Security Affairs

JANUARY 10, 2022

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. The threat actors exploit a vulnerability, tracked as CVE-2013-3900, that was discovered and fixed in 2013 but in 2014 Microsoft revised the fix. SecurityAffairs – hacking, Zloader).

Malware 132

Malware Banking Software Cybercrime 132

Security Affairs

JUNE 29, 2023

As a result of the attack, the criminals gained access to e-mail addresses, telephone numbers and the content of messages collected on accounts,” reads a statement published by the company. “It’s not clear who is behind the LetMeSpy hack or their motives. A copy of the hacked database also appeared online later the same day.”

Data breaches 76

Data breaches Spyware Hacking Accountability 76

Security Affairs

JUNE 17, 2023

Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. user accounts, 76 thousand.

DDOS 85

DDOS Computers and Electronics Cybercrime Cryptocurrency 85

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. The Russian man also advertised the platform on other hacking forums. platform since October 2013. “The stores were offering for sale a variety hacked and/or compromised U.S.

Accountability 110

Accountability Advertising Passwords Hacking 110

Security Affairs

MARCH 26, 2020

was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” The Russian man also advertised the platform on other hacking forums.

Cybercrime 113

Cybercrime Advertising Hacking Accountability 113

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. SecurityAffairs – hacking, cyberespionage). Abouammo was arrested by the FBI in November 2019 in Seattle. Pierluigi Paganini.

Government 111

Government Accountability Media Marketing 111

Security Affairs

MAY 8, 2023

Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with an attachment in the form of a ZIP archive. CERT-UA attributed the campaign to the financially motivated threat actor UAC-0006 which has been active since at least 2013.

Malware 92

Malware Phishing VPN Accountability 92

Security Affairs

APRIL 29, 2020

Matthew Keys, a former Reuters journalist, who was sentenced to 2 years in prison for hacking attacks on California media is now charged with an attack on a magazine. Keys was accused of providing Anonymous login credentials that allowed the group to deface access and deface the website of the Los Angeles Times in 2013.

Hacking 91

Hacking Advertising Accountability Media 91

eSecurity Planet

JUNE 3, 2021

Mandia will become CEO of Mandiant, the company he founded in 2004 and sold to FireEye in late 2013. FireEye and Mandiant have seen their reputation climb in recent months with rapid detection of the SolarWinds hack , among other high-profile cyber attacks.

Cyber Attacks 70

Cyber Attacks Marketing Accountability Technology 70

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. I started doubting my own security procedures. Reading about the NSA’s hacking abilities will do that to you. Probably not.

Surveillance 311

Surveillance Computers and Electronics Encryption Government 311

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ. .”

DDOS 95

DDOS Computers and Electronics Advertising Internet 95

Security Affairs

DECEMBER 16, 2022

.” In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The man opened a bank account in the name of his father in Lebanon and used it to receive $200,000 in two transfers.

Government 94

Government Accountability Banking Media 94

Security Affairs

APRIL 23, 2020

A security expert uncovered an old APT operation, tracked Nazar, by analyzing the NSA hacking tools included in the dump leaked by Shadow Brokers in 2017. The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013.

Hacking 105

Hacking Advertising Malware Engineering 105

Security Affairs

APRIL 1, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Spyware 80

Spyware Surveillance Mobile Education 80

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware 110

Firmware Ransomware Passwords Mobile 110

Security Affairs

NOVEMBER 22, 2022

” The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland. SecurityAffairs – hacking, cryptocurrency fraud scheme). Victims paid more than $575 million to Potapenko and Turõgin’s companies.”

Cryptocurrency 85

Cryptocurrency Banking Marketing Hacking 85

Security Affairs

DECEMBER 16, 2020

. “The types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.” These sites advertise account IDs for secure messaging apps such as KakaoTalk or Telegram that could allow to communicate with the escorts. Pierluigi Paganini.

Spyware 112

Spyware Mobile Surveillance Malware 112

Security Affairs

MARCH 28, 2023

million) were provided before 2013. million records include some, but not all of the following personal information: name, address, telephone, and date of birth. “We urge all our customers to be vigilant and on the look-out for suspicious behaviour relating to their accounts. 94% of these records (5.7

Data breaches 88

Data breaches Financial Services Passwords Hacking 88

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . “The targeted accounts are associated with a U.S. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft.

Accountability 75

Accountability Passwords Advertising Government 75

Security Affairs

JUNE 3, 2023

Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. At the end of October 2020, the US-CERT published a report on Kimusky’s recent activities that provided information on their TTPs and infrastructure.

Social Engineering 89

Social Engineering Phishing System Administration Engineering 89

Security Affairs

JUNE 22, 2023

According to the security measure, any repository with more than 100 clones at the time its user account is renamed is considered “retired” and cannot be used by others. They were founded in 2013, launched their app in 2016 under this name, and acquired by Google on 2018)” continues the report.

Hacking 84

Hacking Accountability Risk Information Security 84

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million for the settlement of 3 billion hacked accounts. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”.

Data breaches 74

Data breaches Small Business Advertising Cryptocurrency 74

Security Affairs

MAY 2, 2022

In 2013 Group-IB was licensed by the Russian FSB, required to process state-secret data. Meanwhile, the company has recovered Sachkov’s SIM card and continues to manage his social media accounts. SecurityAffairs – hacking, Group-IB). Government. The license was issued by the Moscow FSB Department with registration number “?? ?

Government 96

Government Cybersecurity Technology Cyber Attacks 96

Security Affairs

MAY 24, 2023

The 110th Research Center conducted cyber campaigns targeting networks worldwide, in 2013 it carried out a hacking campaign, tracked as DarkSeoul , which destroyed thousands of systems of organizations in the financial sector. correspondent or payable-through account sanctions.” ” continues the announcement.

Government 81

Government Cryptocurrency Media Technology 81

Security Affairs

APRIL 28, 2020

OceanLotus APT (also known as APT32 or Cobalt Kitty ) has been active since at least 2013, it is a state-sponsored hacking group that targeted organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. SecurityAffairs – PhantomLance, hacking). Pierluigi Paganini.

Malware 106

Malware Advertising Spyware Marketing 106

Security Affairs

OCTOBER 2, 2019

Today the company published a security notice to disclose the incident. “We recently were alerted by a third party regarding a security matter that may have affected the Zendesk Support and Chat products and customer accounts of those products activated prior to November of 2016.” ” reads the security notice.

Data breaches 77

Data breaches Passwords Authentication Accountability 77

Security Affairs

MARCH 8, 2021

Early this month, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. SecurityAffairs – hacking, Microsoft Exchange).

Authentication 107

Authentication Malware Accountability Hacking 107

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Enable two-factor authentication (2FA) for as many of your online accounts as possible. Pierluigi Paganini.

Social Engineering 122

Social Engineering Passwords Marketing Phishing 122

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities 122

Energy and Utilities Ransomware Banking Hacking 122

Security Affairs

JANUARY 29, 2020

27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S.” SecurityAffairs – Wawa data bre ach, hacking). . “On the evening of Monday, Jan.

Data breaches 109

Data breaches Advertising Retail Malware 109

Security Affairs

FEBRUARY 6, 2022

The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. The Ukrainian government has publicly attributed this group to the Russian Federal Security Service (FSB).” SecurityAffairs – hacking, Gamaredon). Pierluigi Paganini.

Government 82

Government Phishing Malware Hacking 82

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data privacy 145

Data privacy Encryption Data breaches Insurance 145

Security Affairs

JULY 17, 2020

contacts, images, and files) from various online accounts associated cloud storage services. Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . SecurityAffairs – hacking, APT35). Pierluigi Paganini.

Advertising 88

Advertising Media Authentication Hacking 88

Security Affairs

JUNE 5, 2019

The Australian National University suffered a vast hack carried out by a “sophisticated operator” who gained access to 19 years of sensitive data. The Australian National University was the victim of a vast hack carried out by a “sophisticated operator” who gained access to 19 years of sensitive data.

Hacking 67

Hacking Cyber Attacks Advertising Government 67

Security Affairs

FEBRUARY 16, 2022

This week, Adobe rolled out security updates to address a critical security vulnerability , tracked as CVE-2022-24086 , affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. SecurityAffairs – hacking, CISA). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Risk 80

Risk Engineering Authentication Hacking 80

Security Affairs

JULY 9, 2019

Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. Regarding files in the affected unemployment insurance service database, they are dated back from 2013 and contained first names, last names, and social security numbers.

Data breaches 73

Data breaches Insurance Advertising Technology 73

Security Affairs

MAY 17, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. A recent article warns, “TeamViewer users have had their bank accounts emptied by hackers gaining full-system access”. SecurityAffairs – TeamViewer, hacking). ” wrote the company. .

Advertising 91

Advertising Architecture Software Banking 91