Security Affairs

APRIL 2, 2025

In July 2017, Dr.Web researchers discovered many smartphonemodels were shipped with the dreaded Triada trojan such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. Researchers at Dr.Web discovered the Triada Trojan pre-installed on newly shipped devices of several minor brands, including Advan, Cherry Mobile, Doogee, and Leagoo.

Malware 118

Malware Cryptocurrency Mobile Firmware 118

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. CVE-2024-57968 allows remote authenticated users to upload files to unintended folders, while CVE-2025-25181 is an SQL injection flaw enabling remote SQL execution (no patch available).

Manufacturing 108

Manufacturing Cybercrime Passwords Authentication 108

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom.

Architecture 106

Architecture Internet Internet Malware 106

Veracode Security

FEBRUARY 17, 2022

Injection flaws were the number one flaw category under the OWASP 2017, and, currently, injection flaws hold the number three spot in the OWASP 2021. SQL injection flaws have impacted every industry as well as enterprises that already have a mature information security program in place. It can happen, and it can be catastrophic!

Authentication 136

Authentication Information Security 136

Security Affairs

FEBRUARY 7, 2021

The database includes a script named count_total.sh, which was also included in 2017’s Breach Compilation. Much like 2017’s Breach Compilation, COMB’s data is organized by alphabetical order in a tree-like structure, and it contains the same scripts for querying emails and passwords. COMB also includes the query.sh

Passwords 144

Passwords Hacking Accountability Banking 144

Security Affairs

FEBRUARY 11, 2022

Below is the list of the vulnerabilities added to the catalog: CVE ID Description Patch Deadline CVE-2021-36934 Microsoft Windows SAM Local Privilege Escalation Vulnerability 2/24/2022 CVE-2020-0796 Microsoft SMBv3 Remote Code Execution Vulnerability 8/10/2022 CVE-2018-1000861 Jenkins Stapler Web Framework Deserialization of Untrusted Data 8/10/2022 (..)

IoT 138

IoT Accountability Authentication Hacking 138

Schneier on Security

AUGUST 8, 2022

In 2017, NIST received eighty-two post-quantum algorithm submissions from all over the world. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Then, with input from the cryptographic community, NIST crowns a winner.

Encryption 361

Encryption Architecture Engineering Information Security 361

Security Affairs

DECEMBER 12, 2024

The surveillance tool family has been active since 2017, the experts highlighted that it requires physical access to the target device to initiate operations. “EagleMsgSpy is a lawful intercept surveillance tool developed by a Chinese software development company with use by public security bureaus in mainland China.”

Surveillance 63

Surveillance Mobile Spyware Malware 63

Security Affairs

OCTOBER 16, 2024

More precise information was not revealed to TecMundo so as not to completely expose the attacker’s identity.” CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017. However, the Brazilian national turned into more complex cybercriminal activities by 2022.

Data breaches 124

Data breaches Media Cybercrime Accountability 124

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Seashell Blizzard (aka Sandworm , BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRUs Main Center for Special Technologies (GTsST).

Telecommunications 105

Telecommunications DNS Passwords Hacking 105

Security Affairs

JANUARY 21, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads.” . “Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. ” reads the advisory.

IoT 80

IoT Malware Hacking Cybercrime 80

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware 143

Ransomware Authentication Malware Hacking 143

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” ” That was Bruce’s response at a conference hosted by U.S.

Software 363

Software Cybersecurity Backups Manufacturing 363

Security Affairs

SEPTEMBER 16, 2022

We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” Latha Maripuri, Uber’s chief information security officer, told NYT via email. This is not the first time that the company suffered a security breach.

Hacking 143

Hacking Data breaches Information Security Engineering 143

Krebs on Security

JUNE 22, 2022

Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru “Thanks to you, we are now developing in the field of information security and anonymity!,” The employees who kept things running for RSOCKS, circa 2016.

Advertising 318

Advertising Cybercrime System Administration Hacking 318

Security Affairs

JUNE 20, 2022

The attack took place in April 2017 and the man is accused of conducting the attack for the Russian military intelligence service GRU. Kozachek hacked the computed of the NATO think tank in 2017 and installed a keylogger to spy on the organization. ” reported the Tagesschau website.

Hacking 144

Hacking Accountability Malware Cybersecurity 144

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking 240

Hacking Accountability Data breaches Marketing 240

Security Affairs

JANUARY 6, 2024

billion insurance claim for the losses caused by the NotPetya attack that took place in 2017. In August 2017, the pharmaceutical company revealed that the massive NotPetya cyberattack disrupted its worldwide operations. Merck filed a $1.4

Insurance 131

Insurance Manufacturing Ransomware Healthcare 131

Security Affairs

MARCH 30, 2021

In January 2018, White hackers from Google Project Zero disclosed vulnerabilities , affecting all modern Intel CPUs, dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). The issue could be exploited by attackers to steal sensitive data processed by the CPU.

Technology 143

Technology Malware Hacking Information Security 143

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Hacking 142

Hacking Firmware Mobile Penetration Testing 142

Security Affairs

NOVEMBER 23, 2024

Microsoft has tracked Nady, linked to phishing services since 2017. The PhaaS was created by “MRxC0DER,” previously associated with the “ Caffeine Phishing Kit.” The researchers were among the first to discover the real identity of identity of MRxC0DER.

Phishing 70

Phishing Cybercrime Financial Services Media 70

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication 70

Authentication Hacking Software Information Security 70

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Malware 136

Malware Cryptocurrency Ransomware Hacking 136

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN 132

VPN Software Internet Internet 132

Security Affairs

MARCH 11, 2025

The file exploits a Microsoft Office Memory Corruption flaw, tracked as CVE-2017-11882 , to run a malicious shellcode and initiate a multi-level infection process. Its basic infection method is the use of an old Microsoft Office vulnerability, CVE-2017-11882 , which once again emphasizes the critical importance of installing security patches.”

Malware 66

Malware Government Phishing Hacking 66

Security Affairs

FEBRUARY 24, 2022

CISA, the FBI, the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the NSA, and law enforcement agencies have published a joint advisory on new malware used by Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros ) in attacks aimed at critical infrastructure worldwide.

Telecommunications 145

Telecommunications Malware Government Hacking 145

Security Affairs

AUGUST 11, 2023

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. Zyxel addressed the vulnerability in 2017 with the release of new firmware, however, the vendor warned that a Gafgyt variant was exploiting the flaw in 2019.

Firmware 98

Firmware Hacking Cybercrime Information Security 98

Security Affairs

JANUARY 22, 2025

This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads. Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems. It mainly targets vulnerable AVTECH and Huawei devices. reads the advisory.

DDOS 67

DDOS Malware Internet Internet 67

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption 123

Encryption Antivirus Malware Hacking 123

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017.

Data breaches 143

Data breaches Internet Internet Engineering 143

Security Affairs

APRIL 21, 2025

. “The threat actor also used other means to distribute the malware, such as attaching the same file to emails and exploiting the Microsoft Office Equation Editor vulnerability (CVE-2017-11882) [1].” In the final stage, the attackers deployed KimaLogger or RandomQuery keyloggers to record keystrokes.

Phishing 76

Phishing Malware Security Intelligence Hacking 76

Security Affairs

JANUARY 2, 2022

Year Total Money Lost ($) Year Increase In Money Lost (%) 2021 4,250,000,000 2020 – 2021 185% 2020 1,490,000,000 2019 – 2020 -57% 2019 3,500,156,000 2018 – 2019 259% 2018 974,000,000 2017 – 2018 51% 2017 645,901,000 2016 – 2017 341% 2016 146,509,000 2015 – 2016 -64%. The top 5 breaches in history are: 1. Gox, $615M.

Cryptocurrency 116

Cryptocurrency Scams Marketing Hacking 116

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” ” reads the press release published by DoJ.

Cryptocurrency 126

Cryptocurrency Spyware Cybercrime Hacking 126

Security Affairs

JUNE 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2017-3506 (CVSS score 7.4), is an OS command injection. The vulnerability resides in the Oracle WebLogic Server component of Oracle Fusion Middleware.

Hacking 131

Hacking Risk Cybersecurity Information Security 131

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Cyber Risk 250

Cyber Risk Energy and Utilities Risk Marketing 250

Security Affairs

SEPTEMBER 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. ” Attackers can exploit the flaw to take over websites running the widely used image-enhancing app.

Hacking 123

Hacking Cybersecurity Software Risk 123

Security Affairs

SEPTEMBER 24, 2023

The man was extradited from Canada to the United States on April 12, 2023. “According to his plea agreement, from February 2017 until at least July 2017, Simon-Ebo conspired with others to perpetrate a BEC scheme.” According to the US authorities, fraudulent activities caused losses of more than $6 million to the victims.

Accountability 135

Accountability Banking Hacking Cybercrime 135