2011 and Information Security - Cyber Security Informer

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” The authorities reported that since 2011, 7 million Bitcoin had gone into the BTC-e exchange and 5.5 ” reads the press release published by DoJ.

Cryptocurrency

Cryptocurrency Spyware Cybercrime Hacking

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Gox in 2011 and money laundering. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. Bilyuchenko is also charged with conspiring with Alexander Vinnik to run the virtual currency exchange BTC-e from 2011 to 2017. Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt.

Hacking

Hacking Cryptocurrency Advertising Banking

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

This isn’t the first incident suffered by IMF, the agency suffered a major security breach in 2011. Bleeping computer contacted IMF, which confirmed that that despite it uses the Microsoft 365, the incident does not appear to be part of Microsoft targeting recently disclosed.

Accountability

Accountability Hacking Cybersecurity Data breaches

Analyzing the 7 Cyber Kill Chain Steps

Security Boulevard

APRIL 26, 2022

The cyber kill chain is an adaptation of a military concept to the world of information security. Developed by technology corporation Lockheed Martin back in 2011, the cyber kill chain outlines the stages common to most cyberattacks. The post Analyzing the 7 Cyber Kill Chain Steps appeared first on Nuspire.

Technology

Technology Information Security

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

But instead of using this information for the sole purpose of improving security, Twitter profited by allowing advertisers to use this data to target individuals. This action violated a 2011 FTC order that prohibited the social media site from misrepresenting its privacy and security practices. FTC Chair Lina M.

Advertising

Advertising Media Accountability Account Security

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

It has already happened in the past that the popular antivirus software has identified Chrome as a malicious code, the website The Register reported a similar problem in 2011. The post Windows Defender identified Chromium, Electron apps as Hive Ransomware appeared first on Security Affairs. on September 4, 2022. Pierluigi Paganini.

Antivirus

Antivirus Ransomware Malware Software

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 9, 2022

Last week, Google rolled out emergency fixes to address a vulnerability, tracked as CVE-2022-3075 , in the Chrome web browser that is being actively exploited in the wild.

Passwords

Passwords Hacking Ransomware Risk

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. Ten years together! I’m very excited.

Cybercrime

Cybercrime Hacking Cybersecurity Data breaches

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

At the time of this writing, no ransomware group has claimed responsibility for the security breach. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Hacking

ENISA published “Proactive detection – Measures and information sources” report

Security Affairs

MAY 31, 2020

.” The EU agency launched this project to improve the detection of network security incidents in the EU, by: Providing an inventory of available measures and information sources; Identifying good practices; Recommending possible areas for development. 2- Report – Measures and information sources.

Network Security

Network Security Advertising Cybersecurity Information Security

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Ransomware

Ransomware Firmware Advertising Insurance

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Hacking

Hacking Media Malware Cybersecurity

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Ltd. (????)

Hacking

Hacking Technology Government Malware

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

He joined the gang in August 2011 and worked for the organization for five-and-a-half years, DoJ states that he was among the most prolific and active members of the gang. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants.

Ransomware

Ransomware Cryptocurrency Hacking Cybercrime

Who Wants to Become a Guest Blogger At This Blog?

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Intelligence Community and Law Enforcement agencies and organizations?

Cybercrime

Cybercrime InfoSec Cyber threats Accountability

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 The countries where cryptocurrencies were most popular suffered major losses, including Japan, South Korea, the United States, the United Kingdom, and China. ” reads the report published by Invezz. .

Cryptocurrency

Cryptocurrency Scams Marketing Hacking

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Security Affairs

DECEMBER 27, 2022

The way Facebook managed user data violated a 2011 privacy settlement with the FTC. In the Cambridge Analytica privacy scandal, the company allowed to access to the personal data of around 87 million Facebook users without their explicit consent. An FTC settlement obliged the company to review its privacy practices.

Data privacy

Data privacy Hacking Information Security

John McAfee found dead in prison cell ahead of extradition to US

Security Affairs

JUNE 23, 2021

The company was purchased by Intel in 2011 for more than $7.6bn. According to the Catalan Justice Department, the doctors at the prison tried in vain to revive the man, they believe that he committed suicide. John McAfee was the founder of the homonym anti-virus maker and ran it until 1994, when he resigned from the company.

Cryptocurrency

Cryptocurrency Banking Accountability Antivirus

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2011 Workspace ONE UEM patch 20.11.0.40 .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13 and above 2105 Workspace ONE UEM patch 21.5.0.37 and above 2102 Workspace ONE UEM patch 21.2.0.27 and above 2101 Workspace ONE UEM patch 21.1.0.27 and above.

Authentication

Authentication Hacking Software Information Security

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. The vulnerability stems from improper sanitization of URLs for repositories in root composer.json files and package source download URLs that could be interpreted as options for system commands executed by Composer.

Hacking

Hacking Software Information Security Malware

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Security Affairs

DECEMBER 27, 2022

The way Facebook managed user data violated a 2011 privacy settlement with the FTC. In the Cambridge Analytica privacy scandal, the company allowed to access to the personal data of around 87 million Facebook users without their explicit consent. An FTC settlement obliged the company to review its privacy practices.

Data privacy

Data privacy Hacking Information Security

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021.

DNS

DNS Antivirus Cryptocurrency Software

Air India suffered a data breach, 4.5 million customers impacted

Security Affairs

MAY 22, 2021

million of its customers, exposed data includes the personal information of customers registered between August. 26, 2011 and February. Air India has disclosed a data breach that impacted 4.5

Data breaches

Data breaches Passwords Hacking Cyber Attacks

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. Experts spotted the PyMICROPSIA info stealer while investigating attacks of the AridViper group (also tracked as Desert Falcon and APT-C-23 ).

Malware

Malware Hacking Information Security

#OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific

Security Affairs

AUGUST 18, 2023

After the incident at the Fukushima plant that was caused by the 2011 earthquake and tsunami, the water has been kept in tanks after going through the advanced liquid processing system that removes most radionuclides except tritium. The media reported that the storage vessels are nearing capacity.

Government

Government Media DDOS Hacking

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

The blockchain-enabled botnet has been active since at least 2011, researchers estimated that the Glupteba botnet was composed of more than 1 million Windows PCs around the world as of December 2021.

Malware

Malware Cybercrime Cryptocurrency Media

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Security Affairs

FEBRUARY 16, 2023

The carmakers will reimburse the purchase of steering wheel locks, to the owners of some 2011-2022 model-year vehicles without engine immobilizers that cannot install the software upgrade. The upgrade will be performed by Hyundai dealers, and the carmaker ensures that the process will take less than one hour to be completed.

Software

Software Media Engineering Hacking

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Spyware

Spyware Surveillance Mobile Advertising

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The blockchain-enabled botnet has been active since at least 2011, researchers estimate that the Glupteba botnet is currently composed of more than 1 million Windows PCs around the world.

Backups

Backups Advertising Accountability Malware

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Security Affairs

NOVEMBER 22, 2021

The US had sanctioned Mahan Air in 2011 for providing financial, material, or technological support to Iran’s Islamic Revolutionary Guard Corps. . #????? #??_??_??????_?????? #IranProtests #MahanAir pic.twitter.com/bBkfBKJ4uK — Hooshyarane Vatan (@Hooshyaran1) November 21, 2021.

Cyber Attacks

Cyber Attacks Media Hacking Government

France ANSSI agency warns of APT31 campaign against French organizations

Security Affairs

JULY 21, 2021

Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope , TEMP.Jumper , and Leviathan ) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Government Information Security Cybersecurity

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S. Russian state-sponsored APT actors’ campaign against Ukrainian critical infrastructure, 2015 and 2016. . Pierluigi Paganini.

Malware

Malware Cyber threats Cybersecurity Government

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

The vendor also fixed a high-severity vulnerability, tracked as CVE-2020-2011 , that could be exploited by a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition to all Panorama services by sending specially crafted registration requests.

Firewall

Firewall Authentication Advertising VPN

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

More than 3,000 Openfire servers exposed to attacks using a new exploit

Security Affairs

AUGUST 24, 2023

released in 2011.” Any version released before then is not vulnerable, and these older versions make up nearly 25% of the internet-facing Openfire servers. Of those, the most popular version is 3.7.1,released This leaves approximately 50% of the internet-facing Openfire servers using affected versions.”

Internet

Internet Internet Engineering Authentication

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Surveillance

Surveillance Spyware Software Advertising

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

“During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” Imperva concludes.

Advertising

Advertising Cryptocurrency Internet Internet

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Aparat is an Iranian video-sharing site that was founded in 2011. A Google image search using the icon returned some results with the same image. All the results were under the domain aparat[.]com. The image matched was used as a profile picture for a user on the site. The profile page provided a link to a Twitter account.”

Malware

Malware Authentication Software Accountability

Irish Silk Road admin sentenced to 78 months in federal prison

Security Affairs

JULY 26, 2019

According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 Silk Road was seized by law enforcement in 2013 and his founder Ross William Ulbricht (aka Dread Pirate Roberts) was arrested, later it was sentenced to life in prison after being convicted on multiple counts related to the Silk Road activity.

Marketing

Marketing Advertising Cybercrime Information Security

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Security Affairs

APRIL 29, 2022

ALET has worked with over 400 companies since 2011 to file over 119,000 customs declarations and has recommendations from Gazprom, Gazprom Neft and Bashneft. ALET is a customs broker for companies in the fuel and energy industries, handling exports and customs declarations for coal, crude oil, liquefied gases and petroleum products.

Banking

Banking Hacking Government Cybersecurity

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. ” April 2021 Security Patch Day includes two other Hot News security notes, which are updates to previously released notes. ” reads the advisory published by NIST.

Engineering

Engineering Software Hacking Information Security

Copycat Criminals mimicking Lockbit gang in northern Europe

Security Affairs

JANUARY 28, 2023

About the author: Luca Mella , Cyber Security Expert, Response & Threat Intel | Manager In 2019, Luca was mentioned as one of the “32 Influential Malware Research Professionals”. He is a former member of the ANeSeC CTF team, one of the firsts Italian cyber wargame teams born back in 2011.

Penetration Testing

Penetration Testing Ransomware Firewall Social Engineering

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

We spent searching holes in Italian universities (and not only, we remember that dozens of universities were hacked in 2011), to try to show you that security in the academic environment must be taken seriously since the university is the den of the excellent minds of our future. Below the translation of message published by the group.

Hacking

Hacking Data breaches Advertising Education

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Trending Sources

Email accounts of the International Monetary Fund compromised

Analyzing the 7 Cyber Kill Chain Steps

Twitter Fined $150 Million for Misuse of 2FA User Data

Windows Defender identified Chromium, Electron apps as Hive Ransomware

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Happy 10th Birthday, Security Affairs

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

ENISA published “Proactive detection – Measures and information sources” report

Security Affairs newsletter Round 284

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

US DoJ indicts four members of China-linked APT40 cyberespionage group

US man sentenced to 4 years in prison for his role in Infraud scheme

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Who Wants to Become a Guest Blogger At This Blog?

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

John McAfee found dead in prison cell ahead of extradition to US

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Command injection flaw in PHP Composer allowed supply-chain attacks

Facebook (Meta) to settle Cambridge Analytica data leak for $725M

Glupteba botnet is back after Google disrupted it in December 2021

Air India suffered a data breach, 4.5 million customers impacted

PyMICROPSIA Windows malware includes checks for Linux and macOS

#OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific

Google obtained a temporary court order against CryptBot distributors

Hyundai and Kia to patch a flaw that allows the theft of the cars with a USB cable

Unknown FinSpy Mac and Linux versions found in Egypt

Google disrupts the Glupteba botnet

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

France ANSSI agency warns of APT31 campaign against French organizations

Russia-linked threat actors targets critical infrastructure, US authorities warn

Palo Alto Networks addresses tens of serious issues in PAN-OS

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

More than 3,000 Openfire servers exposed to attacks using a new exploit

German authorities raid the offices of the FinFisher surveillance firm

KashmirBlack, a new botnet in the threat landscape that rapidly grows

YTStealer info-stealing malware targets YouTube content creators

Irish Silk Road admin sentenced to 78 months in federal prison

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Copycat Criminals mimicking Lockbit gang in northern Europe

Three Italian universities hacked by LulzSec_ITA collective

Stay Connected