2016, Hacking, Information Security and Passwords

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium , APT33 , Elfin , and Magic Hound ).

Passwords

Passwords Accountability Authentication Hacking

Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

Security Affairs

JANUARY 20, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Hacking

Hacking Passwords Accountability Authentication

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

Security Affairs

JANUARY 25, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Hacking

Hacking Accountability Passwords Cybersecurity

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Security Boulevard

OCTOBER 16, 2022

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for […].

Passwords

Passwords CSO Hacking Accountability

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Security Affairs

OCTOBER 2, 2019

Zendesk discloses a data breach that took place in 2016 when a hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. In 2016, customer service software company Zendesk suffered a security breach that exposed data of 10,000 users, including passwords, emails, names, and phone numbers.

Data breaches

Data breaches Passwords Authentication Accountability

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. The infamous Locky ransomware was first spotted in the wild in February 2016. None of these early threats went pro.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. Upon installing the ransomware, it downloads two executable files, which include the password stealer “pones.exe” and “krots.exe,” (aka) KPOT, which allows threat actors to write to the compromised system’s temporary (TMP) file.

Ransomware

Ransomware Hacking Malware Encryption

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

. “ “This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.” Pierluigi Paganini.

Hacking

Hacking Firmware IoT Internet

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications.

Phishing

Phishing Ransomware Security Awareness Authentication

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Hacking

Hacking Cyber Attacks Passwords Software

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs

DECEMBER 25, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT33) South Korea, and Europe.

Passwords

Passwords Accountability Authentication Malware

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

“This permits an attacker to gain full control of device with an unrestricted root shell, which is far more access than even the owner of the device has as they are restricted to a limited “protected shell” (psh) which filters input to a predefined set of limited, mostly informational commands.”. SecurityAffairs – hacking, Hikvision).

Hacking

Hacking Firmware Internet Internet

Russia-linked Midnight Blizzard breached Microsoft systems again

Security Affairs

MARCH 8, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Passwords

Passwords Accountability Hacking Cybersecurity

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking

Hacking Engineering Data breaches Advertising

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Security Affairs

MAY 25, 2020

Some of the databases are dated as 2016, but data starts from March 28, 2020. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., The hacked stores were running Shopware, JTL-Shop, PrestaShop, OpenCart, Magento v1 and v2 e-commerce CMSs.

Hacking

Hacking Advertising Authentication Passwords

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

JANUARY 26, 2024

The Seoul High Court Criminal Division 20 (Chief Judge Jeong Seon-jae Baek Suk-jong Lee Jun-hyun) charged Mr. A for being a developer for the TrickBot gang since 2016. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Trickbot)

Malware

Malware Identity Theft Banking Ransomware

Social Blade discloses security breach

Security Affairs

DECEMBER 16, 2022

The exposed data include email addresses, password hashes, client IDs, IP addresses, and tokens for business API users, authentication tokens for connected accounts, and non-personal and internal data was compromised. The good news is that passwords are hashed using the BCrypt, a hashing algorithm that is considered robust.

Data breaches

Data breaches Passwords Media Phishing

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset. huawei) for the initial compromise.

Telecommunications

Telecommunications Mobile Hacking Architecture

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware

Firmware Ransomware Passwords Mobile

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

SEPTEMBER 15, 2023

The man listed the credentials of more than 35,000 compromised computers for sale and according to the investigators, he obtained more than $350,000 in illicit proceeds between 2016 and 2019. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware

Malware Marketing Passwords Hacking

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

In each of these cases, the cybercriminals behind the breaches were after usernames and passwords. The most commonly used passwords today are, “password” and “123456,” and it only takes a hacker.29 In May 2016, a massive set of data was stolen from Myspace to what’s said to be one of the largest breaches in history.

Data breaches

Data breaches Media Passwords Accountability

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Security Affairs

JANUARY 26, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Hacking

Hacking Cybersecurity Marketing Authentication

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Security Affairs

NOVEMBER 10, 2022

APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. “The queried LDAP attributes relate to usual credential information gathering (e.g. SecurityAffairs – hacking, APT29). Pierluigi Paganini.

Passwords

Passwords Hacking Accountability Encryption

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Street @jaysonstreet.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. SecurityAffairs – hacking, RouterOS Scanner). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Malware

Malware DNS Passwords Ransomware

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. Pierluigi Paganini.

IoT

IoT Hacking Advertising Government

Hacker claims to have stolen 39 million Aptoide app store users

Security Affairs

APRIL 18, 2020

The news was reported by ZDNet, the stolen data were published on a well-known hacking forum. “The leaked information, which ZDNet obtained a copy with the help of data breach monitoring service Under the Breach, contains information on users who registered or used the Aptoide app store app between July 21, 2016, and January 28, 2018.”

Data breaches

Data breaches Advertising Mobile Hacking

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

SEPTEMBER 13, 2021

While WhatsApp has already implemented end-to-end encrypion since 2016, the company still stores backups in the cloud unencrypted. WhatsApp will use a unique, randomly generated encryption key to encrypt the backup, user can choose to secure the key manually or with a user password. SecurityAffairs – hacking, E2EE).

Backups

Backups Encryption Passwords Accountability

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.” ” According to Europol, the joint effort and intense information sharing were the key to the success of Operation TOURNIQUET.

Cybercrime

Cybercrime Banking Accountability Hacking

The alleged author of NLBrute Malware was extradited to US from Georgia

Security Affairs

FEBRUARY 23, 2023

The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.” The man listed the credentials of more than 35,000 compromised computers for sale and according to the investigators, he obtained more than $350,000 in illicit proceeds between 2016 and 2019.

Malware

Malware Marketing Passwords Hacking

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Adopt a comprehensive IoT security solution. SecurityAffairs – hacking, botnet). ” reads the analysis published by Microsoft.

IoT

IoT DDOS Malware Firmware

IoT and Cybersecurity: What’s the Future?

Security Affairs

MAY 2, 2022

IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack. SecurityAffairs – hacking, IoT). appeared first on Security Affairs. Pierluigi Paganini.

IoT

IoT Cybersecurity VPN Internet

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. It allows an attacker to provide covert, unauthorized access to email correspondence and was used after gaining access to email accounts through CVE-2023-23397 (Microsoft Outlook Vulnerability) or password-spraying.”

Accountability

Accountability Government Phishing Authentication

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

These emails persuade employees to reveal passwords for important applications or download malicious files to their devices. Using stolen passwords is an easy way to masquerade as a genuine user and access sensitive information or infiltrate deeper into your network. SecurityAffairs – hacking, attack vectors).

IoT

IoT Phishing Passwords Scams

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

The group has been linked to several major cyber attacks, including the 2014 Sony Pictures hack , several SWIFT banking attacks since 2016, and the 2017 WannaCry ransomware infection. In September, the US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial.

Cyber Attacks

Cyber Attacks Manufacturing Hacking Advertising

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. “In approximately June 2016, the real estate website StreetEasy suffered a data breach. 87% of addresses were already in @haveibeenpwned.

Data breaches

Data breaches Passwords Advertising Cybercrime

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

JULY 26, 2021

Microsoft published mitigations for the recently discovered PetitPotam attack that allows attackers to force remote Windows machines to share their password hashes. The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. SecurityAffairs – hacking, SolarWinds).

Authentication

Authentication Passwords Encryption Hacking

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba was first spotted on September 2016 when experts at Morphus Labs discovered the infection of machines belonging to an energy company in Brazil with subsidiaries in the United States and India. Regularly, change passwords to network systems and accounts, and avoid reusing passwords for different accounts.

Ransomware

Ransomware Encryption Passwords Malware

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

DECEMBER 30, 2022

Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972). The researchers noticed that both trojan variants contain unimplemented functionality for hacking the administrator accounts of WordPress websites through a brute-force attack using special dictionaries. SecurityAffairs – hacking, Lunix Malware).

Malware

Malware Hacking Accountability Phishing

Dirty Pipe Linux flaw allows gaining root privileges on major distros

Security Affairs

MARCH 7, 2022

Kellerman explained that the flaw is similar to CVE-2016-5195 , aka Dirty Cow, and is more dangerous because it is easier to exploit. BleepingComputer reported a tweet published by the security researcher Phith0n who explained that it is possible to use the exploit to modify the /etc/passwd file to set the root user without a password.

Passwords

Passwords Hacking Accountability Information Security

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Security Affairs

SEPTEMBER 11, 2023

TrickBot is a popular Windows banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features, including powerful password-stealing capabilities. .” reads the announcement made by the U.S. Department of the Treasury.

Cybercrime

Cybercrime Government Ransomware Banking

Iranian Peach Sandstorm group behind recent password spray attacks

Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

Webinars

Trending Sources

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Hikvision cameras could be remotely hacked due to critical flaw

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Over 80,000 Hikvision cameras can be easily hacked

Russia-linked Midnight Blizzard breached Microsoft systems again

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

CIA elite hacking unit was not able to protect its tools and cyber weapons

New Version of Meduza Stealer Released in Dark Web

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

A TrickBot malware developer sentenced to 64 months in prison

Social Blade discloses security breach

China-linked LightBasin group accessed calling records from telcos worldwide

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Dariy Pankov, the NLBrute malware author, pleads guilty

Cybercriminals are Oversharing with Social Media Data Breaches

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Top Cybersecurity Accounts to Follow on Twitter

Microsoft releases open-source tool for checking MikroTik Routers compromise

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Hacker claims to have stolen 39 million Aptoide app store users

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

The alleged author of NLBrute Malware was extradited to US from Georgia

A new Zerobot variant spreads by exploiting Apache flaws

IoT and Cybersecurity: What’s the Future?

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Top 5 Attack Vectors to Look Out For in 2022

Israel announced to have foiled an attempted cyber-attack on defence firms

Data from Sephora and StreetEasy data breaches added to HIBP

Microsoft publishes mitigations for the PetitPotam attack

FBI published a flash alert on Mamba Ransomware attacks

New Linux malware targets WordPress sites by exploiting 30 bugs

Dirty Pipe Linux flaw allows gaining root privileges on major distros

UK and US sanctioned 11 members of the Russia-based TrickBot gang

Stay Connected