2013, Hacking, Information Security and Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

The security breach took place on on May 14, and the institute discovered it only on May 31, then the research institute reported the incident to the government and launched an investigation. The investigation into the intrusion revealed the involvement of 13 internet addresses including one traced to the Kimsuky APt group.

Hacking

Hacking VPN Internet Internet

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

Security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki’s involvement. By that time, Kivimäki was no longer in Finland, but the Finnish government nevertheless charged Kivimäki in absentia with the Vastaamo hack.

Cybercrime

Cybercrime Hacking Data breaches Banking

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Reading about the NSA’s hacking abilities will do that to you. Could agents take control of my computer over the Internet if they wanted to?

Surveillance

Surveillance Computers and Electronics Encryption Government

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Security Affairs

NOVEMBER 23, 2023

. “Otherwise, the software attempts to contact one of three URLs to download the second-stage payload embedded inside a file masquerading as a PNG file using the static User-Agent ‘Microsoft Internet Explorer’: hxxps[:]//i.stack.imgur[.]com/NDTUM.png com/NDTUM.png hxxps[:]//www.webville[.]net/images/CL202966126.png

Software

Software Malware Media Internet

Hacker who disrupted Sony gaming gets a 27-months jail sentence

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ. .”

DDOS

DDOS Computers and Electronics Advertising Internet

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Spyware

Spyware Surveillance Mobile Education

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” The Russian man also advertised the platform on other hacking forums.

Cybercrime

Cybercrime Advertising Hacking Accountability

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

” The DiDW Darknet marketplace first appeared on the threat landscape in 2013. The accused is suspected of operating a criminal trading platform on the Internet in accordance with Section 127 of the Criminal Code.” SecurityAffairs – hacking, Deutschland im Deep Web). ” continues the announcement.

Marketing

Marketing Cybercrime Mobile Internet

Data of more than 2M Toyota customers exposed in ten years-long data breach

Security Affairs

MAY 13, 2023

A data breach disclosed by Toyota Motor Corporation exposed info of more than 2 million customers for ten years Toyota Motor Corporation disclosed a data breach that exposed the car-location information of 2,150,000 customers between November 6, 2013, and April 17, 2023. ” continues the notice.

Data breaches

Data breaches Authentication Internet Internet

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 SecurityAffairs – hacking, BotenaGo). Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. For bored and smart teenagers, this was the perfect way to learn how to hack. It’s about challenging our expectations about people who hack for a living.

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. One of those interests that took off was computer security. For bored and smart teenagers, this was the perfect way to learn how to hack. It’s about challenging our expectations about people who hack for a living.

Media

Media Hacking InfoSec Marketing

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

Follow me on Twitter: @securityaffairs Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, zero-day) The post In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues appeared first on Security Affairs.

Firewall

Firewall Software Hacking Internet

Security gaps in operational tech exposed with hacker attempt to poison Florida city water

SC Magazine

FEBRUARY 8, 2021

Austin Berglas, global head of professional services at BlueVoyant, agreed that water facilities’ ICS and SCADA systems are “outdated, unpatched, and available for review on the internet, leaving them incredibly vulnerable to compromise.”. “In But enabling that access in the absence of security requirements invites these types of episodes.

CISO

CISO Internet Internet Media

Microsoft issues an out-of-band update to address SharePoint information disclosure flaw

Security Affairs

DECEMBER 19, 2019

The CVE-2019-1491 flaw affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2010 SP2 and 2013 SP1 and Microsoft SharePoint Server 2019. SecurityAffairs – SharePoint, hacking). The flaw was reported by Saif ElSherei from the Microsoft Research Center’s Vulnerabilities and Mitigations Team.

Advertising

Advertising Internet Internet Hacking

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

ForAllSecure

SEPTEMBER 10, 2021

Learn how even someone mid career in security can play on their own, and even fill in gaps on their own learning, all year round. Vamosi: Welcome to the hacker mind, and original podcast from for all secure, it's about challenging our expectations about the people who hack for a living. And they attack the problem differently.

Hacking

Hacking Education InfoSec Engineering

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. “How many of these are vulnerable?

Advertising

Advertising Authentication Internet Internet

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. Despite the Cable & Wireless bought by Vodafone in July 2012, the Nigella surveillance access point remained active as of April 2013. Source [link].

Wireless

Wireless Surveillance Telecommunications Advertising

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. conducted Independent Security Evaluators (ISE). Internet-connected embedded devices are often placed into a broader category referred to as IoT devices.

Manufacturing

Manufacturing IoT Advertising Authentication

CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

Security Affairs

FEBRUARY 16, 2022

This week, Adobe rolled out security updates to address a critical security vulnerability , tracked as CVE-2022-24086 , affecting its Commerce and Magento Open Source products that is being actively exploited in the wild. SecurityAffairs – hacking, CISA). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Risk

Risk Engineering Authentication Hacking

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. ” continues the Department. . .

Data breaches

Data breaches Insurance Advertising Technology

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 13, 2020

Turns out, there’s something similar within the hacking community. It’s about challenging our expectations about people who hack for a living. Stok: In the early 90s, when everyone was just not having the internet, that's kind of where I started my journey. Mind you, this was pre-internet as we know it today.

Hacking

Hacking InfoSec Internet Internet

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

Turns out, there’s something similar within the hacking community. It’s about challenging our expectations about people who hack for a living. Stok: In the early 90s, when everyone was just not having the internet, that's kind of where I started my journey. Mind you, this was pre-internet as we know it today.

Hacking

Hacking InfoSec Internet Internet

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

Turns out, there’s something similar within the hacking community. It’s about challenging our expectations about people who hack for a living. Stok: In the early 90s, when everyone was just not having the internet, that's kind of where I started my journey. Mind you, this was pre-internet as we know it today.

Hacking

Hacking InfoSec Internet Internet

Anti-Debugging Techniques from a Complex Visual Basic Packer

Security Affairs

JULY 17, 2019

It has been in continuous development at least since 2013 and the malware authors behind Hawkeye have improved the malware service adding new capabilities and techniques. At this point the malware can start the information stealing routines. Figure 20: Password retrieving routine from Internet Explorer.

Spyware

Spyware Malware Passwords Accountability

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious activities. In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices.

Internet

Internet Internet Firmware Hacking

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Meanwhile, the advanced hacking collectives invest in innovation and press forward. However, the operational imperatives in today’s world of internet-centric commerce often boil down to survival math, especially for SMBs. Here’s a timeline of recent ransomware advances: •2013-2014. The median was $10,310.

Ransomware

Ransomware Internet Internet Hacking

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Security Affairs

MAY 12, 2021

As with many inventions of the 20th century, the internet has drastically changed using the phone. Once a vital necessity in every building, PBX boxes are driven towards extinction by devices supporting Voice over Internet Protocol (VoIP). However, as with everything connected to the internet, beware of vulnerabilities.

Manufacturing

Manufacturing Internet Internet Firmware

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Security Affairs

SEPTEMBER 11, 2023

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., using a new backdoor appeared first on Security Affairs.

Internet

Internet Internet Healthcare Education

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Security Affairs

AUGUST 31, 2022

TA423 is a China-linked cyber espionage group that has been active since 2013, it focuses on political events in the Asia-Pacific region, specifically on the South China Sea. SecurityAffairs – hacking, ScanBox). The researchers attribute the campaign to the China-linked APT group tracked as TA423 /Red Ladon. In June 2021, the U.S.

Energy and Utilities

Energy and Utilities Manufacturing Government Media

Australian man charged with creating and selling the Imminent Monitor spyware

Security Affairs

AUGUST 1, 2022

The man created the malicious code, a remote access trojan (RAT), when he was 15 years old, and maintained its infrastructure from 2013 to 2019. The Imminent Monitor RAT is a hacking tool that allows threat actors to remotely control the victim’s computers. SecurityAffairs – hacking, Imminent Monitor ). Pierluigi Paganini.

Spyware

Spyware Malware Cybercrime Hacking

The Challenges Facing the Passwordless Future

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. On the other hand, while passkeys may do much to stop email phishing , as biometrics won’t be an easy target, cyber criminals can turn to other malware to remotely hack and unlock a phone.

Passwords

Passwords Password Management Authentication Technology

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Wednesday 13th, March 2013, 10 years ago, Kali Linux v1.0 A fresh start in March 2013. Domain The team knew how much BackTrack was growing in popularity, and as they did not switch the project name when using Ubuntu, it was time to create its own place on the Internet. BackTrack Linux became Kali Linux in March 2013.

InfoSec

InfoSec Penetration Testing Architecture Software

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

IoT devices include wearable devices, coffee makers, sensors, and cameras, all of which connect to the Internet. He graduated from University College Dublin in 2013 with a degree in actuarial science, however, he followed his passion for writing and became a freelance writer in 2016. SecurityAffairs – hacking, attack vectors).

IoT

IoT Phishing Passwords Scams

Denmark intel helped US NSA to spy on European politicians

Security Affairs

MAY 31, 2021

Danish Defense Intelligence Service (Danish: Forsvarets Efterretningstjeneste, FE) allowed the US National Security Agency (NSA) to tap into a primary internet and telecommunications hub in Denmark, the operation allowed the US intelligence agency to spy on the communications of European politicians. SecurityAffairs – hacking, NSA).

Telecommunications

Telecommunications Surveillance Internet Internet

Interview With the Guy Who Tried to Frame Me for Heroin Possession

Krebs on Security

SEPTEMBER 25, 2019

In April 2013, I received via U.S. When I first encountered now-31-year-old Sergei “Fly,” “Flycracker,” “MUXACC” Vovnenko in 2013, he was the administrator of the fraud forum “thecc[dot]bz,” an exclusive and closely guarded Russian language board dedicated to financial fraud and identity theft.

Cybercrime

Cybercrime Identity Theft Accountability Passwords

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

We also provide integrated security, visibility and automation: a SOC (Security Operations Center) inside the NOC, with Grifter and Bart as the leaders. At each conference, we have a hack-a-thon: to create, prove, test, improve and finally put into production new or improved integrations.

Wireless

Wireless DNS Mobile Technology

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

The new ransomware dubbed JCry (extension used to rename encrypted files.jcry ) is part of the OpIsrael 2019 — an annual coordinated cyber attack against the Israeli government and private websites created with the stated goal of “erasing Israel from the Internet” in protest against the Israeli government’s conduct in the Israel-Palestine conflict.

Ransomware

Ransomware Encryption Malware Cyber Attacks

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

The new ransomware dubbed JCry (extension used to rename encrypted files.jcry ) is part of the OpIsrael 2019 — an annual coordinated cyber attack against the Israeli government and private websites created with the stated goal of “erasing Israel from the Internet” in protest against the Israeli government’s conduct in the Israel-Palestine conflict.

Ransomware

Ransomware Encryption Malware Cyber Attacks

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Webinars

Trending Sources

Meet the Administrators of the RSOCKS Proxy Botnet

Webinars

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Alleged Extortioner of Psychotherapy Patients Faces Trial

Snowden Ten Years Later

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Hacker who disrupted Sony gaming gets a 27-months jail sentence

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

FBI shuts down the Russian-based hacker platform DEER.IO

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Data of more than 2M Toyota customers exposed in ten years-long data breach

Cyber Security Roundup for April 2021

BotenaGo botnet targets millions of IoT devices using 33 exploits

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security gaps in operational tech exposed with hacker attempt to poison Florida city water

Microsoft issues an out-of-band update to address SharePoint information disclosure flaw

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Russian spies are attempting to tap transatlantic undersea cables

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

Maryland Department of Labor discloses a data breach

New Leak Shows Business Side of China’s APT Menace

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

Anti-Debugging Techniques from a Complex Visual Basic Packer

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Maybe don’t call Saul? Over 30,000 VoIP devices identifiable worldwide, some with suspected vulnerabilities

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Australian man charged with creating and selling the Imminent Monitor spyware

The Challenges Facing the Passwordless Future

Happy 10th anniversary & Kali's story.so far

Top 5 Attack Vectors to Look Out For in 2022

Denmark intel helped US NSA to spy on European politicians

Interview With the Guy Who Tried to Frame Me for Heroin Possession

Black Hat USA 2023 NOC: Network Assurance

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected