2017, Hacking and Information Security - Cyber Security Informer

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 25, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA ) CVE-2025-24989 (CVSS score: 8.2)

Hacking

Hacking Cybersecurity Risk Cybercrime

Russia-linked APT breached the network of Dutch police in 2017

Security Affairs

JUNE 10, 2021

Russia-linked cyberspies breached the internal network of Dutch police in 2017 while the authorities were investigating the crash of the MH-17. Russia-linked threat actors breached the internal network of Dutch police in 2017 during the investigation into the MH-17 crash. SecurityAffairs – hacking, Epsilon Red ransomware).

Government

Government Hacking Surveillance Ransomware

Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws

Security Affairs

JANUARY 15, 2025

Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server,NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and Windows Virtual Trusted Platform Module. are actively exploited in the wild.

Authentication

Authentication Hacking Information Security

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I This is not the first time that the company suffered a security breach.

Hacking

Hacking Data breaches Information Security Engineering

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Marbled Dust has been active since at least 2017 and primarily targets organizations in Europe and the Middle East. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,APT)

DNS

DNS Telecommunications Architecture Media

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. German investigators believe that Kozachek is a member of the Russia-linked APT28 group (aka Fancy Bear), which is the same group that hacked the German Bundestag in 2015. ” continues the post.

Hacking

Hacking Accountability Malware Cybersecurity

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

In July 2017, Dr.Web researchers discovered many smartphonemodels were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Malware

Malware Cryptocurrency Mobile Firmware

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, newsletter)

Manufacturing

Manufacturing Cybercrime Passwords Authentication

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Hacking

Hacking Firmware Mobile Penetration Testing

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 20, 2025

The third issue added to the KeV catalog is a directory traversal vulnerability, tracked as CVE-2017-12637 , in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5. dot dot) in the query string, as exploited in the wild in August 2017.

Backups

Backups Hacking Cybersecurity Malware

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. Follow me on Twitter: @securityaffairs and Facebook and Mastodon PierluigiPaganini ( SecurityAffairs hacking,HiatusRAT)

Architecture

Architecture Internet Internet Malware

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Security Affairs

OCTOBER 16, 2024

More precise information was not revealed to TecMundo so as not to completely expose the attacker’s identity.” CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017. However, the Brazilian national turned into more complex cybercriminal activities by 2022.

Data breaches

Data breaches Media Cybercrime Accountability

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. “ Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Russia)

Telecommunications

Telecommunications DNS Passwords Hacking

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Security Affairs

JANUARY 21, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads.” Gayfemboy exploits various vulnerabilities, including CVE-2013-3307 , CVE-2021-35394 , CVE-2024-8957 , and others in DVRs, routers, and security appliances. It mainly targets vulnerable AVTECH and Huawei devices.

IoT

IoT Malware Hacking Cybercrime

COMB breach: 3.2B email and password pairs leaked online

Security Affairs

FEBRUARY 7, 2021

billion login credentials, has been leaked on a popular hacking forum. billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking forum, the collection aggregates data from past leaks, such as Netflix, LinkedIn , Exploit.in , Bitcoin, and more. SecurityAffairs – hacking, COMB). More than 3.2

Passwords

Passwords Hacking Accountability Banking

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

The surveillance tool family has been active since 2017, the experts highlighted that it requires physical access to the target device to initiate operations. “EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China.”

Surveillance

Surveillance Mobile Spyware Malware

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

APRIL 19, 2021

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, smart meters).

Hacking

Hacking Accountability Phishing Internet

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Kimsuky)

Phishing

Phishing Malware Security Intelligence Hacking

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

NOVEMBER 23, 2024

Microsoft has tracked Nady, linked to phishing services since 2017. The PhaaS was created by “MRxC0DER,” previously associated with the “ Caffeine Phishing Kit.” The researchers were among the first to discover the real identity of identity of MRxC0DER.

Phishing

Phishing Cybercrime Financial Services Media

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication

Authentication Hacking Software Information Security

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.” Pierluigi Paganini.

Ransomware

Ransomware Authentication Malware Hacking

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

SecurityAffairs – hacking, CISA). The post CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs. With the addition of these 15 vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 368. Pierluigi Paganini.

IoT

IoT Accountability Authentication Hacking

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. SecurityAffairs – hacking, IP cameras).

IoT

IoT Internet Internet Hacking

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox ) The post Russians charged with hacking Mt. Gox in 2011 and money laundering.

Hacking

Hacking Cryptocurrency Advertising Banking

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Security Affairs

JANUARY 22, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) It mainly targets vulnerable AVTECH and Huawei devices. reads the advisory.

DDOS

DDOS Malware Internet Internet

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 29, 2025

The experts noticed that the activity resembles past exploitation of CVE-2017-9844, but due to patched systems, analysts assess with high confidence that an unreported RFI flaw in SAP NetWeaver is being used. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA )

VPN

VPN Risk Hacking Internet

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. ” It’s a similar attitude to corporate executives who believe that they can’t be hacked — and equally naive.

Software

Software Cybersecurity Backups Manufacturing

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

US Treasury imposes sanctions on a Russian research institute behind Triton malware

Security Affairs

OCTOBER 24, 2020

Triton is a strain of malware specifically designed to target industrial control systems (ICS) system that has been spotted by researchers at FireEye in December 2017. The malware was first spotted after it was employed in 2017 in an attack against a Saudi petrochemical plant owned by the privately-owned Saudi company Tasnee.

Malware

Malware Government Hacking Cyber Attacks

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Security Affairs

MARCH 11, 2025

The file exploits a Microsoft Office Memory Corruption flaw, tracked as CVE-2017-11882 , to run a malicious shellcode and initiate a multi-level infection process. Its basic infection method is the use of an old Microsoft Office vulnerability, CVE-2017-11882 , which once again emphasizes the critical importance of installing security patches.”

Malware

Malware Government Phishing Hacking

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection. The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Hacking

Hacking Risk Cybersecurity Information Security

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems.

VPN

VPN Hacking Engineering Information Security

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency.

Advertising

Advertising Hacking Cybercrime Cryptocurrency

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

to target at least two different Russian organizations in 2017, which we are revealing for the first time.” wasn’t known to be vulnerable and thus most likely is not on the radar of security companies being exploited.” SecurityAffairs – hacking, Turla). but also all other versions up to v3.0.0. of the driver. .

Malware

Malware Advertising InfoSec Hacking

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

Security Affairs

JANUARY 6, 2024

billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck filed a $1.4

Insurance

Insurance Manufacturing Ransomware Healthcare

North Korea-linked actors breached the emails of a Presidential Office member

Security Affairs

FEBRUARY 15, 2024

The office said it has been monitoring and defending against “constant” hacking attempts presumed to be related to North Korea but “it’s not that the presidential office’s security system got hacked.” South Korea is a privileged target of cyber espionage operations carried out by North Korea-linked APT groups. Recently, a U.N.

Hacking

Hacking Government Accountability Information Security

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. SecurityAffairs – hacking, industrial enterprises). ” concludes the report.

Encryption

Encryption Antivirus Malware Hacking

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. Pierluigi Paganini.

DDOS

DDOS IoT Advertising Internet

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Security Affairs

MARCH 30, 2021

In January 2018, White hackers from Google Project Zero disclosed vulnerabilities , affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Technology

Technology Malware Hacking Information Security

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware

Malware Cryptocurrency Ransomware Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Trending Sources

Russia-linked APT breached the network of Dutch police in 2017

Microsoft Patch Tuesday updates for January 2025 fixed three actively exploited flaws

Uber hacked, internal systems and confidential documents were allegedly compromised

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Russian APT28 hacker accused of the NATO think tank hack in Germany

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

New Triada Trojan comes preinstalled on Android devices

The source code of the Paradise Ransomware was leaked on XSS hacking forum

XE Group shifts from credit card skimming to exploiting zero-days

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

COMB breach: 3.2B email and password pairs leaked online

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Meet the Administrators of the RSOCKS Proxy Botnet

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Microsoft seized 240 sites used by the ONNX phishing service

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

SynAck ransomware gang releases master decryption keys for old victims

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Hackers claim to have compromised 50,000 home cameras and posted footage online

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Vulnerabilities in Weapons Systems

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

US Treasury imposes sanctions on a Russian research institute behind Triton malware

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

North Korea-linked actors breached the emails of a Presidential Office member

Chinese actors behind attacks on industrial enterprises and public institutions

Developer of DDoS Mirai based botnets sentenced to prison

Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

StripedFly, a complex malware that infected one million devices without being noticed

Stay Connected