2007, Authentication, Hacking and Phishing

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. APP-BASED AUTHENTICATION. As Web site breaches go, this one doesn’t seem too severe.

Authentication

Authentication Mobile Passwords Accountability

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28)

Accountability

Accountability Government Phishing Authentication

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised

Malwarebytes

APRIL 8, 2022

The last time I can remember an all-out targeted attack on social media musicians was way back in 2007 during Ye Olde Myspace days. The people behind it didn’t promote malware links, or spam, or phishing. Any compromise can lead to masses of spam or videos leading users off-site to phishing or malware.

Scams

Scams Accountability Phishing Malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. through 12.4 through 15.6 and IOS XE 2.2

Malware

Malware Firmware Government Education

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

The US-CERT has released a joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “ FASTCash ,” being used by the prolific North Korean APT hacking group known as Hidden Cobra (aka Lazarus Group and Guardians of Peace).

Banking

Banking Retail Advertising Malware

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Russia)

Malware

Malware Phishing Surveillance Internet

How cybercrime is impacting SMBs in 2023

SecureList

JUNE 26, 2023

TOP 10 threats for SMBs, January-May 2022 ( download ) TOP 10 threats for SMBs, January-May 2023 ( download ) Cybercriminals attempt to deliver this and other malware and unwanted software to employees’ devices by using any means necessary, such as vulnerability exploitation, phishing e-mails and fake text messages.

Cybercrime

Cybercrime Phishing Banking Malware

The Life and Death of Passwords: Improving Security With Passwords and People

Duo's Security Blog

MARCH 28, 2023

Most of the attackers that you’ve seen usually start nowadays with a phishing attack. Company - “Oh, easily with one bad hack, you could get $30,000,000 or $20,000,000.” I’ve fallen for a phish. We need to get past this point where we think, “Oh, no one should ever fall for a phish.” See the video at the blog post.

Passwords

Passwords Social Engineering Phishing Technology

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

Phishing [ T1566 ]. Forced Authentication [ T1187 ]. Use Alternate Authentication Material. Use Alternate Authentication Material. GPON Router authentication bypass and command injection attempt. Netgear DGN1000 series routers authentication bypass attempt. CVE-2007-1036. Techniques seen. (in

Firewall

Firewall Authentication DNS Accountability

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs

MAY 5, 2024

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Government

Government Accountability Cyber Attacks Telecommunications

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1834 — French Telegraph System — A pair of thieves hack the French Telegraph System and steal financial market information, effectively conducting the world’s first cyberattack. 1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to disconnect and redirect calls and use the line for personal usage. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Microsoft says Russian hackers continue targeting 2018 midterm elections

Security Affairs

AUGUST 21, 2018

Microsoft has spotted a new hacking campaign targeting 2018 midterm elections, the experts attributed the attacks to Russia-linked APT28 group. Microsoft has spotted a new hacking campaign targeting 2018 midterm elections. ” continues Microsoft. Microsoft blamed the Russian APT28 group for the attacks.

Advertising

Advertising Hacking Accountability Education

Cyber Security Informer

Reddit Breach Highlights Limits of SMS-Based Authentication

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Trending Sources

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

APT28 targets key networks in Europe with HeadLace malware

How cybercrime is impacting SMBs in 2023

The Life and Death of Passwords: Improving Security With Passwords and People

Threat Trends: Firewall

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Microsoft says Russian hackers continue targeting 2018 midterm elections

Stay Connected