2012, Hacking, Internet and Passwords - Cyber Security Informer

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. ”] Kislitsin was hired by Group-IB in January 2013, nearly six months after the Formspring hack. Department of Justice.

Cybersecurity

Cybersecurity Cybercrime Hacking Technology

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Kilmer said Faceless has emerged as one of the underground’s most reliable malware-based proxy services, mainly because its proxy network has traditionally included a great many compromised “Internet of Things” devices — such as media sharing servers — that are seldom included on malware or spam block lists.

Malware

Malware Passwords Accountability Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

How to lose your password

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The tsunami of passwords that exist across every aspect of our digital life means that there’s a thriving underground industry of cyber-criminals trying to get at them. To borrow from Shakespeare’s Macbeth: “Each new morn, new widows howl, new orphans cry, new sorrows slap Internet giants on the face”. million records exposed.

Passwords

Passwords Internet Internet Data breaches

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BitSight researchers found significant overlap in the Internet addresses used by those domains and a domain called BHproxies[.]com. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com

Accountability

Accountability Advertising Marketing Malware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. “Why do I need a certificate? .” ru in 2008.

Malware

Malware Cybercrime Software Antivirus

GAO report reveals new Pentagon weapon systems vulnerable to hack

Security Affairs

OCTOBER 10, 2018

According to a new report published by the Government Accountability Office (GAO) almost any new weapon systems in the arsenal of the Pentagon is vulnerable to hack. GAO experts found several major security issued in the Pentagon arsenal, including easy-to-guess passwords, or weapon system still using factory settings.

Hacking

Hacking Passwords Password Management Advertising

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

Collectively in control over millions of spam-spewing zombies, those botmasters also continuously harvested passwords and other data from infected machines. As we’ll see in a moment, Salomon is now behind bars, in part because he helped to rob dozens of small businesses in the United States using some of those same harvested passwords.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Verified was hacked at least twice in the past five years, and its user database posted online.

Ransomware

Ransomware Passwords Accountability Cybercrime

NK-linked InkySquid APT leverages IE exploits in recent attacks

Security Affairs

AUGUST 18, 2021

North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper. APT37 has been active since at least 2012, it mainly targeted government, defense, military, and media organizations in South Korea. SecurityAffairs – hacking, InkySquid).

Internet

Internet Internet Media Engineering

Independent Firms Discover 98% of Cybersecurity Vulnerabilities

SiteLock

AUGUST 27, 2021

In a report published at the end of 2012 on the growing hacking threat to websites, research firm Frost and Sullivan found that of all cyber security vulnerabilities, more than 98% were discovered by third-party researchers , while less than 2% were discovered by the people who made the applications that contained the vulnerabilities.

Cybersecurity

Cybersecurity Social Engineering Passwords Hacking

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

MARCH 4, 2019

In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. A (redacted) screen shot shared by the apparent hacker who was selling access to usernames and passwords for customers of multiple data-search Web sites.

Marketing

Marketing Passwords Hacking Advertising

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Historical context There was strong anti-American sentiment woven into the Shamoon “wiper” virus that devastated Saudi oil company Aramaco in August of 2012. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare. As geopolitical tensions between the U.S.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

APRIL 13, 2020

Here are key takeaways: Middle East motivation Somewhat quietly since about 2012 or so, nation states of the Middle East, led by Saudi Arabia and the UAE, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. For a full drill down, give a listen to the accompanying podcast. It’s coming.

Mobile

Mobile Computers and Electronics Encryption Data privacy

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

Somewhat quietly since about 2012 or so, nation states in that region, led by Saudi Arabia and the United Arab Emirates, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. Ransomware hacking groups extorted at least $144.35 That basic advice continues to hold very true today, even more so.

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. The malware can also get proxy settings from Internet Explorer.

Encryption

Encryption Passwords Malware Software

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

Security Boulevard

MAY 5, 2022

The last time we saw a bug of this scope was Heartbleed , the infamous attack on OpenSSL that lay undetected for two years (originating in 2012 and remaining unknown until 2014). Because OpenSSL is everywhere, infiltrating it is like hitting the hacking jackpot. Heartbleed: Have we learned our lesson? What did Heartbleed teach us?

Encryption

Encryption Software Media Authentication

Cell Networks Hacked by (Probable) Nation-State Attackers

Schneier on Security

JULY 9, 2019

The researchers found the hackers got into one of the cell networks by exploiting a vulnerability on an internet-connected web server to gain a foothold onto the provider's internal network. From there, the hackers continued to exploit each machine they found by stealing credentials to gain deeper access.

Hacking

Hacking Telecommunications Malware Passwords

Dashlane 2024

eSecurity Planet

JANUARY 29, 2024

Dashlane is a password management software that’s popular for business and personal uses alike. The company was founded in 2009, and the first software edition was released in 2012. Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault.

Password Management

Password Management Passwords Authentication Accountability

How crooks conduct Money Laundering operations through mobile games

Security Affairs

JULY 18, 2018

In June 2018 we have spotted a strange database publicly exposed to the public internet (no password/login required) along with a large number of credit card numbers and personal information inside.” ” reads the blog post published by Kromtech Security. ” reported Kromtech Security. Offered by. Android Users.

Mobile

Mobile Accountability Advertising Marketing

Top 10 Data Breaches of All Time

SecureWorld News

MARCH 24, 2022

One of the first hacks to ever get widespread public attention occurred on the night of April 27, 1986. RELATED: Original HBO Hack ]. To some, the ability to hack a satellite broadcast was unsettling. What was compromised: names, email addresses, and passwords. Damages: leaked accounts could be hacked. and Vietnam.

Data breaches

Data breaches Passwords Accountability Government

The Hacker Mind Podcast: Car Hacking 0x05

ForAllSecure

AUGUST 10, 2021

Robert Leale, the driving force behind the Car Hacking village at DEF CON, joins The Hacker Mind to talk about CANBus basics, and whether we’ll see cars subjected to ransomware attacks. He also shares some tools, books, and website resources that you can use to get started hacking cars yourself.

Hacking

Hacking Manufacturing Computers and Electronics Engineering

Ten Years Later, New Clues in the Target Breach

Krebs on Security

DECEMBER 14, 2023

FLASHBACK The new clues about Rescator’s identity came into focus when I revisited the reporting around an April 2013 story here that identified the author of the OSX Flashback Trojan , an early malware strain that quickly spread to more than 650,000 Mac computers worldwide in 2012.

Cybercrime

Cybercrime Accountability Advertising Computers and Electronics

Top 10 Data Breaches of All Time

SecureWorld News

DECEMBER 29, 2020

One of the first hacks to get widespread public attention in the United States and Canada occurred on the night of April 27, 1986. Related: Original HBO Hack ]. To some, the ability to hack a satellite broadcast was unsettling. What was compromised: names, email addresses, and passwords. LinkedIn data breach (2012).

Data breaches

Data breaches Passwords Accountability Government

Fixing Data Breaches Part 4: Bug Bounties

Troy Hunt

DECEMBER 20, 2017

When the LinkedIn data breach from 2012 finally surfaced in May 2016, it appeared for sale on a (now defunct) dark web marketplace called The Real Deal. across the internet. Well, I've got bad news for you guys, you're already getting free penetration tests every day anyway, you're just not getting told of the results!

Data breaches

Data breaches Marketing Penetration Testing Government

Dashlane Review 2021: Pricing & Features

eSecurity Planet

JULY 8, 2021

Dashlane is a password management software that’s popular for business and personal uses alike. The company was founded in 2009, and the first software edition was released in 2012. Like many other password managers, Dashlane makes it easy for users to create new passwords and store existing ones in a secure vault.

Password Management

Password Management Passwords Authentication Accountability

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security Affairs

OCTOBER 20, 2018

Although LFI was interesting to grab some sensitive files since XML can’t handle binary data it was not possible to dump the SQLite database to get usernames and passwords. If you are using one of the above devices and they are connected on the WAN, make sure to remove your device from the internet. for the file XXE_CHECK.

Firmware

Firmware IoT VPN Authentication

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

Security Affairs

MAY 16, 2023

MustangPanda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Past campaigns were focused on Asian countries, including Taiwan, Hong Kong, Mongolia, Tibet, and Myanmar.

Firmware

Firmware Encryption Government Malware

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Anyway I was testing this suite when I happened to randomly strike two keys -- I think it was control and B -- and up popped the password manager, displaying all my test passwords in the clear. Thing was, the manager required its own password, which I had not entered; remember, I had hit only two keys. This was a software flaw.

Software

Software Passwords Internet Internet

How to Prevent SQL Injection Attacks

eSecurity Planet

MARCH 10, 2021

Also Read: Apple White Hat Hack Shows Value of Pen Testers . It’s best to assume internet-connected applications are not secure. Therefore encryption and hashing passwords, confidential data, and connection strings are of the utmost importance. . Enforce Best Practices for Account and Password Policies.

Penetration Testing

Penetration Testing Firewall Software Accountability

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices. Covers the Mirai code release and how multiple hacking groups end-up reusing the code.

IoT

IoT DDOS Internet Internet

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It’s about challenging our expectations about people who hack for a living. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It’s about challenging our expectations about people who hack for a living. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

Such a scenario isn’t fantasy; something like this actually existed between 2012 and 2014. It’s about challenging our expectations about people who hack for a living. And those four hundred and ninety six characters probably included recently used encryption keys, passwords, social security numbers, and other PII.

Encryption

Encryption Software Artificial Intelligence Marketing

RedTorch Formed from Ashes of Norse Corp.

Krebs on Security

MARCH 22, 2021

“And Norse’s much-vaunted interactive attack map was indeed some serious eye candy: It purported to track the source and destination of countless Internet attacks in near real-time, and showed what appeared to be multicolored fireballs continuously arcing across the globe.”

Surveillance

Surveillance Computers and Electronics Internet Internet

Russia’s SolarWinds Attack

Schneier on Security

DECEMBER 28, 2020

Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone. Probably.).

Hacking

Hacking Government Internet Internet

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

Troy Hunt

APRIL 15, 2019

I've been involved with a bunch of really poorly implemented "Internet of Things" things in the past that presented serious privacy risks to those who used them. Not to mention the various spyware apps often installed on kids' phones to track them which then subsequently leak their data all over the internet. mSpy leaked data.

Spyware

Spyware Passwords Manufacturing Marketing

WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy

Security Affairs

APRIL 11, 2019

In 2012 a British judge ruled WikiLeaks founder Julian Assange should be extradited to Sweden to face allegations of sexual assault there, but Assange received political asylum from Ecuador and spent the last years in its London embassy. Army, to assist Manning in cracking a password stored on U.S. ” states the US DoJ.

Hacking

Hacking Government Advertising Passwords

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1834 — French Telegraph System — A pair of thieves hack the French Telegraph System and steal financial market information, effectively conducting the world’s first cyberattack. 1870 — Switchboard Hack — A teenager hired as a switchboard operator is able to disconnect and redirect calls and use the line for personal usage. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

The Year Targeted Phishing Went Mainstream

Krebs on Security

AUGUST 2, 2018

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack ).

Phishing

Phishing Scams Passwords Password Management

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Giving a Face to the Malware Proxy Service ‘Faceless’

Trending Sources

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

How to lose your password

Who’s Behind the Botnet-Based Service BHProxies?

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Ask Fitis, the Bear: Real Crooks Sign Their Malware

GAO report reveals new Pentagon weapon systems vulnerable to hack

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Who Is the Network Access Broker ‘Babam’?

NK-linked InkySquid APT leverages IE exploits in recent attacks

Independent Firms Discover 98% of Cybersecurity Vulnerabilities

Hackers Sell Access to Bait-and-Switch Empire

A Deep Dive Into the Residential Proxy Service ‘911’

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Platinum APT group adds the Titanium backdoor to its arsenal

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]

Cell Networks Hacked by (Probable) Nation-State Attackers

Dashlane 2024

How crooks conduct Money Laundering operations through mobile games

Top 10 Data Breaches of All Time

The Hacker Mind Podcast: Car Hacking 0x05

Ten Years Later, New Clues in the Target Breach

Top 10 Data Breaches of All Time

Fixing Data Breaches Part 4: Bug Bounties

Dashlane Review 2021: Pricing & Features

WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

How to Prevent SQL Injection Attacks

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

RedTorch Formed from Ashes of Norse Corp.

Russia’s SolarWinds Attack

How to Track Your Kids (and Other People's Kids) With the TicTocTrack Watch

WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy

Cyber CEO: The History Of Cybercrime, From 1834 To Present

The Year Targeted Phishing Went Mainstream

Stay Connected