2017, Hacking, Information Security and Internet

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft , Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128 , in attacks aimed at South Korean users.

Internet

Internet Internet Engineering Malware

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. SecurityAffairs – hacking, VPN services). Pierluigi Paganini.

VPN

VPN Internet Internet Media

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. ” reported The New Paper.”

IoT

IoT Internet Internet Hacking

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware

Malware Internet Internet DDOS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The WannaCry and NotPetya outbreaks in May and June 2017, respectively, were the most devastating in history.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. The source is offered for a price as low as $2,000, as reported by ZDNet.

Ransomware

Ransomware Hacking Advertising Malware

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

APRIL 19, 2021

Among the most clamorous attacks against industrial organizations, there is the 2015 attack against the electric grid in Ukraine and the 2017 Triton attack against a Saudi petrochemical plant. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. SecurityAffairs – hacking, smart meters).

Hacking

Hacking Phishing Accountability Internet

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT

IoT Cybercrime Internet Internet

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. SecurityAffairs – hacking, Telstra Telecom). Pierluigi Paganini.

Data breaches

Data breaches Telecommunications Accountability Information Security

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. ” reads the advisory published by the CERT-UA. “Note (!) .’ “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. Authorities in the United States, Germany, the Netherlands and the U.K.

Advertising

Advertising Cybercrime System Administration Hacking

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country. All mobile communications and internet access were temporarily interrupted.

Mobile

Mobile Telecommunications Cyber Attacks Internet

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. Once compromised the system, the attacker can execute arbitrary commands on the infected device, experts noticed that the bot could target Windows hosts on both the internet and intranet.

DDOS

DDOS Malware Advertising Passwords

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. SecurityAffairs – Telnet credentials, hacking). Pierluigi Paganini.

IoT

IoT DDOS InfoSec Internet

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. SecurityAffairs – hacking, SynAck). Pierluigi Paganini.

Ransomware

Ransomware Encryption Authentication Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. SecurityAffairs – hacking, botnet). The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Mercedes-Benz data breach impacted roughly 1000 individuals

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017. Pierluigi Paganini.

Data breaches

Data breaches Internet Internet Engineering

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Below the attack chain that was visible in the video PoC: The attacker takes control over the smart bulb by exploiting a vulnerability in smart light bulbs in 2017. SecurityAffairs – Smart Light Bulbs, hacking). The post Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs appeared first on Security Affairs.

Hacking

Hacking IoT Wireless Firmware

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020. Pierluigi Paganini.

VPN

VPN Software Internet Internet

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

The Security Ledger

AUGUST 27, 2018

In this week’s episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? But what would happen if someone figured out to how to hack electricity demand?

IoT

IoT Hacking Information Security Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Cryptocurrency Internet Internet

The Essential Guide to Radio Frequency Penetration Testing

Pen Test

OCTOBER 12, 2023

Introduction Radio Frequency (RF) penetration testing, popularly referred to as RF pentesting, stands as a vital domain within ethical hacking. In contemporary times, with the exponential growth of the Internet of Things (IoT), smart homes, connected cars, and wearable devices, the importance of RF pentesting has soared significantly.

Penetration Testing

Penetration Testing Wireless IoT Technology

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The protocol enables secure and low-cost data transfer. It is designed to address the limitations of current Internet infrastructure, which is centralized, inefficient, and vulnerable to censorship. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Malware

Malware Architecture Technology DDOS

New EwDoor Botnet is targeting AT&T customers

Security Affairs

NOVEMBER 30, 2021

Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor , that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. SecurityAffairs – hacking, EwDoor ). Pierluigi Paganini.

DDOS

DDOS Backups Engineering Encryption

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. To nominate, please visit:?.

Cybercrime

Cybercrime Education Accountability Phishing

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Security Affairs

JUNE 13, 2021

According to the experts, the BackdoorDiplomacy APT group has been active since at least 2017. The attack chain starts with exploits for vulnerable internet-exposed systems such as web servers and management interfaces for networking equipment. SecurityAffairs – hacking, APT). Pierluigi Paganini.

Telecommunications

Telecommunications Hacking Media Encryption

TrueBot infections were observed in Clop ransomware attacks

Security Affairs

DECEMBER 11, 2022

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). SecurityAffairs – hacking, TrueBot). The post TrueBot infections were observed in Clop ransomware attacks appeared first on Security Affairs.

Ransomware

Ransomware Malware Internet Internet

Russian Sandworm disrupts power in Ukraine with a new OT attack

Security Affairs

NOVEMBER 9, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The APT group was first observed in the victim’s environment in June 2022, at the time the attackers deployed the Neo-REGEORG webshell on an internet-facing server. ” continues the report.

Telecommunications

Telecommunications Hacking Technology Internet

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Security Affairs

FEBRUARY 17, 2021

The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

Software

Software Hacking Cyber Attacks Internet

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

Security Affairs

AUGUST 30, 2020

The US DoJ has filed a civil forfeiture complaint with the intent to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds which are the proceeds of hacking campaigns conducted by North Korea-linked APT groups against two cryptocurrency exchanges. SecurityAffairs – hacking, North Korea).

Cryptocurrency

Cryptocurrency Hacking Advertising Accountability

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Each of us have a responsibility to embrace best privacy and security practices.

Passwords

Passwords Password Management Antivirus Internet

Hacker is targeting DNA sequencer applications from Iranian IP address

Security Affairs

JUNE 17, 2019

The attackers are leveraging a still-unpatched zero-day vulnerability, tracked as CVE-2017-6526 , to gain full control over the targeted systems. The vulnerability in dnaLIMS was reported to the vendor in 2017, but it is still unpatched. SecurityAffairs – DNA sequencer applications, hacking). IP address that is located in Iran.

DDOS

DDOS Advertising IoT Marketing

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. SecurityAffairs – hacking, botnet). The post DirtyMoe modules expand the bot using worm-like techniques appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Passwords DDOS Internet

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

Spyware

Spyware Surveillance Mobile Education

Microsoft revised CVE-2022-37958 severity due to its broader scope

Security Affairs

DECEMBER 15, 2022

Unlike the CVE-2017-0144 flaw triggered by the EternalBlue exploit, which only affected the SMB protocol, the CVE-2022-37958 flaw could potentially affect a wider range of Windows systems due to a larger attack surface of services exposed to the public internet (HTTP, RDP, SMB) or on internal networks. Pierluigi Paganini.

Authentication

Authentication Internet Internet Hacking

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

OCTOBER 20, 2022

Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar which notified the IT giant on September 24, 2022. The exposed data are dated from 2017 to August 2022.

Authentication

Authentication Internet Internet Hacking

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

As a result, the darkweb marketplace was shut down in 2017 by the BKA also arrested its operator and sentenced him to seven years in prison in 2018. The accused is suspected of operating a criminal trading platform on the Internet in accordance with Section 127 of the Criminal Code.” ” continues the announcement.

Marketing

Marketing Cybercrime Mobile Internet

US DoJ announced to have shut down the Russian RSOCKS Botnet

Security Affairs

JUNE 18, 2022

Department of Justice, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world.” SecurityAffairs – hacking, RSOCKS). ” continues DoJ.

Computers and Electronics

Computers and Electronics Internet Internet Manufacturing

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

ransomware, that was first spotted in late 2017 and was available for sale on the open market as of August 2018. Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. SecurityAffairs – hacking, ransomware).

Healthcare

Healthcare Ransomware Cybercrime Advertising

FBI warns of an increase in online romance scams

Security Affairs

AUGUST 29, 2020

“According to the FBI’s Internet Crime Complaint Center (IC3), which provides the public with a means of reporting Internet-facilitated crimes, romance scams result in greater financial losses to victims when compared to other online crimes.” SecurityAffairs – hacking, romance scams). Pierluigi Paganini.

Scams

Scams Internet Internet Advertising

APT37 used Internet Explorer Zero-Day in a recent campaign

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

Trending Sources

Russian internet watchdog Roskomnadzor bans six more VPN services

Webinars

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Hackers claim to have compromised 50,000 home cameras and posted footage online

PurpleFox malware infected at least 2,000 computers in Ukraine

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Source code of Dharma ransomware now surfacing on public hacking forums

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

TheMoon bot infected 40,000 devices in January and February

Telstra Telecom discloses data breach impacting former and current employees

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Meet the Administrators of the RSOCKS Proxy Botnet

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Emsisoft releases free SynAck ransomware decryptor

A new Zerobot variant spreads by exploiting Apache flaws

Mercedes-Benz data breach impacted roughly 1000 individuals

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Developer of DDoS Mirai based botnets sentenced to prison

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

The Essential Guide to Radio Frequency Penetration Testing

New NKAbuse malware abuses NKN decentralized P2P network protocol

New EwDoor Botnet is targeting AT&T customers

FBI: Compromised US academic credentials available on various cybercrime forums

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

TrueBot infections were observed in Clop ransomware attacks

Russian Sandworm disrupts power in Ukraine with a new OT attack

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Hacker is targeting DNA sequencer applications from Iranian IP address

DirtyMoe modules expand the bot using worm-like techniques

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Microsoft revised CVE-2022-37958 severity due to its broader scope

BlueBleed: Microsoft confirmed data leak exposing customers’ info

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

US DoJ announced to have shut down the Russian RSOCKS Botnet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

FBI warns of an increase in online romance scams

Stay Connected