2014, Authentication, Information Security and Internet

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reads the advisory published by Microsoft.

Internet

Internet Internet Authentication Advertising

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc Finally, the malware validates there is a valid Internet connection through a speed test website. on Twitter, and targeting Portuguese users.

Internet

Internet Internet Malware Banking

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Meanwhile, any hacker viewing the information will see random bits of text with no apparent meaning. Password Protection & Authentication. Apple’s iPhone X, for instance, uses a feature called Face ID, which scans your facial features with infrared sensors and turns that information into a password. About the author.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. Once the rules have been created, a thread connects to an NTP server from a roster of authentic NTP servers.

IoT

IoT Cybercrime Internet Internet

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. “During our research process, the Cyble Research Team got hold of some informative details related to this leak.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Data breaches Mobile Advertising

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Authentication

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile

Mobile InfoSec Data breaches Advertising

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. The researcher describes the issue as a reachable pre-authentication that impacts every SSL VPN appliance. ” states the analysis published by Bishop Fox.

Firewall

Firewall VPN Firmware Internet

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet.

Data breaches

Data breaches Phishing Passwords Advertising

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Trend Micro.

IoT

IoT Advertising DDOS Authentication

Hundreds of female sports stars and celebrities have their naked photos and videos leaked online

Security Affairs

NOVEMBER 22, 2020

The attack took place in the same hours as hackers hit Manchester United and brings us back to mind the Fappening cases that exposed online cache of nude photos and videos of celebrities back in 2014. ” “It can take years to pursue, just to get it taken down from the internet. ” reported The Times. “We

Authentication

Authentication Passwords Hacking Internet

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

“This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. 83n SonicOS 6.5.1.12-1n 2 and onwards.

VPN

VPN Firewall Advertising Internet

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them. .

IoT

IoT DDOS InfoSec Internet

Security breach impacted Cisco VIRL-PE infrastructure

Security Affairs

MAY 28, 2020

Cisco has disclosed a security incident that impacted part of its VIRL-PE infrastructure, threat actors exploited vulnerabilities in the SaltStack software package to breach six company servers. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Advertising

Advertising Software Authentication Internet

Google Tsunami vulnerability scanner is now open-source

Security Affairs

JULY 9, 2020

The initial version of the Tsunami tool already includes modules to detect the following security issues: Exposed sensitive UIs: Applications such as Jenkins , Jupyter , and Hadoop Yarn ship with UIs that allow a user to schedule workloads or to execute system commands. ” concludes Google. Pierluigi Paganini.

Engineering

Engineering Advertising Authentication Passwords

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

JULY 10, 2020

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising CISO Technology Authentication

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

” “Passwords associated with external authentication systems such as AD or LDAP are unaffected. Sophos pointed out that passwords associated with external authentication systems such as AD or LDAP are unaffected. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firewall

Firewall Passwords Accountability Advertising

Flaws in leading industrial remote access systems allow disruption of operations

Security Affairs

OCTOBER 1, 2020

.” The US CISA agency also published a security advisory to warn of risks associated with the successful exploitation of the flaws in the B&R Automation systems. Also recognize that VPN is only as secure as the connected devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Authentication VPN Firewall

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Security Affairs

NOVEMBER 3, 2020

” In late 2018, the UNC1945 group was spotted compromising a Solaris server that had the SSH service exposed to the Internet to install a backdoor dubbed SLAPSTICK and steal credentials to use in later attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Telecommunications Advertising Internet

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

Security Affairs

SEPTEMBER 8, 2019

Ministry of Internal Affairs announced that Belarusian police have seized and shutdown XakFor, one of the largest hacking forums on the internet. Not all the malware were authentic, some of them were cracked versions, while other s were backdoored. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Malware Cybercrime Hacking

246869 Windows systems are still vulnerable to the BlueKeep flaw

Security Affairs

NOVEMBER 17, 2020

Microsoft also advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this vulnerability. Now security researcher Jan Kopriva has performed a new scan using the Shodan search engine for machines vulnerable to specific CVEs.

Internet

Internet Internet Malware Cyber Attacks

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Security Affairs

OCTOBER 22, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Microsoft addresses three Windows issues actively exploited

Security Affairs

APRIL 14, 2020

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. The flaws addressed by Microsoft this month impact Windows, Edge, Internet Explorer, Office, Windows Defender, Dynamics, Apps for Android and Mac, and other products.

Internet

Internet Internet Advertising Engineering

Security Affairs newsletter Round 243

Security Affairs

DECEMBER 8, 2019

Europol seized 30,506 Internet domain names for IP Infringement. A flaw in Microsoft OAuth authentication could lead Azure account takeover. OpenBSD addresses authentication bypass, privilege escalation issues. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising DDOS VPN Authentication

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

Cyber researchers recommend people to: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Hacking

Hacking Ransomware Banking Mobile

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

Social Security Numbers, dates of birth, and victim addresses. platform, offered data were authentic according to the feds. “There is a robust underground market for hacked stolen information, and this was a novel way to try to market it to criminals hoping not to get caught,” said U.S. .” ” “Deer.io

Cybercrime

Cybercrime Advertising Hacking Accountability

Remote code execution flaw in Ministra IPTV Platform exposes user data and more

Security Affairs

JUNE 6, 2019

Security experts at CheckPoint have discovered multiple critical flaws in a popular IPTV middleware platform that is used by more than a thousand online media streaming services to manage their millions of subscribers. “However, we were able to bypass the authentication mechanism and utilize some of the admin AJAX API functions. .

Authentication

Authentication Advertising Media Internet

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

Threat actors initially registered domains and created phishing pages that look like the company’s internal VPN login page, the hackers also attempt to trick victims into providing two-factor authentication (2FA) or one-time passwords (OTP). Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts.

Social Engineering

Social Engineering VPN Phishing Authentication

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.” A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control. .

Advertising

Advertising Authentication Internet Internet

Data of 21 million Mixcloud users available for sale on the dark web

Security Affairs

DECEMBER 1, 2019

The hacker access to users’ data, including usernames , email addresses, SHA-2 hashed passwords, account sign-up dates and country, the last-login date, the internet (IP) address, and links to profile photos. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”

Data breaches

Data breaches Passwords Advertising Hacking

Critical SAP Recon vulnerability exposes thousands of system to full take over

Security Affairs

JULY 14, 2020

RECON is caused by the lack of authentication in an SAP NetWeaver AS for Java web component. Onapsis experts scanned the Internet for SAP systems and found 2,500 installs exposed online that are affected by the RECON vulnerability. CISA recommends organizations prioritize patching internet-facing systems, and then internal systems.”

Advertising

Advertising Internet Internet Engineering

Microsoft issues guidance to defend Exchange servers under attack

Security Affairs

JUNE 25, 2020

CVE-2020-0688 ) affecting the underlying Internet Information Service (IIS) component of a target Exchange server. A remote, authenticated attacker could exploit the CVE-2020-0688 vulnerability to execute arbitrary code with SYSTEM privileges on a server and take full control. ” concludes the report. Pierluigi Paganini.

Social Engineering

Social Engineering Advertising Engineering Authentication

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs

JUNE 19, 2020

The CVE-2020-4529 could allow an authenticated attacker to send unauthorized requests from a system, potentially leading to other attacks, such as network enumeration, “IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF). ” reads the security advisory. Pierluigi Paganini.

VPN

VPN Advertising Authentication Passwords

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

New strain of Cerberus Android banking trojan can steal Google Authenticator codes. Threat actors scan Internet for Vulnerable Microsoft Exchange Servers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising Ransomware

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Security Affairs

SEPTEMBER 17, 2019

Internet-connected embedded devices are often placed into a broader category referred to as IoT devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . “Embedded devices are special-purpose computing systems.

Manufacturing

Manufacturing IoT Advertising Authentication

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Security Affairs

APRIL 16, 2020

The answer is not immediate, but due to the various layers of protection during the authentication process that a system imposes on us today, there is a need to validate authenticity and legitimacy during this action. In a simplified way, 10 steps are necessary for a successful authentication in the target homebanking portal.

Banking

Banking Authentication Phishing Mobile

Experts devised advanced SMS phishing attacks against modern Android-based phones

Security Affairs

SEPTEMBER 4, 2019

In these attacks, a remote agent can trick users into accepting new phone settings that, for example, route all their Internet traffic through a proxy controlled by the attacker. An Access Point Name (APN) is the name of a gateway between a GSM, GPRS, 3G or 4G mobile network and another computer network, frequently the public Internet.

Phishing

Phishing Mobile Authentication Internet

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target’s internal network without authentication. MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.” ” reads the security advisory published by the expert.

Firewall

Firewall VPN Passwords Internet

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Security Affairs

JUNE 29, 2019

UpGuard shared as proof of the leak a Netflix database authentication strings, an invoice for a TD Bank software update, and slides describing a project for Ford. Some of the files are dated back September 2014, while other documents were uploaded a few days prior to the expert at UpGuard’s discovery the AWS buckers.

Banking

Banking Backups Big data Advertising

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

TroyStealer – A new info stealer targeting Portuguese Internet users

Webinars

Trending Sources

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Webinars

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

TheMoon bot infected 40,000 devices in January and February

UberEats data leaked on the dark web

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Expert found multiple critical issues in MoFi routers

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Data for 600K customers of U.S. fitness chains Town Sports leaked online

New Mirai variant includes exploit for a flaw in Comtrend Routers

Hundreds of female sports stars and celebrities have their naked photos and videos leaked online

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security breach impacted Cisco VIRL-PE infrastructure

Google Tsunami vulnerability scanner is now open-source

Hackers are scanning the web for vulnerable Citrix systems

USBAnywhere BMC flaws expose Supermicro servers to hack

Hackers exploit SQL injection zero-day issue in Sophos firewall

Flaws in leading industrial remote access systems allow disruption of operations

Maze ransomware operators claim to have breached LG Electronics

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Belarusian authorities seized XakFor, one of the largest Russian-speaking hacker sites

246869 Windows systems are still vulnerable to the BlueKeep flaw

Taiwanese vendor QNAP issues advisory on Zerologon flaw

Microsoft addresses three Windows issues actively exploited

Security Affairs newsletter Round 243

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

FBI shuts down the Russian-based hacker platform DEER.IO

Remote code execution flaw in Ministra IPTV Platform exposes user data and more

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Data of 21 million Mixcloud users available for sale on the dark web

Critical SAP Recon vulnerability exposes thousands of system to full take over

Microsoft issues guidance to defend Exchange servers under attack

An SSRF flaw in Maximo Asset Management could be used to target corporate networks

Security Affairs newsletter Round 253

Experts found 125 new flaws in SOHO routers and NAS devices from multiple vendors

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Experts devised advanced SMS phishing attacks against modern Android-based phones

Sophos fixed a critical vulnerability in Cyberoam firewalls

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Stay Connected