SecureWorld News

JULY 8, 2024

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. The number represents a significant portion of the world's online user base, raising concerns about the security of countless online accounts across various platforms.

Passwords 127

Passwords Password Management Education Accountability 127

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 103

Cybercrime Phishing Banking Telecommunications 103

Security Affairs

JUNE 18, 2020

Qbot , aka Qakbot , is a data stealer worm with backdoor capabilities that was first detected by Symantec back in 2009. ” The malware is distributed through phishing attacks that attempt to trick victims into visiting websites that use exploits to inject Qbot via a dropper. The campaign targets 36 different U.S.

Banking 137

Banking Malware Advertising Financial Services 137

Security Affairs

JUNE 7, 2021

billion unique password variations with other breach compilations that include usernames and email addresses, threat actors can use the RockYou2021 collection to mount password dictionary and password spraying attacks against untold numbers of online accounts. Enable two-factor authentication (2FA) on all of your online accounts.

Passwords 120

Passwords Data breaches Accountability Password Management 120

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware 143

Malware Phishing Antivirus Hacking 143

Security Affairs

MARCH 24, 2021

Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. A German User’s Account. An Australian User’s Account. Scams, Phishing and Malware. Account Takeover. The breach is a danger to both FBS and its customers. Who is FBS.

Passwords 135

Passwords Accountability Media Identity Theft 135

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . Next, the attackers logged in to the web interface using a privileged root account. ” reads the report published by the experts.

Malware 129

Malware Cryptocurrency Password Management Encryption 129

Security Affairs

MAY 13, 2023

Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail. Leaked data might also lead to phishing scams. The services are well-reviewed by their clients, with an overall four-star rating on TripAdvisor.

Passwords 98

Passwords Identity Theft Scams Social Engineering 98

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. ” Most accounts used to initiate the transactions had a minimal activity or zero balances.

Banking 111

Banking Retail Advertising Malware 111

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. With the active development of telehealth, medicine will only become a more commonly used bait, just as the digitalization of banks has turned banking phishing into one of the most popularly used types of phishing. Source: HIPAA Journal.

Phishing 145

Phishing Healthcare IoT Authentication 145

Malwarebytes

AUGUST 29, 2023

During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers (SSNs) of current and former OHC employees (from 2009 to 2023). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Ransomware 94

Ransomware Data breaches Passwords Phishing 94

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. APT group has been active at least since 2013, it leverages PDF zero-day exploits to drop malware on the target systems and Twitter accounts to pass C2 URLs. Attackers used C2 servers on cloud storage at mydrive.

Malware 73

Malware Advertising Accountability Phishing 73

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwords were simple held in cleartext in a database table. The following year saw a leak from Gawker Media’s servers, with another 1.5

Passwords 99

Passwords Internet Internet Data breaches 99

Security Boulevard

MAY 3, 2021

MI5 said the faked LinkedIn accounts are created and operation by nation-state spy agencies, with an intent to recruit individuals or gather sensitive information. A favourite sports team accounted for 6% of passwords, while a favourite TV show accounted for 5%. The Problem with Website Passwords (from Blog Post from 2009).

Ransomware 124

Ransomware Passwords Scams Government 124

Herjavec Group

AUGUST 26, 2021

They hack into their teacher’s account and leave messages making fun of him. Air Force research facility, discover a password “sniffer” has been installed onto their network, compromising more than 100 user accounts. A federal grand jury indicts Albert Gonzalez and two Russian accomplices in 2009. billion dollars in damages.

Cybercrime 135

Cybercrime Computers and Electronics Hacking Banking 135

SecureList

OCTOBER 7, 2022

It was active in the wild for at least for eight years—from 2009 to 2017—and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

Malwarebytes

MAY 14, 2021

There was a time when stolen gaming accounts were almost treated as a fact of life. Gaming accounts had an essence of innate disposability to them, even if this wasn’t the case (how disposable is that gamertag used to access hundreds of dollars worth of gaming content)? Customer support: compromised accounts all the way down.

Accountability 91

Accountability Authentication Passwords Social Engineering 91

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast.

Encryption 101

Encryption Advertising Government Cyber Attacks 101

Malwarebytes

APRIL 12, 2023

The Guardian, which operates one of the most visited websites in the world, described the incident as a “highly sophisticated cyberattack involving unauthorised third-party access to parts of our network”, most likely triggered by a successful phishing attempt.

Ransomware 91

Ransomware Education Accountability Backups 91

Malwarebytes

JANUARY 27, 2022

Lazarus Group is one of the most sophisticated North Korean APTs that has been active since 2009. In this campaign, Lazarus conducted spear phishing attacks weaponized with malicious documents that use their known job opportunities theme. We have reported the rogue GitHub account for harmful content. GitHub Account.

Malware 114

Malware Accountability Encryption Phishing 114

eSecurity Planet

JULY 28, 2021

Starting with Bitcoin (BTC) in 2009, it’s the on and off again hype of cryptocurrency that’s led the blockchain technology movement. Because transactions come from recognized devices, hackers only need to gain access to the coin holder’s wallet, or even their browser, to disrupt the user’s account.

Cybersecurity 136

Cybersecurity Cryptocurrency Technology Energy and Utilities 136

eSecurity Planet

JUNE 17, 2021

Vendors continue to develop new features to address an existing number of security risks for databases: Data corruption or loss Inappropriate access Malware, phishing, and other cyberattacks Security vulnerabilities or configuration problems Denial of service attacks. Also Read: With So Many Eyeballs, Is Open Source Security Better?

Firewall 121

Firewall Encryption Computers and Electronics Software 121

Spinone

MARCH 19, 2020

However, it wasn’t until 2009 that Craig Gentry, a researcher at IBM, produced and demonstrated a fully homomorphic encryption scheme that the technology was considered a viable option. However, there has been much progress made with the fully homomorphic algorithms since the original draft in 2009.

Encryption 52

Encryption Backups Technology Data privacy 52

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. — Dave Kennedy (@HackingDave) July 15, 2020. — thaddeus e.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Krebs on Security

JANUARY 11, 2022

Over the past ten years, his contact information has been used to register numerous phishing domains intended to siphon credentials from people trying to transact on various dark web marketplaces. “I used to steal their QIWI accounts with up to $500k in them,” Wazawaka recalled. ” WHO IS WAZAWAKA?

DDOS 332

DDOS Accountability Cybercrime Ransomware 332

Krebs on Security

NOVEMBER 15, 2022

The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank. Your payroll accounts have been hacked, and you’re about to lose a great deal of money. tank: [link].

Banking 329

Banking Small Business Accountability Malware 329

Krebs on Security

DECEMBER 16, 2019

From 2009 to the present, Aqua’s primary role in the conspiracy was recruiting and managing a continuous supply of unwitting or complicit accomplices to help Evil Corp. ” Only, in every case the company mentioned as the “client” was in fact a small business whose payroll accounts they’d already hacked into.

Cybercrime 285

Cybercrime Banking Small Business Accountability 285

Krebs on Security

JULY 20, 2021

Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million. One was Alan Ralsky , an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams.

Antivirus 345

Antivirus Cybercrime Identity Theft Scams 345

Malwarebytes

FEBRUARY 25, 2022

Its operators seem to leverage vulnerabilities in external-facing servers while utilizing compromised account credentials to gain access and spread the malware further. Current analyses of HermeticWiper reveal that the malware is being delivered in highly-targeted attacks in Ukraine, Latvia, and Lithuania. But here, the stakes have changed.

Cybersecurity 104

Cybersecurity Ransomware Malware Government 104

Krebs on Security

AUGUST 2, 2018

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign.

Phishing 185

Phishing Passwords Scams Password Management 185

Security Boulevard

JULY 21, 2021

I was reminded of 2009 and told "The Russians are protecting him.". 10APR2013 - " New Spam Attack accounts for 62% of our spam! ". We believed that Kelihos was sending FOUR BILLION SPAM MESSAGES PER DAY, and took the time to prove it was delivering ransomware attacks, banking trojan attacks, and phishing attacks.

Ransomware 85

Ransomware Banking Malware Government 85

SC Magazine

JULY 8, 2021

As it stands, health care entities are regulated by the Department of Health and Human Services for compliance with the Health Insurance Portability and Accountability Act rule. million between UnityPoint Health and the millions of patients impacted by two phishing-related breaches in 2017 and 2018.

Data breaches 111

Data breaches Insurance Risk Ransomware 111