2007, Information Security and Internet

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reads the advisory published by Microsoft.

Internet

Internet Internet Authentication Advertising

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. .” That was Bruce’s response at a conference hosted by U.S. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents.

Software

Software Cybersecurity Backups Manufacturing

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector.

DDOS

DDOS Computers and Electronics Digital transformation Government

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The credential harvesting pages were designed to target Ukraine’s Ministry of Defence, European transportation infrastructures, and an Azerbaijani think tank.

Malware

Malware Phishing Surveillance Internet

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. The Chinese giant was already excluded by several countries from building their 5G internet networks.

Mobile

Mobile Manufacturing Internet Internet

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. A whopping 79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. ” reads the analysis published by GRIMM.

Firmware

Firmware Internet Internet Advertising

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433.

Phishing

Phishing Accountability Advertising DNS

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

then they marketed the stocks in a deceptive and misleading manner to customers of the targeted companies whose information were previously stolen by TYURIN. From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. “In addition to the U.S. “In addition to the U.S.

Hacking

Hacking Marketing Identity Theft Banking

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. “North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access.

Banking

Banking Malware Advertising Hacking

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. This has raised concerns that Russian agents are checking the cables for weak points, with a view to tapping or even damaging them in the future.” Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

In the last phase of the attack, the PowerShell script downloads encoded executable parts from legitimate cloud storage services like Dropbox or Bitbucket then assemble the Bandook loader, which injects the RAT into a new Internet Explorer process.

Energy and Utilities

Energy and Utilities Malware Government Healthcare

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Media Malware Hacking

ActiveX Controls in South Korean websites are affected by critical flaws

Security Affairs

MAY 22, 2019

The websites still use the technology because of a 20-year old law that mandated the use of Internet Explorer and asked users to allow ActiveX controls to run. Microsoft no longer supports ActiveX in Microsoft Edge, which is the default recommended default browser over Internet Explorer.

Government

Government Technology Internet Internet

China-linked Winnti APT steals intellectual property from companies worldwide

Security Affairs

MAY 4, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. The attacks leverage a multi-step infection chain that starts with attacks on internet-facing servers in the attempt to deploy a web shell used for reconnaissance, lateral movement, and data exfiltration purposes.

Manufacturing

Manufacturing Malware Hacking Passwords

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

.” The malware was able to steal data from both office IT networks and a restricted network (one containing mission-critical assets and computers with highly sensitive data and no internet access). ” The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Cryptocurrency Password Management Encryption

How Dow Jones used the pandemic to undergo a zero trust overhaul

SC Magazine

MAY 18, 2021

Flags and the Dow logo at the main entrance of the Dow world headquarters complex is shown April 12, 2007 in Midland, Michigan. Not surprisingly, one of the first priorities Dow Jones focused on was providing employees secure access to the internet and company IT resources while they worked from home.

IoT

IoT Telecommunications Manufacturing Firewall

Microsoft Patch Tuesday updates for September 2019 fix 2 privilege escalation flaws exploited in attacks

Security Affairs

SEPTEMBER 10, 2019

Microsoft Patch Tuesday security updates for September 2019 address 80 vulnerabilities, including two privilege escalation flaws that have been exploited in attacks in the wild. Interestingly, this file has been targeted by malware in the past, with some references going back as far as 2007.”

Authentication

Authentication Advertising Malware Internet

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

The Security Ledger

DECEMBER 21, 2022

The “web” has, in the space of 30 years, transformed from a funky little corner of the Internet full of pictures and text to become the bedrock of modern commerce. These days, Sima has situated himself on the other end of the vendor divide as the Chief Security Officer at Robinhood , the Menlo Park based stock trading and investments firm.

CSO

CSO Financial Services CISO Mobile

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

IoT

IoT Hacking Advertising Government

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

The command highlighted in Figure 2 is an instruction responsible to download an MSI file from the C2 server ( hxxp://195.123.209.169/control ), geolocated in Latvia and with ports 80 and 3389 opened to the Internet. The structure of this stream is fully specified in Microsoft Office Excel 97-2007 – Binary File Format Specification.

Malware

Malware Antivirus Technology Phishing

As Internet-Connected Medical Devices Multiply, So Do Challenges

Cisco Security

JUNE 15, 2022

To consumers, the Internet of Things might bring to mind a smart fridge that lets you know when to buy more eggs, or the ability to control your home’s lighting and temperature remotely through your phone. But for cybersecurity professionals, internet-connected medical devices are more likely to be top-of-mind.

Internet

Internet Internet Manufacturing IoT

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. Figure 1: Email template of QakBot malware targeting Portuguese Internet end users – May 2021.

Malware

Malware Encryption Banking Software

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. The idea was that it’d be some massive blast that would take out the country’s power grid, or disable the entire internet, along with what they used to call e-commerce.

Ransomware

Ransomware Government Social Engineering Small Business

The Delicate Balance of Security Versus Usability

CyberSecurity Insiders

APRIL 20, 2021

As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member after you have crossed into the elite world of information security?

Healthcare

Healthcare Information Security Wireless Security Awareness

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

Centre for Defence: In 2007, a struggle over a divisive Soviet statutes set the standard for a new form of Russian interference in the affairs of foreign states. Vamosi: The slogan of the RSA Conference is “Where the World Talks Security,” and, in general. The Internet is where elections are won and lost.

Cybercrime

Cybercrime Government Ransomware Hacking

Cyber Security Informer

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Vulnerabilities in Weapons Systems

Trending Sources

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

APT28 targets key networks in Europe with HeadLace malware

Belgium telecom operators Proximus and Orange drop Huawei

79 Netgear router models affected by a dangerous Zero-day

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russian hacker Andrei Tyurin sentenced to 12 years in prison

North Korea-linked APT group BeagleBoyz targets banks

Russian spies are attempting to tap transatlantic undersea cables

Operators behind Dark Caracal are still alive and operational

Microsoft disrupted APT28 attacks on Ukraine through a court order

ActiveX Controls in South Korean websites are affected by critical flaws

China-linked Winnti APT steals intellectual property from companies worldwide

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

How Dow Jones used the pandemic to undergo a zero trust overhaul

Microsoft Patch Tuesday updates for September 2019 fix 2 privilege escalation flaws exploited in attacks

Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

As Internet-Connected Medical Devices Multiply, So Do Challenges

A taste of the latest release of QakBot

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

The Delicate Balance of Security Versus Usability

The Hacker Mind Podcast: The Fog of Cyber War

Stay Connected