2017, Information Security and Passwords

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication

Authentication Passwords Internet Internet

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. This can take years, however.

Malware

Malware Passwords Identity Theft Data collection

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

TA547 targets German organizations with Rhadamanthys malware

Security Affairs

APRIL 12, 2024

TA547 is a financially motivated threat actor that has been active since at least November 2017, it was observed conducting multiple campaigns to deliver a variety of Android and Windows malware, including DanaBot , Gootkit , Lumma stealer , NetSupport RAT , Ursnif , and ZLoader.

Malware

Malware Social Engineering Retail Engineering

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464. ” concludes the report.

DDOS

DDOS Malware Advertising Passwords

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Experts observed the bot attempting to gain access to the device by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. Adopt a comprehensive IoT security solution. Zerobot was also observed spreading by exploiting dozens of vulnerabilities, the version Zerobot 1.1

IoT

IoT DDOS Malware Firmware

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. “Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business” wrote the DoJ.

Hacking

Hacking Passwords Accountability Cybercrime

Chinese actors behind attacks on industrial enterprises and public institutions

Security Affairs

AUGUST 9, 2022

The emails used weaponized Microsoft Word documents exploiting the CVE-2017-11882 vulnerability. The CVE-2017-11882 flaw is a memory-corruption issue that affects all versions of Microsoft Office released between 2000 and 2017. The vulnerability affects the MS Office component EQNEDT32.EXE

Antivirus

Antivirus Encryption Malware Hacking

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. POEMGATE is a malicious PAM module that is used by attackers to authenticate with a statically determined password and saves logins and passwords entered during authentication in a file in XOR-encoded form.

Telecommunications

Telecommunications Authentication Data collection Passwords

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The malware uses exploits for known vulnerabilities and password brute-forcing attacks for self-propagation.

Malware

Malware Internet Internet DDOS

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

In total, the database leaked over 152,000 pieces of information pertaining to customers, such as emails, names, links to LinkedIn, Twitter, and Facebook profiles, and hashed passwords. The instance also contained 15 employee emails, names, and passwords protected by a weak SHA1-128bit hash. Dangerous leak.

Ransomware

Ransomware Passwords Encryption Identity Theft

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

Security Affairs

SEPTEMBER 13, 2021

. “An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., to recover the password. ” The experts deployed Spook.js In another attack scenario, the researchers packaged Spook.js

Passwords

Passwords Hacking Technology Information Security

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Worldwide spending on information security products and services rose to $114 billion in 2018, up from $102 billion in 2017, an increase of 12.4 Use a password manager. It’s clear that we will continue to be reliant on usernames and passwords to access online services for some time to come. Secure your phone.

Passwords

Passwords Password Management Antivirus Internet

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8

Hacking

Hacking Cyber Attacks Passwords Software

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.” The experts detected 8.3 billion per month.

Insurance

Insurance Data breaches Financial Services Passwords

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Security Affairs

DECEMBER 29, 2021

The spear-phishing messages use a password-protected ZIP or RAR attachment and the password is included in the content of the email. ” reads the analysis published by NTT Security. checks whether both username and password are filled in a dialog as an additional feature before clicking the OK button.”

Malware

Malware Phishing Passwords Media

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload. ” reads the analysis published by Talos.

Malware

Malware Passwords DDOS IoT

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

Security Affairs

JULY 17, 2023

In April, the FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. The admins of the darkweb Genesis Market announced the sale of their platform to a threat actor that will restart operations next month. The data offered by the administrators included: device fingerprints (e.g.

Marketing

Marketing Accountability Cybercrime Passwords

HinataBot, a new Go-Based DDoS botnet in the threat landscape

Security Affairs

MARCH 17, 2023

The sample captured by the experts abuses old vulnerabilities and weak credentials, the researchers reported that it attempts to exploit flaws in the miniigd SOAP service on Realtek SDK devices ( CVE-2014-8361 ), Huawei HG532 routers ( CVE-2017-17215 ), and exposed Hadoop YARN servers (CVE N/A).

DDOS

DDOS Passwords Engineering Hacking

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

This ‘line of work’ is coordinated by the FSB’s 18th Center (Information Security Center) based in Moscow.” In the period 2017-2021 this group implemented the most numerous cyberintelligence actions on various vectors of public administration. .” reads the announcement published by the SSU. “The SSU Cyber ??

Government

Government Software Cyber threats Cyber Attacks

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS

DNS Cryptocurrency Internet Internet

Data from Sephora and StreetEasy data breaches added to HIBP

Security Affairs

OCTOBER 7, 2019

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. Impacted data includes names, usernames, email addresses and SHA-1 password hashes. “In approximately January 2017, the beauty store Sephora suffered a data breach.

Data breaches

Data breaches Passwords Advertising Cybercrime

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The executioner loads two modules, a Monero miner and a module for worming replication.

Malware

Malware Passwords DDOS Internet

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

Schuchman, Vamp, and Drake created the Satori botnet in between July and August 2017. The first Satori iteration targeted devices running with factory-settings or protected with easy-to-guess passwords, the bot infected over 100,000 devices in its first month. the man also claimed that the botnet was capable of DDoS attacks of 1Tbps.

DDOS

DDOS IoT Advertising Internet

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Security Affairs

DECEMBER 11, 2019

Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. . “The bucket wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.”

Penetration Testing

Penetration Testing Advertising Authentication Passwords

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

It uses a list of hardcoded username/password combinations to login into devices in the attempt to access systems using weak or default credentials. The botnet implements multiple obfuscation techniques to avoid detection and hides C2 on the Tor network. The Enemybot botnet employs several methods to spread and targets other IoT devices.

Malware

Malware DDOS IoT Cybercrime

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them.

IoT

IoT Internet Internet Hacking

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications

Telecommunications Authentication Passwords Accountability

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

million January 2017 CafeMom.com 2.6 million October 2017 ModaOperandi.com 1.3 Those who have their account exposed in one of the above incidents are recommended to change their password. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million December 2018 CafePress.com 23.6

Data breaches

Data breaches Advertising Passwords Hacking

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking

Hacking DNS Cryptocurrency Accountability

QNAP urges users to update Malware Remover after QSnatch joint alert

Security Affairs

AUGUST 2, 2020

This week, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint advisory about a massive ongoing campaign spreading the QSnatch data-stealing malware. Install and update Security Counselor. Avoid using default ports (i.e.

Malware

Malware Advertising Passwords Manufacturing

China-linked APT10 Target Taiwan’s financial trading industry

Security Affairs

FEBRUARY 22, 2022

The group (also known as Cicada, Stone Panda , MenuPass group, Bronze Riverside, and Cloud Hopper ) has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. .”

Technology

Technology Hacking Passwords Software

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine.

Phishing

Phishing Social Engineering Authentication Cryptocurrency

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute force attacks and to give defender monitoring systems opportunities to detect common attacks.

Passwords

Passwords Architecture Backups Cyber Attacks

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Security experts from Group-IB, an international company specializing in preventing cyberattacks and developing information security solutions, has investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, their number increased by 369% compared to 2016.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Xenotime threat actor now is targeting Electric Utilities in US and APAC

Security Affairs

JUNE 14, 2019

Experts at Dragos firm reported that Xenotime threat actor behind the 2017 Trisis/Triton malware attack is targeting electric utilities in the US and APAC. Xenotime threat actor is considered responsible for the 2017 Trisis/ Triton malware attack that hit oil and gas organizations. continues the report.

Malware

Malware Advertising Authentication Passwords

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Security Affairs

JULY 1, 2023

The group also plans to publish information that can allow a threat actor to access the company’s infrastructure. “In the case of payment refusal, also will be published points of entry into the network and passwords and logins company.” ” reads the announcement published by Lockbit operators on their leak site.

Manufacturing

Manufacturing Ransomware Hacking Security Awareness

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

Lisov was arrested in January 2017 at the Barcelona airport by the Guardia Civil. The banking trojan is able to record keystrokes, to steal passwords stored on the PC, and take screenshots and videos from the victims’ machine. LISOV had administrative-level access to those computer servers.”

Banking

Banking Malware Advertising Passwords

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

JULY 14, 2020

According to MGM Resorts, the data was old, none of the customers in the archive stayed at the hotel past 2017. The company excluded that hackers have stolen financial and payment card data or passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Advertising Hacking Cybercrime

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

CASMM (The Consumer Authentication Strength Maturity Model)

Trending Sources

TP-Link Archer routers allow remote takeover without passwords

Alleged FruitFly malware creator ruled incompetent to stand trial

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

TA547 targets German organizations with Rhadamanthys malware

New Lucifer DDoS botnet targets Windows systems with multiple exploits

A new Zerobot variant spreads by exploiting Apache flaws

Ticketmaster will pay $10 Million fine over hacking a competitor

Chinese actors behind attacks on industrial enterprises and public institutions

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

PurpleFox malware infected at least 2,000 computers in Ukraine

Harvard Business Publishing licensee hit by ransomware

New Spook.Js attack allows to bypass Google Chrome Site Isolation protections

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

American Insurance firm State Farm victim of credential stuffing attacks

China-linked BlackTech APT uses new Flagpro malware in recent attacks

Necro Python bot now enhanced with new VMWare, server exploits

FBI: Compromised US academic credentials available on various cybercrime forums

Admins of Genesis Market marketplace sold their infrastructure on a hacker forum

HinataBot, a new Go-Based DDoS botnet in the threat landscape

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Data from Sephora and StreetEasy data breaches added to HIBP

DirtyMoe modules expand the bot using worm-like techniques

Developer of DDoS Mirai based botnets sentenced to prison

Unsecured AWS bucket exposes over 750,000 birth certificate applications

EnemyBot malware adds new exploits to target CMS servers and Android devices

Hackers claim to have compromised 50,000 home cameras and posted footage online

China-linked threat actors have breached telcos and network service providers

Threat actors are offering for sale 550 million stolen user records

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

QNAP urges users to update Malware Remover after QSnatch joint alert

China-linked APT10 Target Taiwan’s financial trading industry

BlueCharlie changes attack infrastructure in response to reports on its activity

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Xenotime threat actor now is targeting Electric Utilities in US and APAC

LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Stay Connected