2009 - Cyber Security Informer

Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009

Security Boulevard

MAY 11, 2025

Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. The post Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009 appeared first on Security Boulevard.

Media

Media Data privacy Cyber threats Internet

Ebury botnet malware infected 400,000 Linux servers since 2009

Bleeping Computer

MAY 14, 2024

A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.

Malware

China Says U.S. Hacking Huawei Since 2009

SecureWorld News

SEPTEMBER 28, 2023

National Security Agency (NSA) of infiltrating Huawei servers since as early as 2009. These allegations, which were made via China's official WeChat account , claim that the Tailored Access Operations (TAO) unit of the NSA conducted cyberattacks in 2009 and maintained continuous surveillance on Huawei's servers.

Hacking

Hacking Artificial Intelligence Cyber Attacks Telecommunications

Hackers Expose Russian FSB Cyberattack Projects

Schneier on Security

JULY 22, 2019

More nation-state activity in cyberspace, this time from Russia : Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum.

Media

Media Internet Internet Accountability

Who DDoS-ed Georgia/Bobbear.co.uk and a Multitude of Russian Homosexual Sites in 2009? – An OSINT Analysis

Security Boulevard

OCTOBER 27, 2022

NOTE: I took these screenshots circa 2009. Back in 2009 there was a major speculation that Russia indeed launched a massive DDoS (Distributed Denial of Service) attack against Georgia which was in fact true. and a Multitude of Russian Homosexual Sites in 2009? hxxp://i.clusteron.ru/bstatus.php. bstatus.php. hxxp://203.117.111.52/www7/www/getcfg.php

DDOS

DDOS Cyber Attacks

A Self-Enforcing Protocol to Solve Gerrymandering

Schneier on Security

FEBRUARY 2, 2024

In 2009, I wrote : There are several ways two people can divide a piece of cake in half. One way is to find someone impartial to do it for them. This works, but it requires another person. This also works, but still requires another person—at least to resolve disputes.

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

I wrote about this exact attack in 2005 and 2009. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. This isn't new.

Authentication

Authentication Passwords Phishing Government

Science Fiction Writers Helping Imagine Future Threats

Schneier on Security

JULY 23, 2019

Last month, at the 2009 Homeland Security Science & Technology Stakeholders Conference in Washington D.C., Science fiction writers are creative, and creativity helps in any future scenario brainstorming. But please, keep the people who actually know science and technology in charge.

Technology

Technology Risk

Patch issued to tackle critical security issues present in Dell driver software since 2009

Zero Day

MAY 4, 2021

Five critical security issues have been discovered.

Software

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

The Hacker News

DECEMBER 1, 2021

organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S.

Malware

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

This threat actor was involved in cyber espionage campaigns and sabotage activities to destroy data and disrupt systems.

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

The Hacker News

MAY 15, 2024

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain.

Malware

Malware Cybersecurity

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. DCReavers2 was just the 22nd account to register on the Darkode cybercrime forum.

Cybercrime

Cybercrime Ransomware Accountability Advertising

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

The Hacker News

FEBRUARY 17, 2024

to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. A Ukrainian national has pleaded guilty in the U.S. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S.

Malware

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

The Hacker News

SEPTEMBER 21, 2023

of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. China's Ministry of State Security (MSS) has accused the U.S. In a message posted on WeChat, the government authority said U.S.

Surveillance

Surveillance Government

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

She stated in 2009, policy was changed to move all information technology services to the Office of Administration.” . “I asked her if the ITSD was within the Office of Administration, or if DESE had their on-information technology section, and she indicated it was within the Office of Administration.

Education

Education Technology Hacking Media

Microsoft Buys Corp.com

Schneier on Security

APRIL 9, 2020

We released a security advisory in June of 2009 and a security update that helps keep customers safe. "To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names," the statement reads. "We

DNS

DNS Wireless Internet Internet

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

According to cyber intelligence firm Intel 471 , Megatraffer has been active on more than a half-dozen crime forums from September 2009 to the present day. In November 2009, Fitis wrote, “I am the perfect criminal. WHO IS MEGATRAFFER? And on most of these identities, Megatraffer has used the email address 774748@gmail.com.

Malware

Malware Cybercrime Software Accountability

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Threatpost

MAY 4, 2021

The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.

Risk

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Poor password practices are responsible for most incidents involving web applications and data breaches since 2009. 2009 DBIR page 17) . •Brute forcing passwords (10 percent) came in third. Backdoors or C2 (10 percent) were the fourth runner-ups. It’s not just a web thing. It’s an e-mail thing too.

Hacking

Hacking Passwords Password Management Data breaches

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Key findings from the advisory The advisory highlights the rapid and efficient attack lifecycle of Ghost ransomware, with some incidents seeing full encryption within a single day.

Ransomware

Ransomware IoT Encryption Social Engineering

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

JULY 8, 2024

The compilation has been named ‘RockYou2021’ by the forum user, presumably in reference to the RockYou data breach that occurred in 2009, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text. RockYou2021 had 8.4

Passwords

Passwords Data breaches Hacking Accountability

How Not to Design an Error Message

Adam Shostack

JANUARY 2, 2025

Now, this was a 2009 device, so maybe, just maybe, there was a COGS issue in how much storage was needed. By telling me to read the manual. Why it doesn't say "device has reached end of life?" That would be direct and to the point. When you press the button, it says "please see manual." But sheesh. At least it was loud and annoying.

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

WIRED Threat Level

JANUARY 15, 2019

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Data collection

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

FEBRUARY 14, 2024

For example, the timestamp for Mr. Carter’s inbox reads August 2009, but clicking that inbox revealed messages as recent as Feb. Wireless employees were published in clear text on the Internet. The timestamps listed do not appear to be accurate somehow. Within minutes of that notification, U.S.

Internet

Internet Internet Wireless Government

15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers

Security Boulevard

MAY 15, 2024

The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the past 15 years, with about 100,000.

Malware

Malware Cybersecurity Network Security

The Now-Defunct Firms Behind 8chan, QAnon

Krebs on Security

OCTOBER 22, 2020

” It appears that Centauri hasn’t filed any business records with the state since 2009, and the state subsequently suspended the company’s license to do business in Aug. According to the California Secretary of State, Centauri’s status as a business in the state is “suspended.”

Internet

Internet Internet Technology DDOS

RSA-240 Factored

Schneier on Security

DECEMBER 3, 2019

The previous records were RSA-768 (768 bits) in December 2009 [2], and a 768-bit prime discrete logarithm in June 2016 [3]. It is the first time that two records for integer factorization and discrete logarithm are broken together, moreover with the same hardware and software.

Software

Software Encryption

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2023

As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

Phishing

Phishing Scams Advertising Mobile

Breach reporting required for health apps and devices, FTC says

CSO Magazine

SEPTEMBER 23, 2021

The Federal Trade Commission (FTC) commissioners, in a split-vote (3-2), issued a policy statement on September 15, requiring both health applications and connected devices to comply with the “ Health Breach Notification Rule (August 2009).”

Insurance

Insurance Accountability

Dell fixes exploitable holes in its own firmware update driver – patch now!

Naked Security

MAY 5, 2021

These bugs date back to 2009, and they could give crooks who are already in your network access to sysadmin superpowers.

Firmware

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

SocksEscort began in 2009 as “ super-socks[.]com According to cyber intelligence firm Intel 471 , the very first “SSC” identity registered on the cybercrime forums happened in 2009 at the Russian language hacker community Antichat , where SSC registered using the email address adriman@gmail.com.

Malware

Malware VPN Internet Internet

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Dark Reading

MAY 4, 2021

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.

Hacking Google: Lessons From the Security Team, Part Two

Security Boulevard

NOVEMBER 4, 2022

When it was launched in 2009, the Operation Aurora cyberattack was one of the first major nation-state cyberattacks aimed at private industry. Its impact forced organizations to take a hard look at their cybersecurity systems.

Hacking

Hacking Cybersecurity

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

The Hacker News

MAY 5, 2021

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. sys" that comes pre-installed on

Firmware

Microsoft Buys Corp.com So Bad Guys Can’t

Krebs on Security

APRIL 7, 2020

“We released a security advisory in June of 2009 and a security update that helps keep customers safe. . “To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names,” the statement reads.

DNS

DNS Wireless Risk Passwords

5 Things to know about the UK’s National Cyber Security Centre (NCSC)

The State of Security

MAY 17, 2022

#1 The history of the National Cyber Security Centre The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made no sense to silo it away from other aspects of national security.

Cybersecurity

Cybersecurity Government

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

The Hacker News

OCTOBER 21, 2021

for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Two Eastern European nationals have been sentenced in the U.S.

Malware

BrandPost: Nation States, Cyberconflict, and the Web of Profit.

CSO Magazine

JUNE 11, 2021

Analysis of over 200 cybersecurity incidents associated with nation state activity since 2009 also shows the enterprise is now the most common target (35%), followed by cyberdefence (25%), media and communications (14%), government bodies and regulators (12%), and critical infrastructure (10%).

Media

Media Internet Internet Government

BrandPost: Aligning security and business strategies

CSO Magazine

FEBRUARY 16, 2023

During the 2008–2009 Global Financial Crisis (GFC) and subsequent recession, researchers noted that cybercrime rates increased dramatically. However, there is some evidence that macroeconomic conditions can impact cybercrime. Their report focused exclusively on financial cybercrime, including identity theft.

Identity Theft

Identity Theft Cybercrime Technology

Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product

Dark Reading

AUGUST 1, 2019

A security consultant reported vulnerabilities in Cisco's Video Surveillance Manager in 2009 - but the company ignored the issues and fired the consultant.

Surveillance

Thread Hijacking: Phishes That Prey on Your Curiosity

Krebs on Security

MARCH 28, 2024

He was paroled in 2009, and in 2014 moved his family to a home in Lancaster County, Pa. In 2006, Kidan was sentenced to 70 months in federal prison after pleading guilty to defrauding lenders along with Jack Abramoff , the disgraced lobbyist whose corruption became a symbol of the excesses of Washington influence peddling.

Phishing

Phishing Scams Accountability Passwords

Employee Password Security in the Healthcare Sector

Security Boulevard

AUGUST 30, 2021

According to the Health Insurance Portability and Accountability Act (HIPAA) Journal, over the past eleven years (2009-2020) there have been more than 3,705 healthcare data breaches impacting more than 268 million medical records. The healthcare industry sector is increasingly the target of cybercriminals.

Healthcare

Healthcare Passwords Insurance Data breaches

Billbug Threat Group Ongoing Campaign Unveiled

Heimadal Security

NOVEMBER 16, 2022

It is believed that the hacking group, which has been operating since 2009, is a state-sponsored group working for China. Thrip, Lotus Blossom, Spring Dragon) is responsible for a campaign that targeted a certificate authority, government agencies, and defense organizations in multiple countries in Asia. Details about the Campaign […].

Government

Government Hacking Cybersecurity

Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009

Ebury botnet malware infected 400,000 Linux servers since 2009

Trending Sources

China Says U.S. Hacking Huawei Since 2009

Hackers Expose Russian FSB Cyberattack Projects

Who DDoS-ed Georgia/Bobbear.co.uk and a Multitude of Russian Homosexual Sites in 2009? – An OSINT Analysis

A Self-Enforcing Protocol to Solve Gerrymandering

Real-Time Attacks Against Two-Factor Authentication

Science Fiction Writers Helping Imagine Future Threats

Patch issued to tackle critical security issues present in Dell driver software since 2009

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years

Canada Charges Its “Most Prolific Cybercriminal”

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Microsoft Buys Corp.com

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

RockYou2024 compilation containing 10 billion passwords was leaked online

How Not to Design an Error Message

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

U.S. Internet Leaked Years of Internal, Customer Emails

15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers

The Now-Defunct Firms Behind 8chan, QAnon

RSA-240 Factored

Happy 14th Birthday, KrebsOnSecurity!

Breach reporting required for health apps and devices, FTC says

Dell fixes exploitable holes in its own firmware update driver – patch now!

Who and What is Behind the Malware Proxy Service SocksEscort?

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Hacking Google: Lessons From the Security Team, Part Two

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

Microsoft Buys Corp.com So Bad Guys Can’t

5 Things to know about the UK’s National Cyber Security Centre (NCSC)

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

BrandPost: Nation States, Cyberconflict, and the Web of Profit.

BrandPost: Aligning security and business strategies

Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product

Thread Hijacking: Phishes That Prey on Your Curiosity

Employee Password Security in the Healthcare Sector

Billbug Threat Group Ongoing Campaign Unveiled

Stay Connected