2009 and Information Security - Cyber Security Informer

AusCERT and the Award for Information Security Excellence

Troy Hunt

MAY 31, 2018

At the gala dinner last night, without any warning beforehand, I somehow walked away with this: #AusCERT2018 Award for Information Security Excellence goes to @troyhunt @AusCERT 2018 Gala Dinner pic.twitter.com/9lxmwX0tdR — ValdemarJakobsen???? jamver) May 31, 2018. Yes, that guy is wearing a cape, it was a Star Wars thing.).

Information Security

Information Security Data breaches Hacking

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Security Affairs

APRIL 6, 2024

Most of the vulnerable systems are in the US (4686 at the time of this writing), followed by Japan (2009), and UK (1032). We are now scanning/reporting Ivanti Connect Secure instances vulnerable to CVE-2024-21894 (heap overflow potentially leading to RCE) & others described in [link] ~16 500 likely vulnerable (~4.6K

VPN

VPN Internet Internet Hacking

BrandPost: Assessing Network Analysis and Visibility Solutions for Zero Trust

CSO Magazine

JUNE 13, 2022

Zero-trust principles foster more effective threat detection because they reject the notion that security happens at the perimeter and that all network traffic is legitimate traffic. The concept was built around the idea that security professionals must "eliminate the idea of a trusted network."

Threat Detection

Threat Detection Information Security

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Danny Adamitis , principal information security researcher at Lumen and co-author of the report on AVrecon, confirmed Kilmer’s findings, saying the C2 data matched up with what Spur was seeing for SocksEscort dating back to September 2022. SocksEscort began in 2009 as “ super-socks[.]com

Malware

Malware VPN Internet Internet

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

The Last Watchdog

AUGUST 1, 2023

and 1.3,” said Ken Buckler, CASP, Director of Information Security Research for EMA. With Google’s proposed TLS certificate 90-day expiration mandate looming, it’s clear that the only path forward for IT administrators and security professionals is automated certificate management.”

Internet

Internet Internet Healthcare Banking

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

The popular investigator Brian Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Malware

Malware Cybercrime Banking Hacking

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

“It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block , which occurred on January 3, 2009, and is believed to be held by Nakamoto.” The post Orchard botnet uses Bitcoin Transaction info to generate DGA domains appeared first on Security Affairs.

Accountability

Accountability Cryptocurrency Malware Hacking

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

Security experts at McAfee discovered that a stack-based buffer overflow flaw in the Dynamic Host Configuration Protocol (DHCP) client discovered and fixed ten years ago is still affecting several Avaya phones. The vulnerability could be exploited using a specially crafted DHCP response. ” reads the analysis published by McAfee.

Firmware

Firmware IoT Advertising Software

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

Weibo is a popular Chinese micro-blogging ( weibo ) website, it was launched by Sina Corporation on 14 August 2009, it claimed over 445 million monthly active users as of Q3 2018. . The company confirmed that the data were obtained in 2019 due to credential stuffing attacks and other information gathered online.

Accountability

Accountability Passwords Advertising Internet

PwnKit: Local Privilege Escalation bug affects major Linux distros

Security Affairs

JANUARY 26, 2022

The flaw, dubbed PwnKit, was introduced more than 12 years ago (May 2009) since the initial commit of pkexec, this means that all the versions are affected. The good news is that this issue is not remotely exploitable, but if an attacker can log in as any unprivileged user, it can allow to gain root privileges.

Architecture

Architecture Hacking Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

FBI seized other domains used by the shadow eBook library Z-Library

Security Affairs

MAY 6, 2023

The library has been active since 2009, it offers e-book files in a variety of file formats, stripped of their copyright protections. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. Z-Library operates as a complex network of approximately 249 interrelated web domains.

Accountability

Accountability Hacking Cybersecurity Cybercrime

ENISA provides data related to major telecom security incidents in 2021

Security Affairs

JULY 28, 2022

Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year. The reporting of security incidents has been part of the EU’s regulatory framework for telecoms since the 2009 reform of the telecoms package.

Authentication

Authentication Hacking Accountability Information Security

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

billion Aadhaars issued by the UIDAI since this ID service launched in 2009, this system represents one of the largest biometric ID programs on the planet, according to a report published by think tank Brookings Institution. With roughly 1.4

Identity Theft

Identity Theft Banking Data breaches Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

. “TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.”

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cybersecurity

Cybersecurity Engineering Software Malware

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

Security experts from Comparitech along with security researcher Bob Diachenko discovered 20 million tax records belonging to Russian citizens exposed online in clear text and without protection. “A database of more than 20 million Russian tax records was found on an unsecured server, accessible to anyone with a web browser.”

Identity Theft

Identity Theft Scams Advertising Risk

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015.

System Administration

System Administration Malware Accountability Marketing

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

JUNE 8, 2020

IBM invented FHE in 2009, but only recently it is becoming practical thanks to algorithmic progresses. . “In The toolkits released by IBM are already available for macOS and iOS, the IT company plan to release also Android and Linux versions. The FHE toolkits are been released on GitHub for macOS and iOS.

Encryption

Encryption Advertising Data privacy Healthcare

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

The leaked information included names, phone numbers, emails, private communication via SMS messages, passwords, and employees’ credentials. Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail.

Passwords

Passwords Identity Theft Scams Social Engineering

Magnificent Seven: Celebrating Great Women in Cybersecurity and Data Protection

BH Consulting

MARCH 8, 2024

Government’s cybersecurity and infrastructure security agency (CISA) and is the first woman to hold the role. She helped to set up Cyber Command in 2009 and she also worked at the National Security Agency. During 20 years of service in the U.S. military, she achieved the rank of Lieutenant Colonel.

Cybersecurity

Cybersecurity Social Engineering Healthcare Data privacy

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The targets of the two groups show significant overlap, Billbug also targeted organizations many military and government organizations in South Asia since at least January 2009. Security experts at Symantec speculate that Thrip is a sub-group of Billbug. Billbug is a long-established espionage group, active since at least January 2009.

Government

Government Telecommunications Advertising Malware

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

The group, also known as Cicada, Stone Panda , and Cloud Hopper , has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Manufacturing

Manufacturing Hacking Engineering Malware

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Prior to Mastercard, Abdullah was the chief information security officer at Xerox, where she established and led a corporate-wide information risk management program. She also served as the deputy chief information officer of the White House. She is also the host of the Mastering Cyber podcast.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network.

Mobile

Mobile Manufacturing Wireless Internet

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

that dates back to 2009. “We see an urgent need for an extra layer of SBOM Validation when it comes to compiled code to validate on the binary level, the list of third-party dependency information that matches the actual SBOM provided by the vendor,” concludes the report. Some Lenovo devices used the version 1.0.0a

Firmware

Firmware Manufacturing Hacking Software

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Cybercrime

Cybercrime Banking Identity Theft Hacking

CISA urges to fix actively exploited Firefox zero-days by March 21

Security Affairs

MARCH 8, 2022

Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, SIM swapping).

Authentication

Authentication Hacking Cybersecurity Risk

China-linked APT10 Target Taiwan’s financial trading industry

Security Affairs

FEBRUARY 22, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Technology

Technology Hacking Passwords Software

Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

Security Affairs

AUGUST 4, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

DDOS

DDOS Government Cyber Attacks Hacking

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Hacking Phishing Ransomware

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware System Administration Hacking Media

FTC extends deadline by six months for compliance with some changes to financial data security rules

CyberSecurity Insiders

MARCH 21, 2023

These changes included updated criteria for financial institutions, providing more specific requirements about which safeguards they must include in their information security programs. Since credit card fraud can often be enacted during unsecured store transactions, the FTC is determined to bolster security measures at every level.

Cryptocurrency

Cryptocurrency Identity Theft Authentication Banking

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

An example of leaked passwords included in the RockYou2021 compilation: With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB) , the largest data breach compilation ever.

Passwords

Passwords Data breaches Accountability Password Management

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group. District Court for the District of New Jersey charging Kovalev with conspiracy to commit bank fraud and eight counts of bank fraud in connection with a series of intrusions into victim bank accounts held at various U.S.-based

Banking

Banking Ransomware Cybercrime Malware

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Security researchers at F5 Labs have spotted ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. Qbot , aka Qakbot , is a data stealer worm with backdoor capabilities that was first detected by Symantec back in 2009. The campaign targets 36 different U.S.

Banking

Banking Malware Advertising Financial Services

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. ” continues the Department. .

Data breaches

Data breaches Insurance Advertising Technology

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Software Cryptocurrency Financial Services

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. .” The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Cryptocurrency Password Management Encryption

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Zinc APT group, aka Lazarus, surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Malware

Malware Antivirus Hacking Accountability

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Security Affairs

MAY 15, 2019

they are an information disclosure in BusinessObjects business intelligence platform (CVE-2019-0287), and a missing authorization check in Treasury and Risk Management (CVE-2019-0280). SAP published updates for Security Notes released in October 2009, September 2010, December 2010, and March 2013. ” adds Onapsis.

Financial Services

Financial Services Advertising Software Risk

Network Solutions data breach – hacker accessed data of more 22 Million accounts

Security Affairs

OCTOBER 30, 2019

This isn’t the first incident suffered by Network Solutions, in 2009 hackers stole over 500,000 payment cards from the company. Network Solutions is notifying affected customers via email and via its website, it also requiring all users to reset their account passwords.

Data breaches

Data breaches Accountability Advertising Encryption

AusCERT and the Award for Information Security Excellence

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Trending Sources

BrandPost: Assessing Network Analysis and Visibility Solutions for Zero Trust

Who and What is Behind the Malware Proxy Service SocksEscort?

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

10-year-old vulnerability in Avaya VoIP Phones finally fixed

538 Million Weibo users’ records being sold on Dark Web

PwnKit: Local Privilege Escalation bug affects major Linux distros

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

FBI seized other domains used by the shadow eBook library Z-Library

ENISA provides data related to major telecom security incidents in 2021

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Experts found 20 Million tax records for Russian citizens exposed online

Administrators of bulletproof hosting sentenced to prison in the US

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

IBM releases open-source toolkits implementing FHE to process data while encrypted

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Magnificent Seven: Celebrating Great Women in Cybersecurity and Data Protection

Symantec uncovered the link between China-Linked Thrip and Billbug groups

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Meet the 2021 SC Awards judges

Belgium telecom operators Proximus and Orange drop Huawei

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

CISA urges to fix actively exploited Firefox zero-days by March 21

China-linked APT10 Target Taiwan’s financial trading industry

Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

North Korea-linked Lazarus APT targets the COVID-19 research

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

North Korea-linked Lazarus APT targets the IT supply chain

FTC extends deadline by six months for compliance with some changes to financial data security rules

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

US and UK sanctioned seven Russian members of Trickbot gang

An ongoing Qbot campaign targeted customers of tens of US banks

Maryland Department of Labor discloses a data breach

Lazarus malware delivered to South Korean users via supply chain attacks

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Microsoft: North Korea-linked Zinc APT targets security experts

SAP Security Patch Day for May 2019 fixes many missing authorization checks

Network Solutions data breach – hacker accessed data of more 22 Million accounts

Stay Connected