2015, Authentication and Internet - Cyber Security Informer

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015. The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Phishing

Phishing Cybercrime Advertising Antivirus

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

Also: How to delete yourself from internet search results and hide your identity online For individuals, the damage can be more personal than figures on a balance sheet. Enable two-factor authentication Whenever you can, enable two-factor authentication (2FA) -- especially after you've become a victim of a data breach.

Passwords

Passwords Data breaches Password Management Identity Theft

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

Also: How to delete yourself from internet search results and hide your identity online For individuals, the damage can be more personal than figures on a balance sheet. Enable two-factor authentication Whenever you can, enable two-factor authentication (2FA) -- especially after you've become a victim of a data breach.

Passwords

Passwords Data breaches Password Management Identity Theft

Privacy Roundup: Week 1 of Year 2025

Security Boulevard

JANUARY 4, 2025

It appears that primarily internet-facing devices are vulnerable (they typically have remote management interfaces exposed to the internet in most cases). Users should keep routers updated , use strong admin passwords (avoid using the default credentials), and avoid exposing the admin login page to the internet.

Data breaches

Data breaches Firmware Healthcare Malware

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reads the advisory published by Microsoft.

Internet

Internet Internet Authentication Advertising

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

“I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. That’s because Experian does not offer any type of multi-factor authentication options on consumer accounts. But now he’s wondering what else he could do to prevent another account compromise.

Accountability

Accountability Passwords Authentication Password Management

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc Finally, the malware validates there is a valid Internet connection through a speed test website. on Twitter, and targeting Portuguese users.

Internet

Internet Internet Malware Banking

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia. ”

Accountability

Accountability Hacking Authentication Marketing

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). The most secure MFA option offered (a one-time code generated by an app like Google Authenticator or Authy) was already pre-selected, so I chose that.

Accountability

Accountability Passwords Authentication Insurance

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. One of Megatraffer’s ads on an English-language cybercrime forum. “Why do I need a certificate? Image: Archive.org.

Malware

Malware Cybercrime Antivirus Accountability

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

The database required no authentication. In addition, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files. In May 2015, KrebsOnSecurity broke the news that mSpy had been hacked and its customer data posted to the Dark Web.

Spyware

Spyware Mobile Advertising Software

Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs

MAY 28, 2019

GreyNoise is observing sweeping tests for systems vulnerable to the RDP "BlueKeep" (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. Now the popular expert Robert Graham has scanned the Internet for vulnerable systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Internet

Internet Internet Advertising Malware

IRS To Ditch Biometric Requirement for Online Access

Krebs on Security

FEBRUARY 7, 2022

Critics charged the IRS’s plan would unfairly disadvantage people with disabilities or limited access to technology or Internet, and that facial recognition systems tend to be less accurate for people with darker skin. “People should continue to file their taxes as they normally would.”

Insurance

Insurance Government Authentication Accountability

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

In May 2015, KrebsOnSecurity published a brief writeup about the brazen Manipulaters team, noting that they openly operated hundreds of web sites selling tools designed to trick people into giving up usernames and passwords, or deploying malicious software on their PCs. .” ” A number of questions, indeed.

Phishing

Phishing Cybercrime Malware Advertising

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended. Hilderman Many components and systems within an aircraft can exchange data and communicate with each other or with the external internet.

Software

Software Risk Artificial Intelligence Cyber Attacks

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Mobile Authentication

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.” Pierluigi Paganini.

IoT

IoT DDOS Authentication Firmware

A daily average of 80,000 printers exposed online via IPP

Security Affairs

JUNE 23, 2020

The Shadowserver Foundation is a nonprofit security organization working altruistically behind the scenes to make the Internet more secure for everyone. The researchers scanned the Internet for printers that are exposing their Internet Printing Protocol (IPP) port online. and printers (or print servers).

Internet

Internet Internet Firmware Advertising

The bleak picture of two-factor authentication adoption in the wild

Elie

DECEMBER 20, 2018

This post looks at two-factor authentication adoption in the wild, highlights the disparity of support between the various categories of websites, and illuminates how fragmented the two factor ecosystem is in terms of standard adoption. 2015 old version of Alexa top 1000 sites. How prevalent is 2FA authentication? Methodology.

Authentication

Authentication Internet Internet Software

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Authentication Wireless Advertising

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

FEBRUARY 21, 2020

Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. In the classic case of a human user clicking to a website, CAs, like DigiCert, verify the authenticity of the website and encrypt the data at both ends.

Digital transformation

Digital transformation IoT Authentication Encryption

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

JULY 14, 2022

million in 2015. Take this recent phishing attempt , which was identified by Perception Point’s Incident Response team: hackers first used an irregular URL structure to evade standard email threat detection systems, and sent users through a very convincing but fake two-factor authentication. companies rising to $14.8

Phishing

Phishing Education Cybersecurity Threat Detection

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

The Last Watchdog

JUNE 10, 2019

These are the carriers that provide Internet access to rural areas all across America. For example, it is possible to install an update on many instances of firmware without ever having to produce a digital certificate verifying the authenticity of the fix. telecoms by Chinese tech giant Huawei. Talk more soon.

Firmware

Firmware Cybersecurity Technology Authentication

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

InfoSec

InfoSec Mobile Data breaches Advertising

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Cyble researchers provided the following recommendations: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Banking

Banking Data breaches Advertising Mobile

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Trend Micro.

IoT

IoT Advertising DDOS Authentication

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Below the recommendations provided by ESET on how to configure remote access correctly: Disable internet-facing RDP.

Passwords

Passwords Internet Internet Advertising

Personal details and SSNs of 40,000 US citizens available for sale

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Mobile Data breaches Banking

Most of Linux distros affected by a critical RCE in PPP Daemon flaw

Security Affairs

MARCH 6, 2020

The pppd software is an implementation of Point-to-Point Protocol (PPP) that is used to establish internet links over dial-up modems, DSL connections, and many other types of point-to-point links. This is due to the fact that an authenticated attacker may still be able to send unsolicited EAP packet to trigger the buffer overflow.”

Advertising

Advertising Authentication Software Hacking

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

SEPTEMBER 29, 2018

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities. The FBI Internet Crime Complaint Center (IC3) and the DHS issued a joint alert to highlight the rise of RDP as an attack vector. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cyber Attacks

Cyber Attacks Advertising Internet Internet

Hackers are scanning the web for vulnerable Citrix systems

Security Affairs

JULY 10, 2020

Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products.

Advertising

Advertising CISO Technology Authentication

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet.

Data breaches

Data breaches Phishing Passwords Advertising

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them. .

IoT

IoT DDOS InfoSec Internet

Security breach impacted Cisco VIRL-PE infrastructure

Security Affairs

MAY 28, 2020

These issues affect the following Cisco products running a vulnerable software release: Cisco Modeling Labs Corporate Edition (CML) Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE). The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Advertising

Advertising Software Authentication Internet

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

246869 Windows systems are still vulnerable to the BlueKeep flaw

Security Affairs

NOVEMBER 17, 2020

Microsoft also advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this vulnerability. CVE-2015-1635 374113 N/A, CVSSv2 10.0 ” CVE Number of affected systems CVSSv3 CVE-2019-0211 3357835 7.8 CVE-2019-12525 1219716 9.8

Internet

Internet Internet Malware Cyber Attacks

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the report.

VPN

VPN Government Authentication Advertising

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. WS-DD uses UDP making it possible to spoof a victim’s IP address.

DDOS

DDOS IoT Internet Internet

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

“This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by Tripwire. 83n SonicOS 6.5.1.12-1n 1n SonicOS 6.0.5.3-94o 94o SonicOS 6.5.4.v-21s-987

VPN

VPN Firewall Advertising Internet

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Security Affairs

NOVEMBER 3, 2020

” In late 2018, the UNC1945 group was spotted compromising a Solaris server that had the SSH service exposed to the Internet to install a backdoor dubbed SLAPSTICK and steal credentials to use in later attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Telecommunications Advertising Hacking

Researchers warn of QNAP NAS attacks in the wild

Security Affairs

AUGUST 31, 2020

Hackers are scanning the Internet for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions vulnerable to a remote code execution (RCE) vulnerability addressed by the vendor 3 years ago. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Advertising Malware Internet

Google Tsunami vulnerability scanner is now open-source

Security Affairs

JULY 9, 2020

If these systems are exposed to the internet without authentication, attackers can leverage the functionality of the application to execute malicious commands. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes Google. Pierluigi Paganini. SecurityAffairs – hacking, Tsunami).

Engineering

Engineering Advertising Authentication Hacking

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Trending Sources

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Privacy Roundup: Week 1 of Year 2025

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Experian, You Have Some Explaining to Do

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

TroyStealer – A new info stealer targeting Portuguese Internet users

Sendgrid Under Siege from Hacked Accounts

E-Verify’s “SSN Lock” is Nothing of the Sort

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Ask Fitis, the Bear: Real Crooks Sign Their Malware

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Internet scans found nearly one million systems vulnerable to BlueKeep

IRS To Ditch Biometric Requirement for Online Access

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

A daily average of 80,000 printers exposed online via IPP

The bleak picture of two-factor authentication adoption in the wild

Expert found multiple critical issues in MoFi routers

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

MY TAKE: Why locking down ‘firmware’ has now become the next big cybersecurity challenge

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

UberEats data leaked on the dark web

New Mirai variant includes exploit for a flaw in Comtrend Routers

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Personal details and SSNs of 40,000 US citizens available for sale

Most of Linux distros affected by a critical RCE in PPP Daemon flaw

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Hackers are scanning the web for vulnerable Citrix systems

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security breach impacted Cisco VIRL-PE infrastructure

USBAnywhere BMC flaws expose Supermicro servers to hack

246869 Windows systems are still vulnerable to the BlueKeep flaw

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

UNC1945, a sophisticated threat actor used Oracle Solaris Zero-Day exploit

Researchers warn of QNAP NAS attacks in the wild

Google Tsunami vulnerability scanner is now open-source

Stay Connected