Security Affairs

JANUARY 6, 2024

billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck filed a $1.4

Insurance 116

Insurance Manufacturing Ransomware Healthcare 116

Veracode Security

FEBRUARY 17, 2022

Injection flaws were the number one flaw category under the OWASP 2017, and, currently, injection flaws hold the number three spot in the OWASP 2021. SQL injection flaws have impacted every industry as well as enterprises that already have a mature information security program in place. It can happen, and it can be catastrophic!

Authentication 136

Authentication Information Security 136

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware 81

Firmware Hacking Cybercrime Information Security 81

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” ” reads the press release published by DoJ.

Cryptocurrency 106

Cryptocurrency Spyware Cybercrime Hacking 106

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware 124

Malware Cryptocurrency Ransomware Hacking 124

CSO Magazine

MARCH 16, 2022

Germany’s Federal Office for Information Security (BSI) has warned businesses against using Kaspersky virus protection products amid concerns of Russian technology being coerced by Russian government agents and forced to attack target systems against its will or spied on. federal agencies in 2017.

Government 95

Government Technology Information Security 95

Security Affairs

FEBRUARY 11, 2022

Below is the list of the vulnerabilities added to the catalog: CVE ID Description Patch Deadline CVE-2021-36934 Microsoft Windows SAM Local Privilege Escalation Vulnerability 2/24/2022 CVE-2020-0796 Microsoft SMBv3 Remote Code Execution Vulnerability 8/10/2022 CVE-2018-1000861 Jenkins Stapler Web Framework Deserialization of Untrusted Data 8/10/2022 (..)

IoT 116

IoT Accountability Authentication Hacking 116

Security Affairs

FEBRUARY 2, 2024

. “SCHULTE’s theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S.”

Computers and Electronics 101

Computers and Electronics Engineering Hacking Data breaches 101

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. to several other organisations.

Data breaches 93

Data breaches Telecommunications Accountability Information Security 93

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking 136

Hacking Data breaches Engineering Information Security 136

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. This can take years, however.

Malware 88

Malware Passwords Identity Theft Data collection 88

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware 138

Ransomware Authentication Malware Hacking 138

Security Affairs

SEPTEMBER 24, 2023

The man was extradited from Canada to the United States on April 12, 2023. “According to his plea agreement, from February 2017 until at least July 2017, Simon-Ebo conspired with others to perpetrate a BEC scheme.” According to the US authorities, fraudulent activities caused losses of more than $6 million to the victims.

Accountability 114

Accountability Banking Hacking Cybercrime 114

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media 118

Media Accountability Telecommunications Government 118

Daniel Miessler

MARCH 24, 2021

Related posts: My RSA 2017 Recap. Try not to skip steps, i.e., it’s best to make the move to unique, quality passwords stored in a manager before you add 2FA. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this. The Real Internet of Things: Details and Examples.

Authentication 363

Authentication Passwords Internet Internet 363

Security Affairs

MAY 13, 2024

According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

Media 82

Media Accountability Cyber Attacks Hacking 82

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. ” reported the Tagesschau website.

Hacking 135

Hacking Accountability Malware Cybersecurity 135

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches 361

Data breaches Technology Software Accountability 361

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Antivirus 104

Antivirus Encryption Malware Hacking 104

Security Affairs

MARCH 15, 2022

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. ” reads the BSI announcement.

Antivirus 107

Antivirus Software Manufacturing Information Security 107

Security Affairs

JANUARY 2, 2022

Year Total Money Lost ($) Year Increase In Money Lost (%) 2021 4,250,000,000 2020 – 2021 185% 2020 1,490,000,000 2019 – 2020 -57% 2019 3,500,156,000 2018 – 2019 259% 2018 974,000,000 2017 – 2018 51% 2017 645,901,000 2016 – 2017 341% 2016 146,509,000 2015 – 2016 -64%. The top 5 breaches in history are: 1. Gox, $615M.

Cryptocurrency 108

Cryptocurrency Scams Marketing Hacking 108

Security Affairs

AUGUST 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to provide technical details on a new wave of attacks delivering the KONNI remote access Trojan (RAT). The KONNI malware also employed in at least two campaigns in 2017.

Phishing 125

Phishing Malware Advertising Architecture 125

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464.

DDOS 128

DDOS Malware Advertising Passwords 128

Security Affairs

FEBRUARY 22, 2023

The MyloBot botnet has been active since 2017 and was first detailed by cybersecurity firm Deep Instinct in 2018. The first sample of the bot analyzed by the experts (dated October 20, 2017) had three different stages. Researchers warn that the MyloBot botnet is rapidly spreading and it is infecting thousands of systems worldwide.

Advertising 92

Advertising Hacking Cybersecurity Information Security 92

Security Affairs

FEBRUARY 22, 2021

In 2017, the Shadow Brokers hacking group released a collection of hacking tools allegedly stolen from the US NSA, most of them exploited zero-day flaws in popular software. ““EpMe”, the Equation Group exploit for CVE-2017-0005, is one of 4 different LPE exploits included in the DanderSpritz attack framework. Pierluigi Paganini.

Hacking 75

Hacking Malware Software Information Security 75

Security Affairs

FEBRUARY 15, 2024

panel of experts announced an investigation into 58 suspected North Korean cyberattacks between 2017 and 2023 valued at approximately $3 billion. North Korea-linked APT groups are also known to be focused on attacks against crypto exchange and financial organizations in South Korea. Recently, a U.N.

Hacking 98

Hacking Government Accountability Information Security 98

Security Affairs

JULY 14, 2022

Former CIA programmer, Joshua Schulte, was convicted in a US federal court of the 2017 leak of a massive leak to WikiLeaks. The former CIA programmer Joshua Schulte (33) was found guilty in New York federal court of stealing the agency’s hacking tools and leaking them to WikiLeaks in 2017.

Engineering 99

Engineering Hacking Mobile IoT 99

Pen Test

OCTOBER 12, 2023

It endeavors to elucidate the underlying methodology, a comprehensive array of tools employed, and the typical vulnerabilities that security experts strategically target (Anderson & White, 2017). It encompasses a range of electromagnetic radio waves utilized for wireless information transmission. IEEE Access, 6, 12725-12738.

Penetration Testing 52

Penetration Testing Wireless IoT Technology 52

Security Affairs

APRIL 29, 2024

.” The FCC’s Enforcement Bureau launched an investigation after Missouri Sheriff Cory Hutcheson misused a “location-finding service” provided by Securus, a communications service provider for correctional facilities, to access the location data of wireless carrier customers without their consent from 2014 to 2017.

Wireless 102

Wireless Telecommunications Insurance Mobile 102

Security Affairs

FEBRUARY 14, 2020

An American was charged with money laundering while operating the dark web Helix Bitcoin mixer service between 2014 and 2017. Larry Dean Harmon (36), from Akron, Ohio, was charged with laundering more than $310 million worth of Bitcoin while he was operating a Darknet-based cryptocurrency laundering service between 2014 and 2017.

Cryptocurrency 101

Cryptocurrency Advertising Cybercrime Engineering 101

Security Affairs

DECEMBER 7, 2023

The software engineer Tillie Kottmann was informed by an anonymous source that the Git server was exposed online and accessible to anyone using the default login credentials admin/admin. In December 2017, Nissan Finance Canada was hacked , personal information of 1.13

Cyber Attacks 119

Cyber Attacks Financial Services Scams Data breaches 119

Security Affairs

DECEMBER 8, 2022

Using this technique the attackers are able to trigger IE zero-day using weaponized Office documents since 2017 (e.g. CVE-2017-0199 ). Experts pointed out that Office renders this HTML content using Internet Explorer (IE). TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer.

Internet 99

Internet Internet Engineering Malware 99

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN 124

VPN Software Internet Internet 124

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. The gang has now rebranded as the new El_Cometa group.

Ransomware 109

Ransomware Encryption Authentication Internet 109

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking 190

Hacking Accountability Data breaches Marketing 190

Security Affairs

JUNE 17, 2019

Starting from June 12, 2019, the researcher Ankit Anubhav from NewSky Security, observed threat actors targeting Web-based DNA sequencer applications. The attackers are leveraging a still-unpatched zero-day vulnerability, tracked as CVE-2017-6526 , to gain full control over the targeted systems. IP address that is located in Iran.

DDOS 79

DDOS Advertising IoT Marketing 79

Security Affairs

APRIL 11, 2024

Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017.

Malware 118

Malware DNS Mobile Software 118