2010, Accountability, Hacking and Information Security

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

“Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent. This was a well-informed opinion carefully supported by evidence and explained over two detailed reports.” SecurityAffairs – hacking, Julian Assange).

Government

Government Risk Passwords Hacking

Hospitality Chain McMenamins discloses data breach after ransomware attack

Security Affairs

JANUARY 4, 2022

According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021. According to the company, threat actors likely accessed files containing direct deposit bank account information. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Data breaches

Data breaches Ransomware Insurance Banking

Journalist Matthew Keys is now charged with an attack on a magazine

Security Affairs

APRIL 29, 2020

Matthew Keys, a former Reuters journalist, who was sentenced to 2 years in prison for hacking attacks on California media is now charged with an attack on a magazine. When Keys left Tribune Company-owned Sacramento KTXL Fox 40 in 2010, he shared login credentials of the CMS used by the website with members of Anonymous.

Hacking

Hacking Advertising Accountability Media

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Security Affairs

APRIL 3, 2020

2020 – A zero-day vulnerability in the ThemeREX Addons was actively exploited by hackers in the wild to create user accounts with admin permissions. March 2010 – A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Accountability

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

SEPTEMBER 17, 2020

US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. In August 2010, the same federal jury announced an indictment that charges Malaysian businessmen Wong Ong Hua, 46, and Ling Yang Ching, 32, for conspiring with two of the Chinese hackers.

Identity Theft

Identity Theft Advertising Government Technology

Bulletproof VPN services took down in a global police operation

Security Affairs

DECEMBER 22, 2020

VPN bulletproof services are widely adopted by cybercrime organizations to carry out malicious activities, including ransomware and malware attacks, e-skimming breaches, spear-phishing campaigns, and account takeovers. SecurityAffairs – hacking, VPN). ” reads the press release published by the Europol. day to $190/year.

VPN

VPN Cybercrime Advertising Accountability

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013.

Hacking

Hacking Advertising Malware Engineering

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. SecurityAffairs – hacking, Uyghurs). Record phone calls. Take pictures. ” concludes the report. Pierluigi Paganini.

Surveillance

Surveillance Spyware Malware Mobile

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

Furthermore, attackers used proof-of-concept code to attack SAP systems, but also brute-force attacks to take over high-privileged SAP user accounts. The goal of these attacks was to take full control of an SAP deployment in order to modify configurations and user accounts to exfiltrate business information. Pierluigi Paganini.

Risk

Risk Architecture Cybersecurity Accountability

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

District Court for the District of New Jersey charging Kovalev with conspiracy to commit bank fraud and eight counts of bank fraud in connection with a series of intrusions into victim bank accounts held at various U.S.-based based financial institutions that occurred in 2009 and 2010, predating his involvement in Dyre or the Trickbot Group.

Banking

Banking Ransomware Cybercrime Malware

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

Knowing them, a threat actor could be able to hijack the session and therefore the account. If attackers had access to this key, they could create an admin account and have privileged access to a website. The unidentified hackers allegedly attempted to map the company’s computer system between 2009 and 2010.

Manufacturing

Manufacturing Media Accountability Risk

Google reported that Microsoft failed to fix a Windows zero-day flaw

Security Affairs

DECEMBER 24, 2020

On May 19, 2010, ZDI published an advisory after that threat actors exploited the flaw in the wild in a campaign tracked as “ Operation PowerFall.” The flaw could allow installing malicious programs, view, change, or delete data, and create new accounts with full user rights. SecurityAffairs – hacking, Windows).

Hacking

Hacking Internet Internet Accountability

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. ” continues the Department. .

Data breaches

Data breaches Insurance Advertising Technology

In Retrospective – The “Office” Circa 2006 Up To Present Day

Security Boulevard

SEPTEMBER 20, 2021

Dear blog readers, This is Dancho.

Mobile

Mobile Engineering Accountability Hacking

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The cluster included multiple databases, two of them contained tax and personally identifiable information about Russian citizens, prevalently from Moscow and the surrounding area. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Identity Theft

Identity Theft Scams Advertising Risk

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Security Affairs

NOVEMBER 11, 2021

Zhukov, aka Nastra, was arrested in Bulgaria, where he had lived since 2010, in November 2018 and was extradited to the US on January 18. . The experts discovered that crooks used over 60,000 accounts selling ad inventory generating a record of 3 to 12 billion of daily ad bid requests. SecurityAffairs – hacking, Operation Cyclone).

Advertising

Advertising Mobile Internet Internet

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” This issue reminds us of the flaw exploited by the Stuxnet malware back in 2010.

Authentication

Authentication Advertising Internet Internet

FBI and DHS CISA issue alerts on e-skimming attacks

Security Affairs

OCTOBER 23, 2019

In other attacks, hackers have compromised plugins used by e-commerce platforms in a classic supply chain attack or have injected software skimmers inside a company’s cloud hosting account that was poorly protected. Security firms have monitored the activities of a dozen groups at least since 2010. .

Social Engineering

Social Engineering Advertising Software Firewall

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Security Affairs

DECEMBER 4, 2022

“Court documents and government contracting records show the agencies tasked with monitoring the Mexican border have spent record sums on car hacking tools, while talking up the extraordinary amount of valuable evidence that can be reaped from onboard computers.” SecurityAffairs – hacking, infotainment systems).

Surveillance

Surveillance Technology Mobile Hacking

Data of 2 million MyFreeCams users sold on a hacker forum

Security Affairs

JANUARY 22, 2021

At the time of this writing, the threat actor has deleted its post, as well as its account, and emptied the cryptocurrency wallet used for the sale. The investigation conducted by MyFreeCams revealed that data were stolen in “a security incident that occurred more than ten years ago in June 2010.” Pierluigi Paganini.

Passwords

Passwords Marketing Accountability Cryptocurrency

Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring

Security Affairs

MARCH 31, 2022

The vulnerability was disclosed after a Chinese security researcher published a proof-of-concept (PoC) exploit before deleting its account (helloexp). It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account. SecurityAffairs – hacking, Spring4Shell).

Accountability

Accountability Hacking Software Cybersecurity

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

A separate set of startups soon cropped up specifically to handle the provisioning of log on accounts that gave access to multiple systems, and also the de-provisioning of those accounts when a user left the company. Efforts to balance security and productivity sometimes backfired.

Government

Government Authentication Technology Data breaches

Iran announced to have foiled a second cyber-attack in a week

Security Affairs

DECEMBER 15, 2019

The APT27 cyber espionage group (aka Emissary Panda , TG-3390 , Bronze Union , and Lucky Mouse ) has been active since 2010, it targeted organizations worldwide, including U.S. “A day earlier, the minister had dismissed reports that millions of Iranian bank accounts had been hacked.” Iran, hacking).

Cyber Attacks

Cyber Attacks Telecommunications Government Advertising

Cyber Security Informer

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

British Court rejects the US’s request to extradite Julian Assange

Trending Sources

Hospitality Chain McMenamins discloses data breach after ransomware attack

Journalist Matthew Keys is now charged with an attack on a magazine

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

APT41 actors charged for attacks on more than 100 victims globally

Bulletproof VPN services took down in a global police operation

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Microsoft sued North Korea-linked Thallium group

SAP systems are targeted within 72 hours after updates are released

US and UK sanctioned seven Russian members of Trickbot gang

Key aerospace player Safran Group leaks sensitive data

Google reported that Microsoft failed to fix a Windows zero-day flaw

Cyber Security Roundup for April 2021

Maryland Department of Labor discloses a data breach

In Retrospective – The “Office” Circa 2006 Up To Present Day

Experts found 20 Million tax records for Russian citizens exposed online

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

FBI and DHS CISA issue alerts on e-skimming attacks

Law enforcement agencies can extract data from thousands of cars’ infotainment systems

Data of 2 million MyFreeCams users sold on a hacker forum

Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

Iran announced to have foiled a second cyber-attack in a week

Stay Connected