2017, Information Security and Internet

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? Related posts: My RSA 2017 Recap. The Real Internet of Things: Details and Examples.

Authentication

Authentication Passwords Internet Internet

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN

VPN Internet Internet Media

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft , Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128 , in attacks aimed at South Korean users.

Internet

Internet Internet Engineering Malware

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches

Data breaches Technology Software Accountability

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Microsoft now spotted the subgroup compromising multiple Internet-facing infrastructures to enable Seashell Blizzard APT group to maintain persistence in the networks of high-value targets and support tailored network operations.

Telecommunications

Telecommunications DNS Passwords Hacking

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru “Thanks to you, we are now developing in the field of information security and anonymity!,” The employees who kept things running for RSOCKS, circa 2016.

Advertising

Advertising Cybercrime System Administration Hacking

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

“As worrying as it may seem, this comes as a clear reminder that when cameras are placed on the internet, they must be properly installed with security in mind. When smart devices are set up, they are still regularly placed around the home with no second thought for privacy,” said ESET Security Specialist Jake Moore.

IoT

IoT Internet Internet Hacking

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Security Affairs

JANUARY 22, 2025

Tbps UDP DDoS attack against a Cloudflare Magic Transit customer, an Internet service provider (ISP) from Eastern Asia. This botnet also uses some existing exploits ( CVE-2024-7029 , CVE-2017-17215 ) to download the next-stage payloads. Mirai malware, here dubbed as Murdoc Botnet, is a prominent malware family for *nix systems.

DDOS

DDOS Malware Internet Internet

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464.

DDOS

DDOS Malware Advertising Passwords

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.” ” That was Bruce’s response at a conference hosted by U.S.

Software

Software Cybersecurity Backups Manufacturing

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them. .

IoT

IoT DDOS InfoSec Internet

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Internet Internet

Mercedes-Benz data breach impacted roughly 1000 individuals

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017.

Data breaches

Data breaches Internet Internet Engineering

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 29, 2025

Thousands of internet-facing applications are potentially at risk. The experts noticed that the activity resembles past exploitation of CVE-2017-9844, but due to patched systems, analysts assess with high confidence that an unreported RFI flaw in SAP NetWeaver is being used. concludes the report.

VPN

VPN Risk Hacking Internet

SAP NetWeaver zero-day allegedly exploited by an initial access broker

Security Affairs

APRIL 25, 2025

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Thousands of internet-facing applications are potentially at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited.

VPN

VPN Internet Internet Risk

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN

VPN Software Internet Internet

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Malware Internet Internet

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. The gang has now rebranded as the new El_Cometa group. Pierluigi Paganini.

Ransomware

Ransomware Encryption Authentication Internet

Hacker is targeting DNA sequencer applications from Iranian IP address

Security Affairs

JUNE 17, 2019

The attackers are leveraging a still-unpatched zero-day vulnerability, tracked as CVE-2017-6526 , to gain full control over the targeted systems. The vulnerability in dnaLIMS was reported to the vendor in 2017, but it is still unpatched. The attacks were originated from the 2.176.78.42 IP address that is located in Iran.

DDOS

DDOS Advertising IoT Marketing

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware

Malware Internet Internet DDOS

New EwDoor Botnet is targeting AT&T customers

Security Affairs

NOVEMBER 30, 2021

Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor , that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. ” reads the analysis published by Qihoo 360.

DDOS

DDOS Backups Engineering Encryption

FBI warns of an increase in online romance scams

Security Affairs

AUGUST 29, 2020

“According to the FBI’s Internet Crime Complaint Center (IC3), which provides the public with a means of reporting Internet-facilitated crimes, romance scams result in greater financial losses to victims when compared to other online crimes.” ” reads the alert published by the FBI.

Scams

Scams Internet Internet Advertising

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

A survey of local media reports by Recorded Future tallied 38 ransomware attacks against cities in 2017, rising to 53 attacks in 2018. However, the operational imperatives in today’s world of internet-centric commerce often boil down to survival math, especially for SMBs. mayors attending the U.S. The median was $10,310.

Ransomware

Ransomware Internet Internet Hacking

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. to several other organisations.

Data breaches

Data breaches Telecommunications Accountability Information Security

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking

Hacking Accountability Data breaches Marketing

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017.

IoT

IoT DDOS Internet Internet

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

The Real Internet of Things, January 2017. Specifically, instead of starting with tech and seeing where it’s going, I’m starting with humans and what they seek, need, and desire. In other words, I think we can predict the future of technology through a strong understanding of what humans ultimately want as a species.

Surveillance

Surveillance Government Education Engineering

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country. All mobile communications and internet access were temporarily interrupted.

Mobile

Mobile Telecommunications Cyber Attacks Internet

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Security Affairs

JUNE 13, 2021

According to the experts, the BackdoorDiplomacy APT group has been active since at least 2017. The attack chain starts with exploits for vulnerable internet-exposed systems such as web servers and management interfaces for networking equipment.

Telecommunications

Telecommunications Hacking Media Encryption

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

NSA and ASD issue a report warning of web shells deployments

Security Affairs

APRIL 24, 2020

Attackers frequently chain together web shells on multiple compromised systems to route traffic across networks, such as from internet-facing systems to internal networks” reads the document. Web shells can serve as persistent backdoors or as relay nodes to route attacker commands to other systems.

Advertising

Advertising Malware Software Cybersecurity

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

Security Affairs

APRIL 6, 2020

Over 8,800 internet traffic routes from more than 200 networks were impacted for about an hour. “Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. Google, Facebook, Apple, and Microsoft) through a previously unknown Russian Internet provider.

Internet

Internet Internet Advertising Telecommunications

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. “Note (!) .’ “Note (!) ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

Operators behind Dark Caracal are still alive and operational

Security Affairs

NOVEMBER 29, 2020

The Bandook was spotted last time in 2015 and 2017 campaigns, dubbed “ Operation Manul ” and “ Dark Caracal “, respectively attributed to Kazakh and the Lebanese governments. Samples from the Dark Caracal campaign (2017) utilized around 100 commands, compared to the current 120 command version we analyzed. ” Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Malware Government Healthcare

Top 5 Cybersecurity and Computer Threats of 2017

NopSec

FEBRUARY 9, 2017

As we look forward into 2017 cyber attacks , information security teams have to think like hackers in order to stay ahead of the challenges to come. For more information on preventing damage from ransomware, see our white paper.) Based on 2016’s trends, we expect in 2017 to see more frequent and severe DDoS incidents.

Cybersecurity

Cybersecurity DDOS IoT Social Engineering

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

ransomware, that was first spotted in late 2017 and was available for sale on the open market as of August 2018. Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Top Cybersecurity Trends for 2017

Spinone

NOVEMBER 15, 2016

Information Technology research and advisory company, Gartner, presented its top predictions for the cybersecurity industry for 2017 earlier this year. Previously Separate Security Policies Must Overlap and Converge Information security, IT security, and physical security are no longer separate concepts.

Cybersecurity

Cybersecurity Software Internet Internet

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT

IoT Cybercrime Internet Internet

CASMM (The Consumer Authentication Strength Maturity Model)

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Trending Sources

Russian internet watchdog Roskomnadzor bans six more VPN services

APT37 used Internet Explorer Zero-Day in a recent campaign

Data Enrichment, People Data Labs and Another 622M Email Addresses

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Meet the Administrators of the RSOCKS Proxy Botnet

Hackers claim to have compromised 50,000 home cameras and posted footage online

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Vulnerabilities in Weapons Systems

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Mercedes-Benz data breach impacted roughly 1000 individuals

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

SAP NetWeaver zero-day allegedly exploited by an initial access broker

Developer of DDoS Mirai based botnets sentenced to prison

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Emsisoft releases free SynAck ransomware decryptor

Hacker is targeting DNA sequencer applications from Iranian IP address

PurpleFox malware infected at least 2,000 computers in Ukraine

New EwDoor Botnet is targeting AT&T customers

FBI warns of an increase in online romance scams

Scanning for Flaws, Scoring for Security

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

Telstra Telecom discloses data breach impacting former and current employees

A new Zerobot variant spreads by exploiting Apache flaws

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Creator of multiple IoT botnets, including Satori, pleaded guilty

FBI: Compromised US academic credentials available on various cybercrime forums

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

NSA and ASD issue a report warning of web shells deployments

Russian telco Rostelecom hijacks traffic for IT giants, including Google, Amazon and Facebook

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Operators behind Dark Caracal are still alive and operational

Top 5 Cybersecurity and Computer Threats of 2017

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Top Cybersecurity Trends for 2017

TheMoon bot infected 40,000 devices in January and February

Stay Connected