2017, Information Security and Passwords

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. So basically: Minor incident, but no customer data or vaults were lost.

Password Management

Password Management Passwords Encryption Backups

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication

Authentication Passwords Internet Internet

COMB breach: 3.2B email and password pairs leaked online

Security Affairs

FEBRUARY 7, 2021

The Largest compilation of emails and passwords (COMB), more than 3.2 billion unique pairs of cleartext emails and passwords have been leaked on a popular hacking forum, the collection aggregates data from past leaks, such as Netflix, LinkedIn , Exploit.in , Bitcoin, and more. billion email and password pairs, all in plaintext.”

Passwords

Passwords Hacking Accountability Banking

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture

Architecture Internet Internet Malware

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. ” reads the analysis published by Intezer.

Manufacturing

Manufacturing Cybercrime Passwords Authentication

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

The group also created the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Attackers inserted rogue JavaScript to capture usernames and passwords in real-time, enhancing lateral movement within networks. This infrastructure technique is versatile, supporting operations globally. ” concludes the report.

Telecommunications

Telecommunications DNS Passwords Hacking

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

2018 Retrospective

Troy Hunt

JANUARY 3, 2019

Blogging I actually got a bit of a surprise when I pulled the list of my most popular blog posts for 2018: The surprise was that after the home page, the most popular page hit on my site was the one about Online Spambot , a post I published in August 2017. SSW in Sydney: How safe is your #password ?! troyhunt is here to help.

Passwords

Passwords Technology Government InfoSec

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Use a password manager. It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come. Secure your phone.

Passwords

Passwords Password Management Internet Internet

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464. ” concludes the report.

DDOS

DDOS Malware Advertising Passwords

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ.

Hacking

Hacking Passwords Accountability Cybercrime

Imperva data Breach: WAF customers’ data exposed

Security Affairs

AUGUST 27, 2019

. “Here is what we know about the situation today: On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017. Elements of our Incapsula customer database through September 15, 2017 were exposed.

Data breaches

Data breaches Firewall Passwords Advertising

Imperva explains how hackers stole AWS API Key and accessed to customer data

Security Affairs

OCTOBER 14, 2019

“Here is what we know about the situation today: On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017. Elements of our Incapsula customer database through September 15, 2017 were exposed.

Firewall

Firewall Passwords Accountability Advertising

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.” The experts detected 8.3 billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Security Affairs

AUGUST 16, 2024

Many Google Pixel devices shipped since September 2017 have included a vulnerable app that could be exploited for malicious purposes. Many Google Pixel devices shipped since September 2017 have included dormant software that could be exploited by attackers to compromise them. ” reads the report. ” reads the report.

Hacking

Hacking Firmware Mobile Penetration Testing

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. “In approximately January 2017, the beauty store Sephora suffered a data breach.

Data breaches

Data breaches Passwords Advertising Cybercrime

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

The spear-phishing messages use a password-protected ZIP or RAR attachment and the password is included in the content of the email. ” reads the analysis published by NTT Security. checks whether both username and password are filled in a dialog as an additional feature before clicking the OK button.”

Malware

Malware Phishing Passwords Media

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. This can take years, however.

Malware

Malware Passwords Identity Theft Data collection

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8

Hacking

Hacking Cyber Attacks Passwords Software

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Encryption

Encryption Antivirus Malware Hacking

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

million January 2017 CafeMom.com 2.6 million October 2017 ModaOperandi.com 1.3 Those who have their account exposed in one of the above incidents are recommended to change their password. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million December 2018 CafePress.com 23.6

Data breaches

Data breaches Advertising Passwords Hacking

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. The first Satori iteration targeted devices running with factory-settings or protected with easy-to-guess passwords, the bot infected over 100,000 devices in its first month. the man also claimed that the botnet was capable of DDoS attacks of 1Tbps.

DDOS

DDOS IoT Advertising Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS

DNS Malware Internet Internet

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload. ” reads the analysis published by Talos.

Malware

Malware Passwords DDOS IoT

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them.

IoT

IoT Internet Internet Hacking

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” In the period 2017-2021 this group implemented the most numerous cyberintelligence actions on various vectors of public administration. .” reads the announcement published by the SSU. “The SSU Cyber ??

Government

Government Software Cyber threats Cyber Attacks

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Adopt a comprehensive IoT security solution. Zerobot was also observed spreading by exploiting dozens of vulnerabilities, the version Zerobot 1.1

IoT

IoT DDOS Malware Firmware

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

Security Affairs

JUNE 24, 2019

US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying , credential stuffing , and spear-phishing. Want to know more about password spraying and how to stop it? 2017- NotPetya leveraged the EternalBlue exploit to spread to vulnerable systems.

Backups

Backups Advertising Passwords Accountability

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Security Affairs

SEPTEMBER 13, 2021

. “An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., to recover the password. ” The experts deployed Spook.js In another attack scenario, the researchers packaged Spook.js

Passwords

Passwords Hacking Technology Information Security

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. The banking trojan is able to record keystrokes, to steal passwords stored on the PC, and take screenshots and videos from the victims’ machine. LISOV had administrative-level access to those computer servers.”

Banking

Banking Malware Advertising Passwords

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

This week, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. Install and update Security Counselor. Avoid using default ports (i.e.

Malware

Malware Advertising Passwords Manufacturing

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

Iran-linked APT is exploiting the Zerologon flaw in attacks

Security Affairs

OCTOBER 6, 2020

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East.

Authentication

Authentication Advertising Architecture Cyber Attacks

Xenotime threat actor now is targeting Electric Utilities in US and APAC

Security Affairs

JUNE 14, 2019

Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/ Triton malware attack that hit oil and gas organizations. continues the report.

Malware

Malware Advertising Passwords Authentication

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

According to MGM Resorts, the data was old, none of the customers in the archive stayed at the hotel past 2017. The company excluded that hackers have stolen financial and payment card data or passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Hacking Cybercrime

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

The final payload is the FormBook information-stealing Trojan, a malware that was first spotted by researchers at FireEye in October 2017. The commands include instructing the malware to download and execute files, start processes, shutdown and reboot the system, and steal cookies and local passwords.”

Malware

Malware Scams Social Engineering Phishing

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

OCTOBER 15, 2018

You’ll recall that in the OPM breach , the cyber intruders stole a a staggering amount of highly sensitive information – deep personnel records for 21.5 In that caper, criminals got away with Social Security numbers, passwords, and in some cases, fingerprints. million federal employees and contractors. Cross-referencing.

Risk

Risk Government Cyber Attacks Passwords

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. POEMGATE is a malicious PAM module that is used by attackers to authenticate with a statically determined password and saves logins and passwords entered during authentication in a file in XOR-encoded form.

Telecommunications

Telecommunications Authentication Data collection Passwords

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. Dangerous leak.

Ransomware

Ransomware Passwords Encryption Identity Theft

My Philosophy and Recommendations Around the LastPass Breaches

CASMM (The Consumer Authentication Strength Maturity Model)

Trending Sources

COMB breach: 3.2B email and password pairs leaked online

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

XE Group shifts from credit card skimming to exploiting zero-days

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

TP-Link Archer routers allow remote takeover without passwords

2018 Retrospective

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

New Lucifer DDoS botnet targets Windows systems with multiple exploits

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Ticketmaster will pay $10 Million fine over hacking a competitor

Imperva data Breach: WAF customers’ data exposed

Imperva explains how hackers stole AWS API Key and accessed to customer data

American Insurance firm State Farm victim of credential stuffing attacks

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Data from Sephora and StreetEasy data breaches added to HIBP

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Alleged FruitFly malware creator ruled incompetent to stand trial

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Chinese actors behind attacks on industrial enterprises and public institutions

Threat actors are offering for sale 550 million stolen user records

Developer of DDoS Mirai based botnets sentenced to prison

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Necro Python bot now enhanced with new VMWare, server exploits

Hackers claim to have compromised 50,000 home cameras and posted footage online

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

A new Zerobot variant spreads by exploiting Apache flaws

FBI: Compromised US academic credentials available on various cybercrime forums

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

QNAP urges users to update Malware Remover after QSnatch joint alert

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Iran-linked APT is exploiting the Zerologon flaw in attacks

Xenotime threat actor now is targeting Electric Utilities in US and APAC

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

New Coronavirus-themed malspam campaign delivers FormBook Malware

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Harvard Business Publishing licensee hit by ransomware

Stay Connected