2012 and Information Security - Cyber Security Informer

Horde Webmail Software is affected by a dangerous bug since 2012

Security Affairs

FEBRUARY 23, 2022

The bug affects all the versions since the commit that took place on 30 Nov 2012. The post Horde Webmail Software is affected by a dangerous bug since 2012 appeared first on Security Affairs. The issue can be triggered by previewing a specially crafted OpenOffice document to execute a malicious JavaScript payload.

Software

Software Accountability Government Hacking

Tinder achieves certification in Information Security Management System

CyberSecurity Insiders

FEBRUARY 28, 2021

Tinder, the most popular dating app among millennials has achieved for the first time a certification in Information Security Management System that endorses that the user data on the company servers remains well protected from all kinds of cyber threats. million pay subscribers till the end of 2019.

Information Security

Information Security Data privacy Scams Cyber threats

Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012

Security Affairs

OCTOBER 9, 2019

The post Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012 appeared first on Security Affairs. . ~ Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – iTerms2, hacking).

Advertising

Advertising Hacking Cybersecurity Information Security

Microsoft rolled out emergency updates to fix Windows Server auth failures

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication

Authentication Hacking Information Security

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

They also used Bitcoin addresses associated with their accounts on two other Bitcoin exchanges The two Russian nations also used a Bitcoin brokerage service known as the New York Bitcoin Broker to transfer large amounts of funds to overseas bank accounts between March 2012 and April 2013 under the guise of an advertising services contract.

Hacking

Hacking Cryptocurrency Advertising Banking

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 and Windows Server 2012 R2 systems. Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access.

Advertising

Advertising Hacking Information Security Malware

Why the BISO May Be the Utility Player Your Org Needs Now

Security Boulevard

MARCH 10, 2021

Back in 2012, Security Innovation wrote about what – at the time – was a relatively new C-Level role dubbed Chief Information Security Officer. The post Why the BISO May Be the Utility Player Your Org Needs Now appeared first on Security Boulevard.

Information Security

Information Security Network Security

How to Speak Information Security to Executives: A CSO Perspective

NopSec

DECEMBER 9, 2015

According to recent research over 60 percent of survey participants stated their executives are only “somewhat” or “not at all” informed about the information security risk and threats their organizations face. Back in 2012, General Keith Alexander(Ret.) ” What does this mean to CEOs?

Information Security

Information Security CSO Risk Insurance

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Security Affairs

JULY 10, 2022

According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). The researchers tested a remote keyless entry system (RKE) that allows to remotely unlock or start a vehicle and discovered the Rolling-PWN attack issue. Therefore, those commands can be used later to unlock the car at will.”

Firmware

Firmware Marketing Engineering Hacking

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents.

Spyware

Spyware Malware Architecture Encryption

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Hacking

Hacking Cybercrime Data breaches Advertising

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Windows Server 2012: If the command returns false, SMBv1 is not enabled. Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled. Windows Server 2012: Set-SmbServerConfiguration -EnableSMB1Protocol $false -force. Get-SmbServerConfiguration | Select EnableSMB1Protocol. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Malware Advertising Hacking

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

When the victim clicks on a link that appears to be legitimate, they’re redirected to the attacker’s website, where malicious JavaScript is executed in the client’s browser or where they are prompted to enter sensitive information. All attackers need to do is modify the URL value to redirect to a malicious site.

Phishing

Phishing Manufacturing Firewall Cybercrime

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . A threat actor that goes online with the name “integra” has deposited 26.99

Cybercrime

Cybercrime Malware Hacking Information Security

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. .” Microsoft also patched five critical bugs — flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.

Backups

Backups Cyber threats Ransomware Phishing

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

Japan Suffered Record Number of Privacy and Security Violations in 2020

Hot for Security

FEBRUARY 23, 2021

Credit reporting agency Tokyo Shoko Research (TSR), which compiled the data, says the number is the highest since it began collecting it in 2012, reported the Japan Times. Personal information on a total of 25.15 As many as 30% of the incidents occurred simply because someone sent an email by mistake.

Accountability

Accountability Information Security Malware Data breaches

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” reads a press release published by DoJ. ’ (aka Dragonfly , Berzerk Bear, Energetic Bear, and Crouching Yeti ).

Government

Government Energy and Utilities Malware Hacking

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. Past campaigns were focused on Asian countries, including Taiwan, Hong Kong, Mongolia, Tibet, and Myanmar.

Malware

Malware Phishing Government Passwords

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking

Banking Malware Hacking Information Security

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” The company did not disclose details of the attack, however the decision to shut down the IT systems suggests it was the victim of a ransomware attack.

Cyber Attacks

Cyber Attacks Ransomware Engineering Banking

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware

Ransomware Hacking Software Risk

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million September 2012 Bukalapak.com 13 million February 2018 Bookmate.com 8 million July 2018 ReverbNation.com 7.9

Data breaches

Data breaches Advertising Passwords Hacking

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Security Affairs

DECEMBER 6, 2022

Curry and his team also discovered a vulnerability affecting Hyundai and Genesis vehicles that can be exploited to remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.

Hacking

Hacking Engineering Mobile Internet

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Security Affairs

JULY 25, 2022

“From 1 December 2012 the Revenue Agency incorporated the Territory Agency (article 23-quater of Legislative Decree 95/2012).” The bodies of the Agency are made up of the Director, the Management Committee, the Board of Auditors.” ” reads the message published on the leak site.

Ransomware

Ransomware Government Scams Hacking

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Windows Server 2012 R2: KB5010794 Windows Server 2012: KB5010797. Emergency out-of-band (OOB) updates through Windows Update are optional updates and have to be manually installed. Below are the updates can only be downloaded through the Microsoft Update Catalog: Windows 8.1,

VPN

VPN Media Hacking Information Security

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.]com, com and its alleged administrator, a Croatian national.

Malware

Malware Cybercrime Data breaches Internet

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

NOVEMBER 24, 2020

Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software.

Adware

Adware Malware Hacking Software

‘Justice Blade’ Hackers are Targeting Saudi Arabia

Security Affairs

NOVEMBER 7, 2022

In 2012 AL Khaleej group was Listed in Forbes Middle East 2012 as one of the top most powerful 100 companies in the GCC region. . . “Justice Blade” seems to be an ideologically motivated group targeting Saudi Arabia – with published photos of government officials on their website for data leak publication.

Government

Government Accountability Data breaches Hacking

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Advertising

Advertising Firewall Education Engineering

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763).

Hacking

Hacking Malware Government Technology

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

In 2012, the US government added Shevlyakov to Entity List, a ban list for procuring and delivering export-restricted items to Russia. electronics manufacturers and distributors between approximately October 2012 and January 2022. The man circumvented the ban using false names and a network of front companies.

Computers and Electronics

Computers and Electronics Hacking Penetration Testing Manufacturing

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

In 2012 a British judge ruled WikiLeaks founder Julian Assange should be extradited to Sweden to face allegations of sexual assault there, but Assange received political asylum from Ecuador and spent the last years in its London embassy.

Government

Government Risk Passwords Hacking

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

In 2012, LinkedIn was hit with a breach and more than 6.5 Peace, the same Russian hacker responsible for the Myspace data breach, put the stolen LinkedIn data from 2012 up for sale on the dark web. With an average of 400 million active monthly users , it makes sense why LinkedIn would be the target of a data breach. million estimated.

Data breaches

Data breaches Media Passwords Accountability

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

Skynet was first discovered in 2012 and has since grown to become one of the largest botnets in the world. This week the group hit OpenAI, which confirmed that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack.

DDOS

DDOS Cryptocurrency Accountability Media

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew. On October 2022, Swiss police arrested Penchukov in Geneva, also known as Tank, which is one of the leaders of the JabberZeus cybercrime group.

Malware

Malware Cybercrime Banking Hacking

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

Fahd was the mind behind a criminal scheme that begun in 2012 and that caused more than $200 million in losses to the company, according to DoJ, he continued his activity even after he became aware that law enforcement was investigating. ” reads the press release published by DoJ.

Hacking

Hacking Malware Cybercrime Information Security

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. Acting Attorney General Michelle Henry added, "The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes."

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Data provided in the reports are disconcerting, British telecommunications firms supported GCHQ in collecting a large volume of internet data from undersea cables, the overall amount of information from 2007 to 2012 registered a 7,000-fold increase, meanwhile, the spying system monitored nearly 46 billion private communications “events” every day.

Wireless

Wireless Surveillance Telecommunications Advertising

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Data breaches

Data breaches DNS Advertising Engineering

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”.

Engineering

Engineering Data breaches Ransomware Banking

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11. Atom, Comodo Dragon, Torch, Comodo, Slimjet, 360Browser, 360 Secure Browser, Maxthon3, Maxthon5, Maxthon, QQBrowser, K-Meleon, Xpom, Lenovo Browser, Xvast, Go!

Password Management

Password Management Cryptocurrency Passwords Authentication

The head of the Federal Cyber Security Authority (BSI) faces dismissal

Security Affairs

OCTOBER 10, 2022

According to an investigation conducted by broadcaster ZDF, Schoenbohm was in contact with Russia through an association that he co-founded in 2012, the Cyber Security Council of Germany. The news was reported by German media on Sunday, citing government sources.

Government

Government Cyber Attacks Media Hacking

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development.

Data breaches

Data breaches Technology Software Accountability

Horde Webmail Software is affected by a dangerous bug since 2012

Tinder achieves certification in Information Security Management System

Trending Sources

Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012

Microsoft rolled out emergency updates to fix Windows Server auth failures

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Why the BISO May Be the Utility Player Your Org Needs Now

How to Speak Information Security to Executives: A CSO Perspective

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Don’t trust links with known domains: BMW affected by redirect vulnerability

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Microsoft Patches Six Zero-Day Security Holes

A critical flaw in industrial automation systems opens to remote hack

Japan Suffered Record Number of Privacy and Security Violations in 2020

US indicted 4 Russian government employees for attacks on critical infrastructure

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Colombian authorities arrested hacker behind the Gozi Virus

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Threat actors are offering for sale 550 million stolen user records

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Lockbit ransomware gang claims to have breached the Italian Revenue Agency

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

A new Stantinko Bot masqueraded as httpd targeting Linux servers

‘Justice Blade’ Hackers are Targeting Saudi Arabia

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

British Court rejects the US’s request to extradite Julian Assange

Cybercriminals are Oversharing with Social Media Data Breaches

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

DNA testing company fined after customer data theft

Russian spies are attempting to tap transatlantic undersea cables

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

German industrial giant ThyssenKrupp targeted in a new cyberattack

New Version of Meduza Stealer Released in Dark Web

The head of the Federal Cyber Security Authority (BSI) faces dismissal

Data Enrichment, People Data Labs and Another 622M Email Addresses

Stay Connected