2017, Hacking, Internet and Passwords - Cyber Security Informer

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. Compounding the confusion, on Sept.

Hacking

Hacking Identity Theft Government Phishing

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking

Hacking Social Engineering Phishing Scams

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

AUGUST 17, 2023

The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. Various 16Shop lures for Apple users in different languages. Image: Akamai.

Phishing

Phishing Passwords Internet Internet

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

The researchers believe that the Turkey-linked APT Sea Turtle has been active since at least 2017. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Create and enforce a password policy with adequate complexity requirements for specific accounts. Enable 2FA on all externally exposed accounts.

Media

Media Accountability Telecommunications Government

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware

Malware Internet Internet DDOS

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. This quickly gets intricately technical.

Hacking

Hacking Energy and Utilities System Administration Accountability

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. ” reads the advisory published by the CERT-UA. “Note (!) .’ “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. “Clips from the hacked footage have been uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore.” ” reported The New Paper.”

IoT

IoT Internet Internet Hacking

$10M Is Yours If You Can Get This Guy to Leave Russia

Krebs on Security

MAY 4, 2023

” In February 2005, Nordex posted to Mazafaka that he was in the market for hacked bank accounts, and offered 50 percent of the take. In 2017, U.S. That Bankir account was registered from the Internet address 193.27.237.66 com account created from that same Internet address under the username “Polkas.”

Marketing

Marketing Cybercrime Accountability Cryptocurrency

SEC Sanctions Several Companies over Email Account Hacking

Hacker Combat

SEPTEMBER 6, 2021

A statement from the SEC read as follows: “According to SEC, it has penalized eight companies in three actions for negligence of their cyber protection guidelines and procedures that stimulated email account hacks exposing personal data of numerous clients and customers in each firm.” . Often, hackers use phishing emails to target employees.

Accountability

Accountability Hacking Financial Services Data breaches

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service. The list includes the IP address, username and password for the Telnet service for each device. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. Once compromised the system, the attacker can execute arbitrary commands on the infected device, experts noticed that the bot could target Windows hosts on both the internet and intranet.

DDOS

DDOS Malware Advertising Passwords

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Ensure secure configurations for devices: Change the default password to a strong one, and block SSH from external access.

IoT

IoT DDOS Malware Firmware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked.

Ransomware

Ransomware Hacking Encryption Penetration Testing

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. Pierluigi Paganini.

DNS

DNS Cryptocurrency Internet Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Use a password manager. percent, according to tech consultancy Gartner.

Passwords

Passwords Password Management Antivirus Internet

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. Verified was hacked at least twice in the past five years, and its user database posted online. com (2017).

Ransomware

Ransomware Passwords Accountability Cybercrime

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts. In May 2021, over 36,000 email and password combinations for.edu email accounts were offered for sale on a publically available instant messaging platform. SecurityAffairs – hacking, FBI). ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

GAO report reveals new Pentagon weapon systems vulnerable to hack

Security Affairs

OCTOBER 10, 2018

According to a new report published by the Government Accountability Office (GAO) almost any new weapon systems in the arsenal of the Pentagon is vulnerable to hack. GAO experts found several major security issued in the Pentagon arsenal, including easy-to-guess passwords, or weapon system still using factory settings.

Hacking

Hacking Passwords Password Management Advertising

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

We learned, for instance, that even IT pros could use a refresher on basic password hygiene through security awareness training. Firewalls embed threat intelligence and DNS security solutions are used to both block malware and control internet use. In fact, other than the infamous CC Cleaner hack of 2017, in which more than 2.3

Hacking

Hacking DNS Firewall Malware

The Data Breach "Personal Stash" Ecosystem

Troy Hunt

JANUARY 29, 2024

The data of a significant portion of the global internet-using population, just freely flowing backwards and forwards not just in the shady corners of "the dark web" but traded out there in the clear on mainstream websites.

Data breaches

Data breaches Passwords Advertising Personal Security

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. It also had organizations’ tax numbers.

Ransomware

Ransomware Passwords Encryption Identity Theft

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. SecurityAffairs – hacking, botnet). Now Avast researchers provided details of a DirtyMoe module that uses worm-like techniques to allow the threat to spread without user interaction.

Malware

Malware Passwords DDOS Internet

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

MyEquifax.com Bypasses Credit Freeze PIN

Krebs on Security

MARCH 8, 2019

In the wake of Equifax’s epic 2017 data breach impacting some 148 million Americans, many people did freeze their credit files at the big three in response. The portal asked me for an email address and suggested a longish, randomized password, which I accepted. Consumers in every U.S. Getting an account at myequifax.com was easy.

Accountability

Accountability Identity Theft Authentication Passwords

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

First identified in 2017 by the security firm Deep Instinct , Mylobot employs a number of fairly sophisticated methods to remain undetected on infected hosts, such as running exclusively in the computer’s temporary memory, and waiting 14 days before attempting to contact the botnet’s command and control servers.

Accountability

Accountability Advertising Marketing Malware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Breaking the Ice on DICE: scaling secure Internet of Things Identities

The Security Ledger

JULY 26, 2018

» Related Stories Expert says: Hack your Smart Home to Secure It Fitness apps: Good for your health, not so much for military security Mobile, automation-industry leaders promote two new IoT security efforts. Among them: establishing strong device. Read the whole entry. »

Internet

Internet Internet IoT Architecture

Chaining three critical vulnerabilities allows takeover of D-Link routers

Security Affairs

OCTOBER 17, 2018

The flaws are a Directory Traversal (CVE-2018-10822), Password stored in plaintext (CVE-2018-10824), and a Shell command injection (CVE-2018-10823). The issue was initially reported to D-Link as CVE-2017-6190, but the vendor did not correctly fix the flaw. Security Affairs – D-Link, hacking ). Pierluigi Paganini.

Passwords

Passwords Advertising Internet Internet

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

From that story: “The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. For those who can’t be convinced to use a password manager, even writing down all of the account details and passwords on a slip of paper can be helpful, provided the document is secured in a safe place.

Accountability

Accountability Mobile Banking Passwords

Hanging Up on Mobile in the Name of Security

Krebs on Security

AUGUST 16, 2018

Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication. On June 11, 2017, Terpin’s phone went dead.

Mobile

Mobile Cryptocurrency Accountability Authentication

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

.” But critics say WebMonitor is far more likely to be deployed on “pwned” devices, or those that are surreptitiously hacked. court to computer hacking and to creating, marketing and selling Blackshades , a RAT that was used to compromise and spy on hundreds of thousands of computers.

Advertising

Advertising Antivirus Software Malware

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

The malware is being distributed via large-scale COVID-19-themed spam campaigns, the messages use an RTF exploit targeting the CVE-2017-8570 Microsoft Office RCE to deliver the malicious payload. When it finds them, it launches an SSH brute force attack on these machines, with the username root and a hardcoded list of passwords.”

Malware

Malware Authentication Passwords Internet

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. SecurityAffairs – hacking, EnemyBot). The botnet implements multiple obfuscation techniques to avoid detection and hides C2 on the Tor network. LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017.

IoT

IoT DDOS Internet Internet

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare. And hackers linked to the Russian government were reportedly behind the Triton hack of 2017 , as well, as disclosed by security vendor FireEye. The Saudis aren’t known for being transparent.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017. In 2017 there were ten times more than in 2016. Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan.

IoT

IoT Passwords Malware Advertising

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

According to Constella Intelligence , a data breach and threat actor research platform, a user named Semen7907 registered in 2017 on the Russian-language programming forum pawno[.]ru Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 ru using the email address tretyakov-files@yandex.ru.

Ransomware

Ransomware Accountability Cybercrime Backups

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

When Low-Tech Hacks Cause High-Impact Breaches

Webinars

Trending Sources

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

Karma Catches Up to Global Phishing Service 16Shop

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

PurpleFox malware infected at least 2,000 computers in Ukraine

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

TP-Link Archer routers allow remote takeover without passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Hackers claim to have compromised 50,000 home cameras and posted footage online

$10M Is Yours If You Can Get This Guy to Leave Russia

SEC Sanctions Several Companies over Email Account Hacking

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

New Lucifer DDoS botnet targets Windows systems with multiple exploits

A new Zerobot variant spreads by exploiting Apache flaws

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Who Is the Network Access Broker ‘Babam’?

FBI: Compromised US academic credentials available on various cybercrime forums

GAO report reveals new Pentagon weapon systems vulnerable to hack

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

The Data Breach "Personal Stash" Ecosystem

Developer of DDoS Mirai based botnets sentenced to prison

Harvard Business Publishing licensee hit by ransomware

DirtyMoe modules expand the bot using worm-like techniques

Experian, You Have Some Explaining to Do

MyEquifax.com Bypasses Credit Freeze PIN

A Deep Dive Into the Residential Proxy Service ‘911’

China-linked threat actors have breached telcos and network service providers

Who’s Behind the Botnet-Based Service BHProxies?

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Breaking the Ice on DICE: scaling secure Internet of Things Identities

Chaining three critical vulnerabilities allows takeover of D-Link routers

Why & Where You Should You Plant Your Flag

Hanging Up on Mobile in the Name of Security

Who’s Behind the RevCode WebMonitor RAT?

Lemon_Duck cryptomining malware evolves to target Linux devices

EnemyBot malware adds new exploits to target CMS servers and Android devices

Creator of multiple IoT botnets, including Satori, pleaded guilty

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Evolution of threat landscape for IoT devices – H1 2018

A Closer Look at the Snatch Data Ransom Group

Stay Connected