2016, Hacking, Information Security and Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. “Around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the Internet without restrictions. ” reads the alert published by the BSI.

Information Security

Information Security Internet Internet Healthcare

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” In 2016, Deniskloster.com featured a post celebrating three years in operation.

Advertising

Advertising Cybercrime System Administration Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The infamous Locky ransomware was first spotted in the wild in February 2016. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking

Hacking Firmware Internet Internet

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

. “ “This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.” Pierluigi Paganini.

Hacking

Hacking Firmware IoT Internet

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). “Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. ” reported Trend Micro. ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. The source is offered for a price as low as $2,000, as reported by ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok

The Last Watchdog

SEPTEMBER 1, 2020

These three names will go down in the history of internet commerce, right alongside Jack Dorsey, Mark Zuckerberg and Jeff Bezos. De Guzman authored the I Love You email virus that circled the globe infecting millions of PCs; Calce, aka Mafiaboy, released the Melissa Internet worm that knocked offline Amazon, CNN, eBay and Yahoo.

Hacking

Hacking Media Accountability CISO

Trump admits to have authorized a cyber attack on Russian troll farm in 2018

Security Affairs

JULY 13, 2020

According to The Washington Post the target of the attack was the Saint Petersburg-based firm Internet Research Agency (IRA) that was suspected to be the source of disinformation campaigns arranged by the Kremlin. SecurityAffairs – hacking, President Donald Trump). The attack took place in February 2018 and was launched by the U.S.

Cyber Attacks

Cyber Attacks Internet Internet Advertising

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015.

Internet

Internet Internet Encryption Government

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. In December 2016 , the Turkish blocked social media in the country to prevent the sharing of a video of the executions of Turkish soldiers by the IS group. ”added Netblocks. .

Media

Media Data collection Internet Internet

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Security Affairs

SEPTEMBER 21, 2019

The bad side of all of these adventure is, now I have my research materials scattering around all over the internet during these past three years (smile). The post MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) appeared first on Security Affairs. The background.

Malware

Malware Advertising Security Awareness Media

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. In this ongoing war, some types of data storage are more prone to hacking because of the need to access, process, and analyze data quickly. Never connect IoT devices and equipment directly to the internet.

IoT

IoT Cybersecurity VPN Internet

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

MAY 20, 2023

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. CVE-2016-6415 – Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability.

Internet

Internet Internet Mobile Hacking

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Security Affairs

JULY 10, 2019

Worse, the Internet, the rise of smartphones, and the culture of social media allow us to access these things from anywhere. Fortunately, there are options available to parents when it comes to controlling YouTube and Internet access. In 2014, Snapchat was in the spotlight after a third-party “snap saving” app was hacked.

Internet

Internet Internet Media Accountability

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Telecommunications

Telecommunications Mobile Hacking Architecture

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Reading about the NSA’s hacking abilities will do that to you. Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this. We technologists did a lot to help secure the Internet, for example.

Surveillance

Surveillance Computers and Electronics Encryption Government

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

[link] #cve -2018-9995 #dvr pic.twitter.com/gw37PA3jo4 — Ezequiel Fernandez (@Capitan_Alfa) May 1, 2018 Fortinet also warns of a spike in exploitation attempts targeting the CVE-2016-20016 (CVSS score of 9.8) in MVPower CCTV DVR models. Previously seen to be exploited in the wild through 2017 and on-going.”

Authentication

Authentication Retail Surveillance Education

Security Affairs newsletter Round 405 by Pierluigi Paganini

Security Affairs

FEBRUARY 5, 2023

Experts plans to release VMware vRealize Log RCE exploit next week Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 405 by Pierluigi Paganini appeared first on Security Affairs.

Healthcare

Healthcare Data breaches Malware Ransomware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. SecurityAffairs – hacking, botnet). The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. Pierluigi Paganini.

IoT

IoT Hacking Advertising Government

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

Upon compromising the IP camera, an attacker can also use the hacked device to access internal networks posing a risk to the infrastructure that uses the devices. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

Firmware

Firmware DDOS Malware IoT

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

Follow me on Twitter: @securityaffairs Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, zero-day) The post In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues appeared first on Security Affairs.

Firewall

Firewall Software Hacking Internet

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” SecurityAffairs – hacking, ZLoader malware). To nominate, please visit:?

Banking

Banking Malware Telecommunications Antivirus

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

Kaspersky first documented the operations of the group in 2016. The threat actors used the implant against a South Korean online newspaper, the APT group also relied on an Internet Explorer exploit and used another backdoor named BLUELIGHT (previously reported by security firms Volexity and Kaspersky ). Pierluigi Paganini.

Accountability

Accountability Malware Cyber Attacks Media

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, the Sony Pictures hack , the FASTCash ATM attacks against banks, and attacks on multiple cryptocurrency exchanges. SecurityAffairs – hacking, BeagleBoyz). Pierluigi Paganini.

Banking

Banking Malware Advertising Hacking

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

In 2016, the perpetrator of the shooting spree in Munich claimed to have bought the murder weapon and ammunition on the platform. The accused is suspected of operating a criminal trading platform on the Internet in accordance with Section 127 of the Criminal Code.” SecurityAffairs – hacking, Deutschland im Deep Web).

Marketing

Marketing Cybercrime Mobile Internet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.” SecurityAffairs – hacking, ransomware). ” reads the alert. Pierluigi Paganini.

Healthcare

Healthcare Ransomware Cybercrime Advertising

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Security Affairs

SEPTEMBER 11, 2023

TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. Government and U.S. companies, including hospitals.” ” reads the announcement made by the U.S. Department of the Treasury.

Cybercrime

Cybercrime Government Ransomware Banking

Ongoing Xurum attacks target Magento 2 e-stores

Security Affairs

AUGUST 14, 2023

Akamai researchers also observed on the xurum.com server a public exploit the CVE-2016-5195 , aka Dirty COW, for Linux local privilege escalation, “The attackers have shown a meticulous approach, targeting specific Magento 2 instances rather than indiscriminately spraying their exploits across the internet.

Internet

Internet Internet Hacking Software

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Joseph Steinberg

MAY 12, 2021

And, just before the COVID-19 pandemic hit the United States, the Department of Homeland Security alerted information security professionals that a ransomware attack delivered via phishing emails had adversely impacted operations at one of the country’s natural gas processors. Nor were those isolated incidents.

Energy and Utilities

Energy and Utilities Ransomware Artificial Intelligence Cyber Attacks

Social marketplace Trustanduse exposes nearly half a million users

Security Affairs

JANUARY 12, 2023

Sensitive information exposed. The company was founded in 2016 and is based in Athens. After the discovery in June, researchers repeatedly detected the same database on different internet protocol (IP) addresses in October and December 2022. SecurityAffairs – hacking, Trustanduse). Original post at [link].

Media

Media Accountability Authentication Internet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The group was involved also in the string of attacks that targeted 2016 Presidential election. The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. SecurityAffairs – APT28, hacking). Pierluigi Paganini.

Phishing

Phishing Accountability Advertising DNS

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Security Affairs

MARCH 15, 2021

Last week, the independent security researcher Nguyen Jang published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers. A few hours after the publication, GitHub took down the PoC hacking tool because it posed a threat to Microsoft’s customers using the Microsoft Exchange solution. . Pierluigi Paganini.

Hacking

Hacking Manufacturing Ransomware Cybercrime

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

New Mirai variant includes exploit for a flaw in Comtrend Routers

Security Affairs

JULY 14, 2020

Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.

IoT

IoT Advertising DDOS Authentication

75% of medical infusion pumps affected by known vulnerabilities

Security Affairs

MARCH 3, 2022

High) 52.11% 3 CVE-2016-9355 5.3 Medium) 50.39% 4 CVE-2016-8375 4.9 With attack surfaces widening and attack vectors becoming more refined than ever before, now’s the time for healthcare organizations to define medical device security with a new level of sophistication. SecurityAffairs – hacking,IoT). Critical) 15.23%.

Healthcare

Healthcare IoT Risk Hacking

US seizes 2 domains used by APT29 in a recent phishing campaign

Security Affairs

JUNE 2, 2021

Russia-linked SVR group (aka APT29 , Cozy Bear , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. SecurityAffairs – hacking, APT29). Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Malware Hacking Accountability

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Webinars

Trending Sources

Meet the Administrators of the RSOCKS Proxy Botnet

Webinars

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Over 80,000 Hikvision cameras can be easily hacked

Hikvision cameras could be remotely hacked due to critical flaw

Russia-linked APT28 and crooks are still using the Moobot botnet

Source code of Dharma ransomware now surfacing on public hacking forums

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok

Trump admits to have authorized a cyber attack on Russian troll farm in 2018

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

IoT and Cybersecurity: What’s the Future?

US CISA warns of a Samsung vulnerability under active exploitation

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

China-linked LightBasin group accessed calling records from telcos worldwide

Snowden Ten Years Later

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs newsletter Round 405 by Pierluigi Paganini

A new Zerobot variant spreads by exploiting Apache flaws

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Microsoft has taken legal and technical action to dismantle the Zloader botnet

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

North Korea-linked APT group BeagleBoyz targets banks

The Hacker Mind Podcast: Hacking Ransomware

The Hacker Mind Podcast: Hacking Ransomware

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Ongoing Xurum attacks target Magento 2 e-stores

The Only Thing Surprising About The Crippling Ransomware Attack On A Major US Fuel Pipeline Is That Anyone Is Surprised That The Attack Succeeded

Social marketplace Trustanduse exposes nearly half a million users

BotenaGo botnet targets millions of IoT devices using 33 exploits

Russia-linked APT28 has been scanning vulnerable email servers in the last year

ProxyLogon Microsoft Exchange exploit is completely out of the bag by now

Cyber Security Roundup for April 2021

New Mirai variant includes exploit for a flaw in Comtrend Routers

75% of medical infusion pumps affected by known vulnerabilities

US seizes 2 domains used by APT29 in a recent phishing campaign

Stay Connected