAffairs – OurMine, hacking).

Accountability

Accountability Hacking Media Advertising

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. ” Both Mead and Zaidi were fired by Ticketmaster in 2017.

Hacking

Hacking Passwords Accountability Cybercrime

SEC announces sanctions against entities over email account hacking

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability

Accountability Hacking Financial Services Cybersecurity

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

Security Affairs

MAY 6, 2024

Alexander Vinnik , a Russian national, pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurrency exchange BTC-e from 2011 to 2017. In July 2017 law enforcement shut down the virtual currency exchange.

Cryptocurrency

Cryptocurrency Computers and Electronics Identity Theft Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck filed a $1.4

Insurance

Insurance Manufacturing Ransomware Healthcare

Hackers behind Uber and Lynda hacks plead guilty in data breaches

Security Affairs

OCTOBER 31, 2019

Two hackers have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016 and attempted to extort money from the two companies. Brandon Charles Glover and Vasile Mereacre are two hackers that have pleaded guilty to hacking Uber and LinkedIn’s Lynda.com service in 2016. Pierluigi Paganini. SecurityAffairs –.

Data breaches

Data breaches Hacking Advertising Accountability

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, commercial spyware )

Cryptocurrency

Cryptocurrency Spyware Cybercrime Hacking

North Korea-linked actors breached the emails of a Presidential Office member

Security Affairs

FEBRUARY 15, 2024

The office said it has been monitoring and defending against “constant” hacking attempts presumed to be related to North Korea but “it’s not that the presidential office’s security system got hacked.” South Korea is a privileged target of cyber espionage operations carried out by North Korea-linked APT groups. Recently, a U.N.

Hacking

Hacking Government Accountability Information Security

Gafgyt botnet is targeting EoL Zyxel routers

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware

Firmware Hacking Cybercrime Information Security

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Hacking Advertising Malware

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

APRIL 19, 2021

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, smart meters).

Hacking

Hacking Phishing Accountability Internet

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability

Accountability Hacking Advertising Media

Australian teenager hacked into Apple twice for a job

Security Affairs

JUNE 3, 2019

A teen opted out to hack it twice. Unfortunately, the teen was identified and he has been found guilty of hacking twice into Apple’s infrastructure in 2015 and 2017. . “The boy, who is now 17, faced the Adelaide Youth Court and pleaded guilty to multiple computer hacking charges.” Pierluigi Paganini.

Hacking

Hacking Advertising Technology Cybersecurity

US OCC imposed an $80 Million fine to Capital One for 2019 hack

Security Affairs

AUGUST 9, 2020

Paige Thompson is a transgender woman suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations, in August 2019 he has been indicted on wire fraud and computer fraud. SecurityAffairs – hacking, Capital One). Thompson (33). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Banking Data breaches Advertising

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware

Malware Cryptocurrency Ransomware Hacking

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

Security Affairs

JULY 23, 2020

depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, SecurityAffairs – hacking, CVE-2020-1147). The CVE-2020-1147 vulnerability impacts.NET Core 2.1,NET NET Framework 2.0

Hacking

Hacking Advertising Software Information Security

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

Russian hackers defaced local British news sites

Security Affairs

MAY 13, 2024

According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russian hackers)

Media

Media Accountability Cyber Attacks Hacking

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.” Pierluigi Paganini.

Ransomware

Ransomware Authentication Malware Hacking

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. SecurityAffairs – Mitsubishi Electric, hacking).

Antivirus

Antivirus Hacking Advertising Media

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

APRIL 3, 2021

Thompson for the security breach. THOMPSON posted about the Capital One hack on GitHub, she exploited a misconfigured web application firewall to get access to the data. On July 17, 2019, Capital One was informed of the incident by a GitHub user who saw the post. SecurityAffairs – hacking, Capital One).

Hacking

Hacking Data breaches Banking Small Business

Former CIA employee Joshua Schulte was convicted of Vault 7 massive leak

Security Affairs

JULY 14, 2022

Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency’s hacking tools and leaking them to WikiLeaks in 2017. SecurityAffairs – hacking, Vault7).

Engineering

Engineering Hacking Mobile IoT

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. SecurityAffairs – hacking, Telstra Telecom). Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Accountability Information Security

A cyber attack hit Nissan Oceania

Security Affairs

DECEMBER 7, 2023

The software engineer Tillie Kottmann was informed by an anonymous source that the Git server was exposed online and accessible to anyone using the default login credentials admin/admin. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13

Cyber Attacks

Cyber Attacks Financial Services Scams Data breaches

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

SecurityAffairs – hacking, CISA). The post CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs. With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368. Pierluigi Paganini.

IoT

IoT Accountability Authentication Hacking

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Security Affairs

FEBRUARY 22, 2021

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years before it was leaked online by Shadow Brokers hackers.

Hacking

Hacking Malware Software Information Security

Nigerian National pleads guilty to participating in a millionaire BEC scheme

Security Affairs

SEPTEMBER 24, 2023

The man was extradited from Canada to the United States on April 12, 2023. “According to his plea agreement, from February 2017 until at least July 2017, Simon-Ebo conspired with others to perpetrate a BEC scheme.” According to the US authorities, fraudulent activities caused losses of more than $6 million to the victims.

Accountability

Accountability Banking Hacking Cybercrime

The German BSI agency recommends replacing Kaspersky antivirus software

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. SecurityAffairs – hacking, BSI).

Antivirus

Antivirus Software Manufacturing Information Security

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Uber hacked, internal systems and confidential documents were allegedly compromised

Webinars

Trending Sources

Russian APT28 hacker accused of the NATO think tank hack in Germany

Webinars

Google mitigated a 2.54 Tbps DDoS attack in 2017, the largest DDoS ever seen

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Russians charged with hacking Mt. Gox exchange and operating BTC-e

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Sweden blames Russia for Swedish Sports Confederation hack

Facebook’s official Twitter and Instagram accounts hacked by OurMine

Ticketmaster will pay $10 Million fine over hacking a competitor

SEC announces sanctions against entities over email account hacking

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Hackers behind Uber and Lynda hacks plead guilty in data breaches

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

North Korea-linked actors breached the emails of a Presidential Office member

Gafgyt botnet is targeting EoL Zyxel routers

Source code of Dharma ransomware now surfacing on public hacking forums

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Australian teenager hacked into Apple twice for a job

US OCC imposed an $80 Million fine to Capital One for 2019 hack

StripedFly, a complex malware that infected one million devices without being noticed

PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

CIA elite hacking unit was not able to protect its tools and cyber weapons

Russian hackers defaced local British news sites

SynAck ransomware gang releases master decryption keys for old victims

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Capital One discovered more customers’ SSNs exposed in 2019 hack

Former CIA employee Joshua Schulte was convicted of Vault 7 massive leak

Telstra Telecom discloses data breach impacting former and current employees

A cyber attack hit Nissan Oceania

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Nigerian National pleads guilty to participating in a millionaire BEC scheme

The German BSI agency recommends replacing Kaspersky antivirus software

Stay Connected