2017, Information Security, Internet and Passwords

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? Related posts: My RSA 2017 Recap. The Real Internet of Things: Details and Examples.

Authentication

Authentication Passwords Internet Internet

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

. “As part of a detailed study of the cyber threat, a study of the received samples of malicious programs was conducted, the peculiarities of the functioning of the management server infrastructure were established, and more than 2,000 affected computers were identified in the Ukrainian segment of the Internet.”

Malware

Malware Internet Internet DDOS

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Use a password manager. percent, according to tech consultancy Gartner.

Passwords

Passwords Password Management Antivirus Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Sandworm were observed targeting open ports and unprotected RDP or SSH interfaces to gain access to the internet-facing systems. “Note (!) .’ “Note (!) ” reads the advisory.

Telecommunications

Telecommunications Authentication Data collection Passwords

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464. ” concludes the report.

DDOS

DDOS Malware Advertising Passwords

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS

DNS Cryptocurrency Internet Internet

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Internet Internet Hacking

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. Dangerous leak.

Ransomware

Ransomware Passwords Encryption Identity Theft

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Now Avast researchers provided details of a DirtyMoe module that uses worm-like techniques to allow the threat to spread without user interaction.

Malware

Malware Passwords DDOS Internet

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017.

DDOS

DDOS IoT Advertising Internet

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

On August 2018, Schuchman has been indicted on federal computer hacking charges after rival hackers fingered him as the creator of a Mirai variant dubbed Satori that infected at least 500,000 internet routers around the word. Schuchman , Vamp, and Drake created the Satori botnet in between July and August 2017.

IoT

IoT DDOS Internet Internet

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The botnet implements multiple obfuscation techniques to avoid detection and hides C2 on the Tor network. The Enemybot botnet employs several methods to spread and targets other IoT devices.

Malware

Malware DDOS IoT Cybercrime

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute force attacks and to give defender monitoring systems opportunities to detect common attacks.

Passwords

Passwords Architecture Backups Cyber Attacks

Exposed: the threat actors who are poisoning Facebook

Security Affairs

MAY 26, 2022

Facebook has long been a happy hunting ground for online crooks, who take great pleasure in turning unwary members of the internet community into their prey. phishing scam on its Messenger service that had been doing the rounds since at least 2017. Inside a criminal stronghold.

Scams

Scams Phishing Media Passwords

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

.” In previous research, Kenin discovered similar flaws ( CVE-2017-5521 ) in at tens of models of Netgear routers that were potentially affecting over one million Netgear customers. “The username & password listed there are used by the user to connect to his/her ISP. ” continues the advisory. download=true.

DNS

DNS Passwords Authentication Wireless

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

This week, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. Install and update Security Counselor. Avoid using default ports (i.e.

Malware

Malware Advertising Passwords Manufacturing

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below).

IoT

IoT DDOS Architecture Passwords

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. .” The botnet implements multiple obfuscation techniques to avoid detection and hides C2 on the Tor network.

DDOS

DDOS Architecture Malware Cybercrime

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

In the OT attacks observed by IBM researchers, hackers attempted to exploit a combination of known ICS/SCADA vulnerabilities, as well as password-spraying attacks. In June 2019, experts from Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack was targeting electric utilities in the US and APAC.

Advertising

Advertising Malware IoT Technology

Cybercriminal greeners from Iran attack companies worldwide for financial gain

Security Affairs

AUGUST 24, 2020

All the affected organizations had hosts with Internet-facing RDP and weak credentials. It was revealed that the operators scanned ranges of IPs for hosts with Internet-facing RDP and weak credentials in Russia , Japan , China , and India. In some attacks, they attempted to elevate privileges using exploit for CVE-2017-0213.

Threat Detection

Threat Detection Ransomware Advertising Cybercrime

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked.

Ransomware

Ransomware Hacking Encryption Penetration Testing

QSnatch malware infected over 62,000 QNAP NAS Devices

Security Affairs

JULY 28, 2020

CGI password logger This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019.

Malware

Malware Firmware Advertising Manufacturing

NSA details top 25 flaws exploited by China-linked hackers

Security Affairs

OCTOBER 20, 2020

Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks.” This may lead to exposure of keys or passwords. ” reads the report.

Hacking

Hacking Advertising Software Internet

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

"You sort of sense that the discovery of flaws in SSL stacks is accelerating,” he said, “and so I was curious about [what] the current state of security was with regards to SSL stacks and I went and took a look.". He describes the events leading up to it in this 2017 podcast. Where would that information come from?

Encryption

Encryption Retail Software Banking

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

"You sort of sense that the discovery of flaws in SSL stacks is accelerating,” he said, “and so I was curious about [what] the current state of security was with regards to SSL stacks and I went and took a look.". He describes the events leading up to it in this 2017 podcast. Where would that information come from?

Encryption

Encryption Retail Software Banking

The Fuzzing Files: The Anatomy of a Heartbleed

ForAllSecure

JULY 28, 2020

"You sort of sense that the discovery of flaws in SSL stacks is accelerating,” he said, “and so I was curious about [what] the current state of security was with regards to SSL stacks and I went and took a look.". He describes the events leading up to it in this 2017 podcast. Where would that information come from?

Encryption

Encryption Retail Software Banking

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Security Affairs

JULY 10, 2019

Worse, the Internet, the rise of smartphones, and the culture of social media allow us to access these things from anywhere. Fortunately, there are options available to parents when it comes to controlling YouTube and Internet access. Don’t share passwords. Shockingly, 1 in 5 U.S. As a parent, that’s terrifying.

Internet

Internet Internet Media Accountability

Top 5 Cybersecurity and Computer Threats of 2017

NopSec

FEBRUARY 9, 2017

As we look forward into 2017 cyber attacks , information security teams have to think like hackers in order to stay ahead of the challenges to come. For more information on preventing damage from ransomware, see our white paper.) Based on 2016’s trends, we expect in 2017 to see more frequent and severe DDoS incidents.

Cybersecurity

Cybersecurity DDOS IoT Social Engineering

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

In this article we will learn how to address and effectively respond to major enterprise cybersecurity threats and provide tips to mitigate IT security risk. Today, c yber security incidents lead to significant damage, alarming organizations of all types and sizes in different geographic locations.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Security Affairs

JANUARY 12, 2024

Thus, Resecurity is specifically concerned that both foreign and domestic threat actors may exploit the sensitive personally identifying information (PII) of Indonesian voters obtained from various network intrusions to stage targeted information-warfare campaigns during the 2024 Indonesian election and beyond.

Identity Theft

Identity Theft Cyber threats Marketing Risk

Doxing in the corporate sector

SecureList

MARCH 29, 2021

Collecting information about a company from public sources. The Internet can provide doxers with all kinds of helpful information, such as the names and positions of employees, including those who occupy key positions in the company. Such key positions include the CEO, HR department director, and chief accountant.

Identity Theft

Identity Theft Phishing Accountability Banking

Australian man charged with creating and selling the Imminent Monitor spyware

Security Affairs

AUGUST 1, 2022

The Australian Federal Police (AFP) launched an investigation into the case, codenamed Cepheus, in 2017 after it received information about a “suspicious RAT” from cybersecurity firm Palo Alto Networks and the U.S. The authorities believe the man earned between $300,000 and $400,000 from selling the malware.

Spyware

Spyware Malware Cybercrime Hacking

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

Turchin obtained credentials to target networks by launching spear-phishing attacks and brute-forcing the passwords of remote desktop servers exposed online. Once the hacker gained access to the network, the deployed password-stealing malware and remote access trojans (RATs) to harvest credentials and establish persistence in the system.

Hacking

Hacking Antivirus Advertising Cybercrime

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Javali trojan is active since November 2017 and targets users of financial and banking organizations geolocated in Brazil and Mexico. After opening the URL distributed on the email body, a ZIP file is then downloaded from the Internet. Background of Latin American Trojans. The next diagram demonstrates how Javali trojan banker works.

Antivirus

Antivirus Malware Banking Internet

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

From the 1960’s to 2000 infusion pumps were mostly electromechanical devices with some embedded electronics, but the turn of the century delivered “smarter” devices with better safety mechanisms and the possibility to program them, which slowly opened the door to information security challenges.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Microsoft warns of growing DoppelPaymer Ransomware threat

Security Affairs

NOVEMBER 21, 2019

Use a safe and password-protected internet connection. The TA505 cybercrime group that is known for the distribution of the Dridex Trojan and the Locky ransomware , in mid-2017 released the BitPaymer ransomware (aka FriedEx) that was used in attacks against high profile targets and organizations.

Ransomware

Ransomware Social Engineering Malware Advertising

CASMM (The Consumer Authentication Strength Maturity Model)

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Webinars

Trending Sources

TP-Link Archer routers allow remote takeover without passwords

Webinars

PurpleFox malware infected at least 2,000 computers in Ukraine

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

A new Zerobot variant spreads by exploiting Apache flaws

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Hackers claim to have compromised 50,000 home cameras and posted footage online

FBI: Compromised US academic credentials available on various cybercrime forums

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Harvard Business Publishing licensee hit by ransomware

DirtyMoe modules expand the bot using worm-like techniques

Developer of DDoS Mirai based botnets sentenced to prison

China-linked threat actors have breached telcos and network service providers

Creator of multiple IoT botnets, including Satori, pleaded guilty

EnemyBot malware adds new exploits to target CMS servers and Android devices

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Exposed: the threat actors who are poisoning Facebook

Some models of Comba and D-Link WiFi routers leak admin credentials

QNAP urges users to update Malware Remover after QSnatch joint alert

Mozi Botnet is responsible for most of the IoT Traffic

Enemybot, a new DDoS botnet appears in the threat landscape

OT attacks increased by over 2000 percent in 2019, IBM reports

Cybercriminal greeners from Iran attack companies worldwide for financial gain

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

QSnatch malware infected over 62,000 QNAP NAS Devices

NSA details top 25 flaws exploited by China-linked hackers

The Fuzzing Files: The Anatomy of a Heartbleed

The Fuzzing Files: The Anatomy of a Heartbleed

The Fuzzing Files: The Anatomy of a Heartbleed

Parents’ Guide for Safe YouTube and Internet Streaming for Kids

Top 5 Cybersecurity and Computer Threats of 2017

Cyber Security Awareness and Risk Management

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Doxing in the corporate sector

Australian man charged with creating and selling the Imminent Monitor spyware

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Microsoft warns of growing DoppelPaymer Ransomware threat

Stay Connected