2012, Accountability and Information Security

Horde Webmail Software is affected by a dangerous bug since 2012

Security Affairs

FEBRUARY 23, 2022

Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment. disable' => true.

Software

Software Accountability Government Hacking

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

They also used Bitcoin addresses associated with their accounts on two other Bitcoin exchanges The two Russian nations also used a Bitcoin brokerage service known as the New York Bitcoin Broker to transfer large amounts of funds to overseas bank accounts between March 2012 and April 2013 under the guise of an advertising services contract.

Hacking

Hacking Cryptocurrency Advertising Banking

Japan Suffered Record Number of Privacy and Security Violations in 2020

Hot for Security

FEBRUARY 23, 2021

Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times. Personal information on a total of 25.15

Accountability

Accountability Information Security Malware Data breaches

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

In July, Anonymous Sudan announced it had stolen credentials for 30 million customer accounts. In September, Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. Skynet was first discovered in 2012 and has since grown to become one of the largest botnets in the world.

DDOS

DDOS Cryptocurrency Accountability Media

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” The hackers managed to access sensitive HR information and documents about the company’s current and former employees. This isn’t the first time that the company was the victim of a cyber attack.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

‘Justice Blade’ Hackers are Targeting Saudi Arabia

Security Affairs

NOVEMBER 7, 2022

The bad actors claim to have stolen a significant volume of data, including CRM records, personal information, email communications, contracts, and account credentials. The same day, Justice Blade also set up a Telegram account with a private communications channel.

Government

Government Accountability Data breaches Hacking

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. . ” reads the post published by ESET. ” continues the report. Pierluigi Paganini.

Accountability

Accountability Malware Cyber Attacks Media

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

Peace stole data from over 360 million Myspace accounts. The stolen data was several years old, but it is still valuable on the dark web because people often reuse passwords for multiple sites and accounts, from online banking to eCommerce accounts. In 2012, LinkedIn was hit with a breach and more than 6.5

Data breaches

Data breaches Media Passwords Accountability

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million September 2012 Bukalapak.com 13 million February 2018 Bookmate.com 8 million July 2018 ReverbNation.com 7.9

Data breaches

Data breaches Advertising Passwords Hacking

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Security Affairs

DECEMBER 6, 2022

The experts analyzed the NissanConnect app and reached out to some Nissan owners who signed into their accounts to inspect the HTTP traffic. We recently found a vulnerability affecting Hyundai and Genesis vehicles where we could remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.

Hacking

Hacking Engineering Mobile Internet

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Malware

Malware Cybercrime Banking Hacking

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

It has its own statute and specific regulations governing administration and accounting. “From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.”

Ransomware

Ransomware Government Scams Hacking

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, com and its alleged administrator, a Croatian national.

Malware

Malware Cybercrime Data breaches Internet

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. ” reads the advisories published by Microsoft.

Advertising

Advertising Firewall Education Engineering

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The Neverquest malware is able to log in to the victim’s online banking account and perform fraudulent transactions. Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, the managed a network of servers containing lists of millions of stolen login credentials.

Banking

Banking Malware Advertising Passwords

Mitsubishi Electric Corp. was hit by a new cyberattack

Security Affairs

NOVEMBER 20, 2020

was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.”

Banking

Banking Cyber Attacks Accountability Media

DoJ announced to have shut down Slilpp marketplace in international operation

Security Affairs

JUNE 11, 2021

The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts. law enforcement in connection with the Slilpp marketplace.

Cybercrime

Cybercrime Accountability Retail Cyber threats

FIA World Endurance Championship driver passports leaked

Security Affairs

JULY 18, 2023

Introduced in 2012, FIA WEC features eight endurance races across the world, including its cornerstone stage – 24 hours at Le Mans. With such a trove of personal information, a criminal could impersonate victims, essentially stealing their identities and running wild with them. Both combined, they contained over 1.1 million files.

Banking

Banking Government Accountability Hacking

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”.

Engineering

Engineering Data breaches Ransomware Banking

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches

Data breaches Technology Software Accountability

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

“Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent. This was a well-informed opinion carefully supported by evidence and explained over two detailed reports.”

Government

Government Risk Passwords Hacking

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

In 2012, the US government added Shevlyakov to Entity List, a ban list for procuring and delivering export-restricted items to Russia. electronics manufacturers and distributors between approximately October 2012 and January 2022. hacking tools and electronics appeared first on Security Affairs.

Computers and Electronics

Computers and Electronics Hacking Penetration Testing Manufacturing

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. An administrator account Xerx3s on Abusewithus.

Hacking

Hacking Accountability Data breaches Marketing

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. ” concludes the report.”To ” Pierluigi Paganini.

Retail

Retail Malware Mobile Accountability

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. According to people involved, Chinese hackers Tick may have been involved.

Antivirus

Antivirus Hacking Advertising Media

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Security Affairs

JUNE 21, 2020

The Neverquest malware is able to log in to the victim’s online banking account and perform fraudulent transactions. Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, he managed a network of servers containing lists of millions of stolen login credentials.

Banking

Banking Malware Advertising Hacking

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43.

Phishing

Phishing Media Passwords Malware

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Security Affairs

MAY 16, 2019

was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. replaces the original Attack Surface Analzyer tool, released publicly in 2012.” The first version of the Attack Surface Analyzer 1.0 “Attack Surface Analyzer 2.0

Advertising

Advertising Software Technology Accountability

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

Security Affairs

MARCH 16, 2021

.” On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. a MAPP partner company based in China, for leaking data related to CVE-2012-0002.

Antivirus

Antivirus Cyber Attacks Hacking Accountability

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The three vulnerabilities addressed by the security vendor are: CVE-2021-20021 : Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security version 10.0.9.x x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Authentication

Authentication Accountability Encryption Hacking

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

XakFor has been active since 2012, most of its visitors were Russian-speaking hackers and crooks. According to Belarusian authorities, XakFor had more than 28,000 registered accounts at the time of seizure that took place last month. ” Unlike other crime forums, XakFor was not hosted on anonymizing networks like Tor and I2P.

Advertising

Advertising Malware Cybercrime Hacking

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. “According to people involved, Chinese hackers Tick may have been involved. .”

Data breaches

Data breaches Media Computers and Electronics Cyber Attacks

News aggregator Flipboard disclosed a data breach

Security Affairs

MAY 29, 2019

The news aggregator Flipboard announced that it suffered a breach, unauthorized users had access to some databases storing user account information. The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information.

Data breaches

Data breaches Accountability Passwords Advertising

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

Security Affairs

NOVEMBER 17, 2022

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus Crew. At the time, DoJ accused Penchukov of coordinating the exchange of stolen banking credentials and money mules and received alerts once a bank account had been compromised.

Cybercrime

Cybercrime Banking Identity Theft Hacking

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

” ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. .”

Malware

Malware Education Media Phishing

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. According to the experts, the backdoor might have been active since at least 2012. . “We

Encryption

Encryption Government Advertising Cyber Attacks

CORL Announces Strategic Growth Investment from Primus Capital

CyberSecurity Insiders

JANUARY 5, 2022

Since its founding in 2012, CORL has delivered healthcare vendor and information security, compliance, and privacy solutions that harness vendor data intelligence, technology, and managed services to achieve measurable cybersecurity risk reduction at scale. Visit corltech.com and follow us on LinkedIn. About Primus Capital.

Healthcare

Healthcare Risk Technology Information Security

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Security Affairs

AUGUST 14, 2019

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” The flaws affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1,

Authentication

Authentication Advertising Internet Internet

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky. In 2012, as a senior soon to graduate with a physics degree, he worked on a project with faculty member Robert W.

Malware

Malware Passwords Identity Theft Data collection

A new Adwind variant involved in attacks on US petroleum industry

Security Affairs

OCTOBER 1, 2019

The Adwind RAT was first discovered early 2012, the experts dubbed it Frutas RAT and later it was identified with other names, Unrecom RAT (February 2014), AlienSpy (October 2014), and recently JSocket RAT (June 2015). . “When the victim executes the payload, there are multiple levels of JAR extractions that occur.”

Malware

Malware Advertising DDOS Cybercrime

FTC fines Facebook $5B and obliges it to adopt a new privacy framework

Security Affairs

JULY 25, 2019

. “The order requires Facebook to restructure its approach to privacy from the corporate down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight,” reads the FTC’s press release.

Advertising

Advertising Accountability Information Security Hacking

Horde Webmail Software is affected by a dangerous bug since 2012

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Trending Sources

Japan Suffered Record Number of Privacy and Security Violations in 2020

After ChatGPT, Anonymous Sudan took down the Cloudflare website

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

‘Justice Blade’ Hackers are Targeting Saudi Arabia

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Cybercriminals are Oversharing with Social Media Data Breaches

DNA testing company fined after customer data theft

Threat actors are offering for sale 550 million stolen user records

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Mitsubishi Electric Corp. was hit by a new cyberattack

DoJ announced to have shut down Slilpp marketplace in international operation

FIA World Endurance Championship driver passports leaked

German industrial giant ThyssenKrupp targeted in a new cyberattack

New Version of Meduza Stealer Released in Dark Web

Data Enrichment, People Data Labs and Another 622M Email Addresses

British Court rejects the US’s request to extradite Julian Assange

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

US deported NeverQuest operator Stanislav Vitaliyevich Lisov to Russia

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Is there a link between Microsoft Exchange exploits and PoC code the company shared with partner security firms?

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Mitsubishi Electric discloses data breach, media blame China-linked APT

News aggregator Flipboard disclosed a data breach

Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Platinum APT and leverages steganography to hide C2 communications

CORL Announces Strategic Growth Investment from Primus Capital

Microsoft Patch Tuesday for August 2019 patch 93 bugs, including 2 dangerous wormable issues

Alleged FruitFly malware creator ruled incompetent to stand trial

A new Adwind variant involved in attacks on US petroleum industry

FTC fines Facebook $5B and obliges it to adopt a new privacy framework

Stay Connected