2013, Authentication and Hacking - Cyber Security Informer

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. SecurityAffairs – hacking, PGminer). ” reads the analysis published by Palo Alto Networks Unit42.

Hacking

Hacking Cryptocurrency Authentication Passwords

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. ” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

Hacking

Hacking Passwords Internet Internet

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Security Affairs

NOVEMBER 20, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. It's perhaps just Exchange 2013 that requires a tweak. Can confirm. Pierluigi Paganini.

Authentication

Authentication Hacking Cybersecurity Information Security

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. An example seller’s panel at deer.io. Click image to enlarge.

Accountability

Accountability Advertising Hacking Cybercrime

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Pentester Academy

MARCH 23, 2023

Lab Walkthrough — Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809] In our lab walkthrough series, we go through selected lab exercises on our INE Platform. Also, to access the upgrade.txt file, we do not need any authentication. This is extremely similar to CVE-2013–3630, just using a different variable. and 3.8.0.

Authentication

Authentication Mobile Passwords Penetration Testing

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” It also provides an authenticated inter-process communication mechanism.

Authentication

Authentication Malware Advertising Hacking

CISA urges to fix actively exploited Firefox zero-days by March 21

Security Affairs

MARCH 8, 2022

SecurityAffairs – hacking, SIM swapping). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post CISA urges to fix actively exploited Firefox zero-days by March 21 appeared first on Security Affairs.

Authentication

Authentication Hacking Cybersecurity Risk

New Russia Malware targets firewall appliances

CyberSecurity Insiders

FEBRUARY 23, 2022

A new malware developed by Sandworm hacking group has targeted appliances that are fire walled and reports are in that the military intelligence of the Russian Federation developed the malicious software. According to a report released by Cisco Talos, over 1 billion malware programs have been tested and discovered to date- since 2013.

Firewall

Firewall Malware IoT Software

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a In December 2023, KrebsOnSecurity published new details about the identity of “Rescator,” a Russian cybercriminal who is thought to be closely connected to the 2013 data breach at Target.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks

SC Magazine

MARCH 2, 2021

On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access. Microsoft was quick to caution that this hacking is unrelated to Solarigate.

Media

Media Authentication Education Hacking

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Security Affairs

OCTOBER 1, 2022

The IT giant has promptly started the investigation into the two zero-day vulnerabilities that impacts Microsoft Exchange Server 2013, 2016, and 2019. Successful exploitation of the CVE-2022-41040 can allow an authenticated attacker to remotely trigger CVE-2022-41082. . SecurityAffairs – hacking, Microsoft Exchange).

Authentication

Authentication Hacking Cybersecurity Risk

Data belonging 44 Million Pakistani mobile users leaked online

Security Affairs

MAY 6, 2020

It seems that the huge trove of data was the result of a data breach that took place in 2017, the oldest entries are dated back as 2013. – Database apparently got hacked in 2017. SecurityAffairs – Pakistani mobile users, hacking). pic.twitter.com/xjpg6EvpDE — Under the Breach (@underthebreach) May 5, 2020.

Mobile

Mobile Telecommunications Data breaches Advertising

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

Security Affairs

SEPTEMBER 30, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Advertising

Advertising Authentication Hacking Accountability

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said.

Accountability

Accountability Passwords Authentication Password Management

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data.

Cybercrime

Cybercrime Advertising Hacking Accountability

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

Security Affairs

DECEMBER 21, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Ransomware

Ransomware Authentication Hacking Cybercrime

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. SecurityAffairs – hacking, SonicWall). The affected end-of-life devices with 8.x 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? But, unfortunately, we live in a world of constant hacking attempts and security breaches. Use multi-factor authentication. We celebrated World Password Day on May 6, 2021.

Passwords

Passwords Password Management Accountability Authentication

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Problem is, MAC addresses are not great for authentication.

IoT

IoT Hacking Internet Internet

Data of more than 2M Toyota customers exposed in ten years-long data breach

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023.

Data breaches

Data breaches Authentication Internet Internet

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. The Russian man also advertised the platform on other hacking forums. platform since October 2013. “The stores were offering for sale a variety hacked and/or compromised U.S.

Accountability

Accountability Advertising Passwords Hacking

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

JANUARY 25, 2019

“Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. Mollema demonstrated that it’s possible to transfer automatic Windows authentication by connecting a machine on the network to a machine under the control of the attacker.

Authentication

Authentication Advertising Passwords Hacking

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment

Security Affairs

JANUARY 6, 2023

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. . SecurityAffairs – hacking, Rackspace). Pierluigi Paganini.

Ransomware

Ransomware Data breaches Authentication Hacking

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013-6117. The CVE-2013-6117 was discovered by the security expert Jake Reynolds and affects Dahua DVR 2.608.0000.0

IoT

IoT Engineering Passwords Firmware

The Origins and History of the Dark Web

Identity IQ

FEBRUARY 8, 2024

But the dark web is also associated with illegal activities including the trafficking of drugs, weapons, and illegal pornography, hacking and cybercrime, terrorism, and the sale of stolen data or personal information. From 2011 to 2013, the Silk Road hosted 1.2 The FBI shut down the Silk Road in October 2013. billion in value.

Identity Theft

Identity Theft Cryptocurrency Government Engineering

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control.

Advertising

Advertising Authentication Internet Internet

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

Security Affairs

MARCH 8, 2021

The first zero-day, tracked as CVE-2021-26855 , is a server-side request forgery (SSRF) vulnerability in Exchange that could be exploited by an attacker to authenticate as the Exchange server by sending arbitrary HTTP requests. The last flaw, tracked as CVE-2021-27065 , is a post-authentication arbitrary file write vulnerability in Exchange.

Authentication

Authentication Malware Accountability Hacking

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

The claims come in a lawsuit filed this week in Los Angeles on behalf of Michael Terpin , who co-founded the first angel investor group for bitcoin enthusiasts in 2013. According to Terpin, this was the second time in six months someone had hacked his AT&T number. On June 11, 2017, Terpin’s phone went dead.

Mobile

Mobile Cryptocurrency Accountability Authentication

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Security Affairs

OCTOBER 2, 2019

If you installed a Zendesk Marketplace or private app prior to November 1, 2016 that saved authentication credentials such as API keys or passwords during installation, we recommend that you rotate all credentials for the respective app. This isn’t the first security breach suffered by Zendesk, the company was already breached in 2013.

Data breaches

Data breaches Passwords Authentication Accountability

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

In this phase of the project that started in 2013 ( SOHOpelessly Broken 1.0 ) , the researchers assessed the security of 13 SOHO router and NAS devices and found a total of 125 new vulnerabilities. . SecurityAffairs – SOHOpelessly Broken , hacking). The research is part of a project dubbed SOHOpelessly Broken 2.0 Pierluigi Paganini.

Manufacturing

Manufacturing IoT Advertising Authentication

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

The company’s data also claims that 64 per cent of companies have experienced social media-related incidents like hacking and fraud. Another risk is social media hacking. Tip 5: Enable multi-factor authentication If you’re using a social media management platform for posting. One day later, the same thing happened to Jeep.

Media

Media Accountability Authentication Passwords

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

The Last Watchdog

MAY 15, 2021

Reacting to the disclosure of this momentous supply-chain hack , many of the breached organizations were able to deploy advanced tools and tactics to swiftly root out Sunburst and get better prepared to repel any copycat attacks. The SolarWinds hack provided a chance to assess how far SOAR technology has come.

Technology

Technology Hacking CISO Threat Detection

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . Other videos demonstrate that the hackers of the APT35 group were not attempting to validate credentials against sites that were set up with multifactor authentication.

Advertising

Advertising Media Authentication Hacking

CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

Security Affairs

FEBRUARY 16, 2022

out of 10, it is classified as a pre-authentication issue which means that it could be exploited without credentials. SecurityAffairs – hacking, CISA). The CVE-2022-24086 has received a CVSS score of 9.8 The vulnerability affects Adobe Commerce and Magento Open Source versions 2.4.3-p1/2.3.7-p2. Pierluigi Paganini.

Risk

Risk Engineering Authentication Hacking

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

Dubner said all customers are required to use multi-factor authentication, and that everyone applying for access to its services undergoes a rigorous vetting process. Hacked or ill-gotten accounts at consumer data brokers have fueled ID theft and identity theft services of various sorts for years.

Accountability

Accountability Identity Theft Hacking Insurance

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . Microsoft notified all the impacted users about the hacks and provided supports to the victims to secure their accounts. SecurityAffairs – Iran, hacking).

Accountability

Accountability Passwords Advertising Government

Security gaps in operational tech exposed with hacker attempt to poison Florida city water

SC Magazine

FEBRUARY 8, 2021

This offers additional vulnerabilities as more and more operational technology environments are allowing access to their ICS systems from the internet,” continued Berglas, who, as former FBI assistant special agent in charge of cyber investigated the 2013 compromise of the Bowman Avenue Dam in Rye Brook by Iranian hackers.

CISO

CISO Internet Internet Media

Thrangrycat flaw could allow compromising millions of Cisco devices

Security Affairs

MAY 14, 2019

“ A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component.” ” reads the advisory published by Cisco.

Firmware

Firmware Authentication Software Advertising

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains. Guilmette told KrebsOnSecurity he initially considered the possibility that GoDaddy had been hacked, or that thousands of the registrar’s customers perhaps had their GoDaddy usernames and passwords stolen.

DNS

DNS Internet Internet Computers and Electronics

350 million decrypted email addresses left exposed on an unsecured server

Security Affairs

AUGUST 27, 2020

Screenshot from the latest forum discussion about RepWatch in 2013: The CSV files appear to have included the same set of 350 million unique emails, separated into three groups: hashed, hashed and salted, and unencrypted files. Enable two-factor authentication (2FA) for as many of your online accounts as possible. Pierluigi Paganini.

Social Engineering

Social Engineering Passwords Marketing Phishing

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. Ditto for a case the FTC brought in 2005.

Marketing

Marketing Advertising Scams Telecommunications

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Webinars

Trending Sources

Microsoft: Two New 0-Day Flaws in Exchange Server

Webinars

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Ukraine Nabs Suspect in 773M Password ?Megabreach?

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Microsoft recommends Exchange admins to disable the SMBv1 protocol

CISA urges to fix actively exploited Firefox zero-days by March 21

New Russia Malware targets firewall appliances

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks

Microsoft confirms Exchange zero-day flaws actively exploited in the wild

Data belonging 44 Million Pakistani mobile users leaked online

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

Experian, You Have Some Explaining to Do

FBI shuts down the Russian-based hacker platform DEER.IO

Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Data of more than 2M Toyota customers exposed in ten years-long data breach

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

The Origins and History of the Dark Web

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs

Hanging Up on Mobile in the Name of Security

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

How to Secure Your Business Social Media Accounts

RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security gaps in operational tech exposed with hacker attempt to poison Florida city water

Thrangrycat flaw could allow compromising millions of Cisco devices

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

350 million decrypted email addresses left exposed on an unsecured server

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Stay Connected