2017, Information Security and Internet

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft , Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128 , in attacks aimed at South Korean users.

Internet

Internet Internet Engineering Malware

Russian internet watchdog Roskomnadzor bans six more VPN services

Security Affairs

DECEMBER 2, 2021

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia. Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

VPN

VPN Internet Internet Media

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? Related posts: My RSA 2017 Recap. The Real Internet of Things: Details and Examples.

Authentication

Authentication Passwords Internet Internet

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware

Malware Internet Internet DDOS

Telstra Telecom discloses data breach impacting former and current employees

Security Affairs

OCTOBER 5, 2022

Narelle Devine, the company’s chief information security officer for the Asia Pacific region, added that no customer account information was stored on the third-party platform. It seems that the security breach also impacted other companies. to several other organisations.

Data breaches

Data breaches Telecommunications Accountability Information Security

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The activity of the TheMoon botnet was first spotted in 2014, and since 2017 its operators added to the code of the bot at least 6 IoT device exploits. The researchers believe that the malware connects the NTP to verify the infected device’s internet connection and confirm it is not operating within a sandbox environment.

IoT

IoT Cybercrime Internet Internet

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

“As worrying as it may seem, this comes as a clear reminder that when cameras are placed on the internet, they must be properly installed with security in mind. When smart devices are set up, they are still regularly placed around the home with no second thought for privacy,” said ESET Security Specialist Jake Moore.

IoT

IoT Internet Internet Hacking

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464.

DDOS

DDOS Malware Advertising Passwords

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The Kyivstar mobile network serves about 26 million mobile customers and more than 1 million broadband fixed internet customers in the country. All mobile communications and internet access were temporarily interrupted.

Mobile

Mobile Telecommunications Cyber Attacks Internet

The Essential Guide to Radio Frequency Penetration Testing

Pen Test

OCTOBER 12, 2023

In contemporary times, with the exponential growth of the Internet of Things (IoT), smart homes, connected cars, and wearable devices, the importance of RF pentesting has soared significantly. It encompasses a range of electromagnetic radio waves utilized for wireless information transmission.

Penetration Testing

Penetration Testing Wireless IoT Technology

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

AUGUST 20, 2021

The master decryption keys work for victims that were infected between July 2017 and early 2021. The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”. The gang has now rebranded as the new El_Cometa group. Pierluigi Paganini.

Ransomware

Ransomware Encryption Authentication Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity as DEV-1061. “Since the release of Zerobot 1.1,

IoT

IoT DDOS Malware Firmware

Mercedes-Benz data breach impacted roughly 1000 individuals

Security Affairs

JUNE 26, 2021

million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017.

Data breaches

Data breaches Internet Internet Engineering

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own. i speak at conferences around the world and run workshops on how to build more secure software within organisations.

Data breaches

Data breaches Technology Software Accountability

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them. .

IoT

IoT DDOS InfoSec Internet

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. “Note (!) .’ “Note (!) ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Security Affairs

FEBRUARY 15, 2021

The French security agency ANSSI is warming of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

VPN

VPN Software Internet Internet

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru “Thanks to you, we are now developing in the field of information security and anonymity!,” The employees who kept things running for RSOCKS, circa 2016.

Advertising

Advertising Cybercrime System Administration Hacking

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Cryptocurrency Internet Internet

New EwDoor Botnet is targeting AT&T customers

Security Affairs

NOVEMBER 30, 2021

Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor , that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. ” reads the analysis published by Qihoo 360.

DDOS

DDOS Backups Engineering Encryption

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Hacker is targeting DNA sequencer applications from Iranian IP address

Security Affairs

JUNE 17, 2019

The attackers are leveraging a still-unpatched zero-day vulnerability, tracked as CVE-2017-6526 , to gain full control over the targeted systems. The vulnerability in dnaLIMS was reported to the vendor in 2017, but it is still unpatched. The attacks were originated from the 2.176.78.42 IP address that is located in Iran.

DDOS

DDOS Advertising IoT Marketing

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The protocol enables secure and low-cost data transfer. It is designed to address the limitations of current Internet infrastructure, which is centralized, inefficient, and vulnerable to censorship. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware

Malware Architecture Technology DDOS

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Antivirus Internet

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Now Avast researchers provided details of a DirtyMoe module that uses worm-like techniques to allow the threat to spread without user interaction.

Malware

Malware Passwords DDOS Internet

TrueBot infections were observed in Clop ransomware attacks

Security Affairs

DECEMBER 11, 2022

Truebot has been active since 2017 and some researchers linked it to the Silence Group , while a recent investigation linked it to threat actor TA505 (aka Evil Corp). Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques.

Ransomware

Ransomware Malware Internet Internet

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Security Affairs

JUNE 13, 2021

According to the experts, the BackdoorDiplomacy APT group has been active since at least 2017. The attack chain starts with exploits for vulnerable internet-exposed systems such as web servers and management interfaces for networking equipment.

Telecommunications

Telecommunications Hacking Media Encryption

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.

Hacking

Hacking Accountability Data breaches Marketing

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017.

IoT

IoT DDOS Internet Internet

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

Security Affairs

FEBRUARY 17, 2021

The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back to the end of 2017 and the campaign continued until 2020.

Software

Software Hacking Cyber Attacks Internet

FBI warns of an increase in online romance scams

Security Affairs

AUGUST 29, 2020

“According to the FBI’s Internet Crime Complaint Center (IC3), which provides the public with a means of reporting Internet-facilitated crimes, romance scams result in greater financial losses to victims when compared to other online crimes.” ” reads the alert published by the FBI.

Scams

Scams Internet Internet Advertising

Russia-linked Cyclops Blink botnet targeting ASUS routers

Security Affairs

MARCH 18, 2022

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017, causing billions worth of damage. Experts warn of an increase of IoT attacks on a global scale, making internet routers one of the primary targets. ” reads the advisory published by TrendMicro.

IoT

IoT Firewall Malware Internet

Microsoft revised CVE-2022-37958 severity due to its broader scope

Security Affairs

DECEMBER 15, 2022

Unlike the CVE-2017-0144 flaw triggered by the EternalBlue exploit, which only affected the SMB protocol, the CVE-2022-37958 flaw could potentially affect a wider range of Windows systems due to a larger attack surface of services exposed to the public internet (HTTP, RDP, SMB) or on internal networks.

Authentication

Authentication Internet Internet Hacking

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7 LFI CVE-2018-16763 Fuel CMS 1.4.1

Malware

Malware DDOS IoT Cybercrime

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

OCTOBER 20, 2022

Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server. The data leak was discovered by the security threat intelligence firm SOCRadar which notified the IT giant on September 24, 2022. The exposed data are dated from 2017 to August 2022.

Authentication

Authentication Internet Internet Hacking

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Security Affairs

OCTOBER 30, 2022

As a result, the darkweb marketplace was shut down in 2017 by the BKA also arrested its operator and sentenced him to seven years in prison in 2018. The accused is suspected of operating a criminal trading platform on the Internet in accordance with Section 127 of the Criminal Code.” ” continues the announcement.

Marketing

Marketing Cybercrime Mobile Internet

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. About the author: Salvatore Lombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 CVE-2017-18368 ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3

IoT

IoT Firmware Malware Wireless

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Siemens Metaverse, a virtual space built to mirror real machines, factories, and other highly complex systems, has exposed sensitive data, including the company’s office plans and internet of things (IoT) devices. The most worrying discovery was that of exposed office management platform ComfyApp user credentials.

Manufacturing

Manufacturing IoT Technology Authentication

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

ransomware, that was first spotted in late 2017 and was available for sale on the open market as of August 2018. Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices.

Healthcare

Healthcare Ransomware Cybercrime DNS

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. “I’ve never seen this volume of phishing,” Rogers told Reuters. “I

Cybersecurity

Cybersecurity Cyber threats Government Phishing

APT37 used Internet Explorer Zero-Day in a recent campaign

Russian internet watchdog Roskomnadzor bans six more VPN services

Trending Sources

CASMM (The Consumer Authentication Strength Maturity Model)

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

PurpleFox malware infected at least 2,000 computers in Ukraine

Telstra Telecom discloses data breach impacting former and current employees

TheMoon bot infected 40,000 devices in January and February

Hackers claim to have compromised 50,000 home cameras and posted footage online

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

The Essential Guide to Radio Frequency Penetration Testing

Emsisoft releases free SynAck ransomware decryptor

A new Zerobot variant spreads by exploiting Apache flaws

Mercedes-Benz data breach impacted roughly 1000 individuals

Data Enrichment, People Data Labs and Another 622M Email Addresses

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

Meet the Administrators of the RSOCKS Proxy Botnet

Developer of DDoS Mirai based botnets sentenced to prison

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

New EwDoor Botnet is targeting AT&T customers

FBI: Compromised US academic credentials available on various cybercrime forums

Hacker is targeting DNA sequencer applications from Iranian IP address

New NKAbuse malware abuses NKN decentralized P2P network protocol

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

DirtyMoe modules expand the bot using worm-like techniques

TrueBot infections were observed in Clop ransomware attacks

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Creator of multiple IoT botnets, including Satori, pleaded guilty

Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

FBI warns of an increase in online romance scams

Russia-linked Cyclops Blink botnet targeting ASUS routers

Microsoft revised CVE-2022-37958 severity due to its broader scope

EnemyBot malware adds new exploits to target CMS servers and Android devices

BlueBleed: Microsoft confirmed data leak exposing customers’ info

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

German BKA arrested the alleged operator of Deutschland im Deep Web darknet market

Wannacry, the hybrid malware that brought the world to its knees

BotenaGo botnet targets millions of IoT devices using 33 exploits

Siemens Metaverse exposes sensitive corporate data

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Stay Connected