2010, Hacking, Information Security and Internet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Security Affairs

SEPTEMBER 26, 2023

BORN Ontario hired cybersecurity experts to mitigate the threat, secure its infrastructure, and investigate the scope of the incident. The organization confirmed that it was the victim of the massive hacking campaign targeting Progress MOVEit transfer systems that was conducted by the Clop ransomware group.

Data breaches

Data breaches Healthcare Ransomware Hacking

The cybersecurity researcher Dan Kaminsky has died

Security Affairs

APRIL 24, 2021

Dan Kaminsky was very active in the cyber security community, he was a regular speaker at major cybersecurity and hacking conferences, including Black Hat and DEFCON. On June 16, 2010, he was named by Internet Corporation for Assigned Names and Numbers (ICANN) as one of the Trusted Community Representatives for the DNSSEC root.

Cybersecurity

Cybersecurity InfoSec DNS Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. The Energetic Bear APT group has been active since at least 2010 most of the victims of the group are organizations in the energy and industrial sectors.

Data breaches

Data breaches Passwords Telecommunications Advertising

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Microsoft issues an out-of-band update to address SharePoint information disclosure flaw

Security Affairs

DECEMBER 19, 2019

The CVE-2019-1491 flaw affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2010 SP2 and 2013 SP1 and Microsoft SharePoint Server 2019. SecurityAffairs – SharePoint, hacking). The flaw was reported by Saif ElSherei from the Microsoft Research Center’s Vulnerabilities and Mitigations Team.

Advertising

Advertising Internet Internet Hacking

Google reported that Microsoft failed to fix a Windows zero-day flaw

Security Affairs

DECEMBER 24, 2020

On May 19, 2010, ZDI published an advisory after that threat actors exploited the flaw in the wild in a campaign tracked as “ Operation PowerFall.” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, Windows). .” Splwow64.exe Pierluigi Paganini.

Hacking

Hacking Internet Internet Accountability

Microsoft sued North Korea-linked Thallium group

Security Affairs

DECEMBER 30, 2019

Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. 27 in the U.S. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Phishing Accountability Malware

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

Onapsis set up honeypots to study the attacks against SAP installs and determined that the following vulnerabilities are being actively scanned for and exploited: • CVE-2010-5326 • CVE-2018-2380 • CVE-2016-3976 • CVE-2016-9563 • CVE-2020-6287 • CVE-2020-6207. SecurityAffairs – hacking, SAP systems). ” concludes the report.

Risk

Risk Architecture Cybersecurity Accountability

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. . SecurityAffairs – Maryland Depar t ment of Labor , hacking). The post Maryland Department of Labor discloses a data breach appeared first on Security Affairs. Pierluigi Paganini.

Data breaches

Data breaches Insurance Advertising Technology

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

It is crucial to ensure that leaked keys are in longer bit-lengths and encoded using secure encryption/hashing algorithms. Additionally, the company should consider whether the platform needs to be accessible through the internet or only through a VPN, which would provide an additional layer of security.

Manufacturing

Manufacturing Media Accountability Risk

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

Security Affairs

NOVEMBER 11, 2021

Zhukov, aka Nastra, was arrested in Bulgaria, where he had lived since 2010, in November 2018 and was extradited to the US on January 18. . Security firms helped the FBI to shut down the massive ad-fraud operation. Law enforcement obtained warrants that allowed them to seize 31 internet domains and 89 servers of the 3ve infrastructure.

Advertising

Advertising Mobile Internet Internet

The Hacker Mind Podcast: Hacking Communities

ForAllSecure

JULY 14, 2021

It's about challenging our expectations about the people who hack for a living. At that time back in 2010. We talked about the rise of social media InfoSec influencers, and whether or not some of these influencers had actually done the work to merit them talking about hacking, or whether it was all showmanship.

Hacking

Hacking InfoSec Media Technology

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

ForAllSecure

SEPTEMBER 10, 2021

Learn how even someone mid career in security can play on their own, and even fill in gaps on their own learning, all year round. Vamosi: Welcome to the hacker mind, and original podcast from for all secure, it's about challenging our expectations about the people who hack for a living. And they attack the problem differently.

Hacking

Hacking Education InfoSec Engineering

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. “How many of these are vulnerable?

Advertising

Advertising Authentication Internet Internet

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

FEBRUARY 15, 2020

The protocol Bluetooth Low Energy (BLE) was released in 2010 and it is designed to implement a new generation of services for mobile applications. SecurityAffairs – SweynTooth, hacking). The post SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors appeared first on Security Affairs.

IoT

IoT Firmware Advertising Hacking

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

The list of flaws addressed by the tech giant doesn’t include zero-days or publicly disclosed vulnerabilities, 29 issues were rated as ‘Critical’ and affect Microsoft’s Edge and Internet Explorer web browsers, Windows, Outlook and Office. This issue reminds us of the flaw exploited by the Stuxnet malware back in 2010.

Authentication

Authentication Advertising Internet Internet

Number of hacktivist attacks declined by 95 percent since 2015

Security Affairs

MAY 18, 2019

“Yet amid all the concern, there is one threat trend that our data suggests has been on the decline: hacktivism — the subversive use of internet-connected devices and networks to promote a political or social agenda.” SecurityAffairs – hacktivist attacks, hacking). .” reads a blog post published by IBM.

Advertising

Advertising Data collection DDOS Healthcare

FBI and DHS CISA issue alerts on e-skimming attacks

Security Affairs

OCTOBER 23, 2019

Security firms have monitored the activities of a dozen groups at least since 2010. . The FBI and DHS CISA suggest people report suspected attacks to their local FBI office or to the FBI’s Internet Crime Complaint Center at www.ic3.gov. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Social Engineering

Social Engineering Advertising Software Firewall

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Security Affairs

NOVEMBER 8, 2021

Experts warn of an ongoing hacking campaign that already compromised at least nine organizations worldwide from critical sectors by exploiting CVE-2021-40539. 17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet. SecurityAffairs – hacking, CVE-2021-40539).

Healthcare

Healthcare Password Management Financial Services Surveillance

Iran announced to have foiled massive cyberattacks on public services

Security Affairs

APRIL 25, 2022

“The report said that unidentified parties behind the cyberattacks used Internet Protocols in the Netherlands, Britain and the United States to stage the attacks.” SecurityAffairs – hacking, SolarMarker). The post Iran announced to have foiled massive cyberattacks on public services appeared first on Security Affairs.

Cyber Attacks

Cyber Attacks Malware Internet Internet

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Domain The team knew how much BackTrack was growing in popularity, and as they did not switch the project name when using Ubuntu, it was time to create its own place on the Internet. With the launch the first stable release of BackTrack 4 in January 2010, the project got its own domain ( backtrack-linux.org ) and moved off remote-exploit.

InfoSec

InfoSec Penetration Testing Architecture Software

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Not long afterwards, in about the 2010 time frame, IAM vendors first arrived on the scene, including Optimal IdM, Centrify, Okta and CyberArk, followed by many others. This is, in essence, how Uber got hacked last year. Pulitzer Prize-winning business journalist Byron V.

Government

Government Authentication Technology Data breaches

EP 49: LoL

ForAllSecure

JUNE 21, 2022

Vamosi: Welcome to the hacker mind and original podcast from for all secure. It's about challenging our expectations about the people who hack for a living. But it's not what you think because typically in Microsoft office hacking scenarios, it comes down to macros. And that's what makes this hack. I'm Robert Vamosi.

Ransomware

Ransomware Marketing Software Antivirus

Cyber Security Informer

Administrator of RSOCKS Proxy Botnet Pleads Guilty

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Trending Sources

The cybersecurity researcher Dan Kaminsky has died

Meet the Administrators of the RSOCKS Proxy Botnet

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Cyber Security Roundup for April 2021

Microsoft issues an out-of-band update to address SharePoint information disclosure flaw

Google reported that Microsoft failed to fix a Windows zero-day flaw

Microsoft sued North Korea-linked Thallium group

SAP systems are targeted within 72 hours after updates are released

Maryland Department of Labor discloses a data breach

Key aerospace player Safran Group leaks sensitive data

DoJ sentenced Russian ‘King of Fraud’ behind the fraud scheme 3ve to 10 years

The Hacker Mind Podcast: Hacking Communities

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Number of hacktivist attacks declined by 95 percent since 2015

FBI and DHS CISA issue alerts on e-skimming attacks

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw

Iran announced to have foiled massive cyberattacks on public services

Happy 10th anniversary & Kali's story.so far

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

EP 49: LoL

Stay Connected