Accountability, Authentication, Information Security and Internet

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. orange_es Meow meow meow!

Internet

Internet Internet Accountability Passwords

Patch Tuesday, March 2024 Edition

Krebs on Security

MARCH 12, 2024

The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6. Security Update addresses dozens of security issues. Microsoft says attackers could connect to OMI instances over the Internet without authentication, and then send specially crafted data packets to gain remote code execution on the host device.

Authentication

Authentication Engineering Accountability Internet

Two students uncovered a flaw that allows to use laundry machines for free

Security Affairs

MAY 20, 2024

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance support.

Mobile

Mobile Internet Internet Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

MAY 29, 2024

By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method,” the company said. “We have recently witnessed compromised VPN solutions, including various cyber security vendors.

VPN

VPN Authentication Passwords Accountability

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. ” warns Censys.

Cryptocurrency

Cryptocurrency Internet Internet Hacking

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” ” The researchers pointed out that despite the vulnerable service is intended for LAN access only, querying Shodan they identified over 91,000 devices that expose the service to the Internet.

Hacking

Hacking Internet Internet Authentication

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The threat actor likely obtained the employee’s account credentials from a third-party data breach. ” reads the report published by CISA.

Government

Government VPN Accountability Authentication

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc The message sent in the email template is related to problems with the victim’s bank account. on Twitter, and targeting Portuguese users.

Internet

Internet Internet Malware Banking

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. Bleeping Computer, which has validated the authenticity of the archive, reported that the latest record in the database was created on October 12th, 2018. accounts exposed appeared first on Security Affairs.

Accountability

Accountability Hacking Data breaches Passwords

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

Microsoft has now confirmed that the attackers have compromised the account of one of its employees gaining limited access to source code repositories. Our investigation has found a single account had been compromised, granting limited access. No customer code or data was involved in the observed activities. Pierluigi Paganini.

Accountability

Accountability VPN Social Engineering Hacking

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Accountability

Accountability VPN Social Engineering Phishing

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

They might even lock you out of your own accounts by resetting your passwords. Avoid entering any data if you see a warning message about a site’s authenticity. Most browsers will alert you if a site isn’t secure. Check your social media accounts for active sessions and log out of any you don’t recognize.

DNS

DNS VPN Encryption Passwords

Russia-linked APT29 switched to targeting cloud services

Security Affairs

FEBRUARY 26, 2024

.” To infiltrate the cloud-hosted network of the majority of victims, attackers have to authenticate themselves successfully with the cloud provider. In previous campaigns associated with this threat actor, APT29 used brute forcing and password spraying to compromise service accounts. ” continues the advisory.

Accountability

Accountability Authentication Passwords Internet

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Security Affairs

OCTOBER 31, 2023

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Internet

Internet Internet Software Accountability

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

I wrote an article recently on how to secure your home network in three different tiers of protection. In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. Enable two-factor authentication on all critical accounts.

Risk

Risk Password Management Passwords Accountability

Trusted relationship attacks: trust, but verify

SecureList

MAY 28, 2024

But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. Access is set up using a certificate or a login/password pair, and in rare cases multi-factor authentication is added.

VPN

VPN Accountability Passwords Antivirus

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. ” reads the analysis published by Microsoft.

Accountability

Accountability Government Authentication Engineering

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. ” reported Slashgear. Pierluigi Paganini.

Accountability

Accountability Data breaches Passwords Advertising

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware

Spyware Data breaches Hacking Ransomware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. “Note (!) .’ “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

Security Affairs

FEBRUARY 12, 2024

Datacenter Proxies: this blog post examines the contours of each type and provides info on how to choose the perfect proxy option In the robust landscape of the digital era, our need for privacy, security, and accessibility on the internet has never been more acute. It really boils down to your specific needs.

Internet

Internet Internet Marketing Authentication

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. Use a variation of unique passwords to access online accounts. Be aware of any changes in SMS-based connectivity.

Mobile

Mobile Cryptocurrency Authentication Accountability

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Broken Authentication 5. Broken Authentication 5. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords

Passwords Authentication Architecture Risk

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

Below is the list of flaws exploited by the ransomware gang’s affiliate: CVE-2021-27876 : The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. It supports multiple authentication schemes: SHA authentication is one of these.

Backups

Backups Ransomware Authentication Penetration Testing

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.”

Software

Software Accountability Authentication Internet

AT&T confirmed that a data breach impacted 73 million customers

Security Affairs

MARCH 30, 2024

In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic. million current AT&T account holders and approximately 65.4 million former account holders.” reads the RestorePrivacy website.

Data breaches

Data breaches Telecommunications Cybercrime Hacking

Why Don’t You Go Dox Yourself?

Cisco Security

OCTOBER 7, 2022

By understanding the tools and methods used by those with ill intent, you’ll be better prepared to keep yourself safe and your information secure. Your mission, should you choose to accept it, is to follow along and find out everything the internet knows about… you! HOW DO I “DOX MYSELF”?

Media

Media Identity Theft Accountability Internet

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Security Affairs

SEPTEMBER 29, 2023

A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed servers. Authentication is not required to exploit this vulnerability.” An attacker can leverage this vulnerability to execute code in the context of the service account.”

Software

Software Authentication Internet Internet

Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Security Affairs

FEBRUARY 18, 2021

RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for their accounts. RIPE NCC announced to have suffered a credential stuffing attack attempting to gain access to single sign-on (SSO) accounts.

Accountability

Accountability Internet Internet Authentication

Announcing the winners of the 2020 GCP VRP Prize

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large.

Engineering

Engineering Authentication Accountability Internet

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning.

Hacking

Hacking Penetration Testing Data breaches Authentication

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. Only use encrypted HTTPS or other types of secure connections (SSH, etc.).

VPN

VPN Internet Internet Firewall

FBI warns swatting attacks on owners of smart devices

Security Affairs

JANUARY 2, 2021

The FBI recommends users to enable two-factor authentication (2FA) for smart devices exposed online. The FBI also recommends customers to don’t use an email account in 2FA for the second factor, instead recommends the use of a mobile device number. ” concludes the alert. Pierluigi Paganini.

Passwords

Passwords Surveillance Manufacturing Accountability

Airlift Express Fixes Vulnerabilities in Its E-commerce Store

Security Affairs

APRIL 2, 2021

PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals.

Passwords

Passwords Authentication Internet Internet

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Security Affairs

MARCH 16, 2022

As early as May 2021, the attackers took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. Contrary to best practices recommended, the account was still active in the organization’s Active Directory.

Accountability

Accountability Passwords Authentication Firmware

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

. “The CSA—created in response to reports of increased activity against MSPs and their customers—provides specific guidance for both MSPs and customers aimed at enabling transparent discussions on securing sensitive data.” Improve security of vulnerable devices. Enforce multifactor authentication (MFA).

Authentication

Authentication Accountability Architecture Backups

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things Security Project , I wanted to provide three levels of security you can do at home. Do you have internet-connected lights, appliances, gaming systems, media systems, etc?

Passwords

Passwords DNS Accountability IoT

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

The technologies for secure remote access can range from VPNs and multi-factor authentication to more advanced access and zero trust controls. We’ll cover a range of best practices for remote access security, from the simple and the practical to the more advanced. Avoid using default or simple-to-guess passwords.

Passwords

Passwords Authentication Encryption VPN

The Misaligned Incentives for Cloud Security

Schneier on Security

MAY 28, 2021

A crucial part of the Russians’ success was their ability to move through these organizations by compromising cloud and local network identity systems to then access cloud accounts and pilfer emails and files. This lack of understanding makes it hard to assess a cloud service’s overall security.

Government

Government Risk Architecture Accountability

MITRE attributes the recent attack to China-linked UNC5221

Security Affairs

MAY 7, 2024

The state-sponsored hackers first gaining initial access to NERVE on December 31, then they deployed the ROOTROT web shell on The adversary deployed the ROOTROT web shell on Internet-facing Ivanti appliances. On January 4, 2024, the threat actors conducted a reconnaissance on NERVE environment. ” reads the update published by Mitre.

Malware

Malware Hacking Accountability Authentication

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Patch Tuesday, March 2024 Edition

Webinars

Trending Sources

Two students uncovered a flaw that allows to use laundry machines for free

Webinars

Check Point released hotfix for actively exploited VPN zero-day

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

U.S. CISA: hackers breached a state government organization

TroyStealer – A new info stealer targeting Portuguese Internet users

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Vishing attacks conducted to steal corporate accounts, FBI warns

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Russia-linked APT29 switched to targeting cloud services

Why CISA is Warning CISOs About a Breach at Sisense

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

10 Behaviors That Will Reduce Your Risk Online

Trusted relationship attacks: trust, but verify

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

China-linked threat actors have breached telcos and network service providers

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Top 10 web application vulnerabilities in 2021–2023

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

AT&T confirmed that a data breach impacted 73 million customers

Why Don’t You Go Dox Yourself?

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Credential stuffing attack hit RIPE NCC: Members have to enable 2FA

Announcing the winners of the 2020 GCP VRP Prize

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

QNAP users are recommended to disable UPnP port forwarding on routers

FBI warns swatting attacks on owners of smart devices

Airlift Express Fixes Vulnerabilities in Its E-commerce Store

Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

Five Eyes agencies warn of attacks on MSPs

A 3-Tiered Approach to Securing Your Home Network

16 Remote Access Security Best Practices to Implement

The Misaligned Incentives for Cloud Security

MITRE attributes the recent attack to China-linked UNC5221

Stay Connected