SecureWorld News

JANUARY 18, 2023

Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program. The third installment of the "Hack the Pentagon" bug bounty program comes almost five years after the second one, which was unveiled in April 2018.

Hacking 73

Hacking Government Information Security Cybersecurity 73

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 123

Government Hacking Cyber Attacks Information Security 123

Security Affairs

SEPTEMBER 23, 2021

BulletProofLink has been active since 2018, it was used by multiple threat actors in either one-off or monthly subscription-based business models. SecurityAffairs – hacking, phishing). The post BulletProofLink, a large-scale phishing-as-a-service active since 2018 appeared first on Security Affairs. Pierluigi Paganini.

Phishing 87

Phishing Cybercrime Advertising Hacking 87

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware 97

Malware Phishing DNS Cybercrime 97

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes. score of 6.8.

Hacking 114

Hacking Firmware Encryption Manufacturing 114

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. A primary culprit of these attacks is the lack of understanding of application programming interfaces, or APIs.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

DECEMBER 21, 2019

Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw. Experts warn that threat actors continue to exploit the CVE-2018-0296 flaw to target Cisco ASA and Firepower Appliance. ” read the security advisory published by Cisco.

Firewall 64

Firewall Advertising Software Risk 64

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 81

Accountability Hacking Financial Services Cybersecurity 81

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). The post ShinyHunters hacked Pluto TV service, 3.2M A hacker has shared 3.2

Accountability 97

Accountability Hacking Data breaches Passwords 97

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN 120

VPN Government Hacking Accountability 120

Security Affairs

AUGUST 28, 2020

A former Cisco employee has pleaded guilty to hacking charges and intentionally causing damage to the systems of his company. SecurityAffairs – hacking, hacking). The post Former Cisco employee pleads guilty to hacking, damaging company systems appeared first on Security Affairs. Pierluigi Paganini.

Hacking 122

Hacking Advertising Accountability Risk 122

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware 122

Spyware Surveillance Architecture Software 122

Security Affairs

DECEMBER 24, 2020

91541, 91534 CVE-2014-1812 05/13/2014 Microsoft Windows Group Policy Preferences Password Elevation of Privilege Vulnerability (KB2962486) 9 91148, 90951 CVE-2020-0688 02/11/2020 Microsoft Exchange Server Security Update for February 2020 8.8 50098 CVE-2016-0167 04/12/2016 Microsoft Windows Graphics Component Security Update (MS16-039) 7.8

Hacking 114

Hacking Cyber Attacks Passwords Software 114

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking 117

Hacking Malware Advertising DNS 117

Security Affairs

AUGUST 19, 2020

According to the security expert Tal Be’ery , the vulnerability, dubbed GlueBall, has been known since August 2018, because a malware sample exploiting it was uploaded to VirusTotal. SecurityAffairs – hacking, CVE-2020-1464 ). MSI) files signed by any software developer. . Pierluigi Paganini.

Advertising 71

Advertising Malware Internet Internet 71

Security Affairs

APRIL 8, 2019

Bahrain, 08.04.2019 – Group-IB, an international company that specializes in preventing cyberattacks , and NGN International, a global system integrator, analyzed cybersecurity landscape in Gulf countries in 2018. According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, the details of 1.8

Artificial Intelligence 63

Artificial Intelligence Government Banking Advertising 63

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) X through 3.3.4. CISA orders federal agencies to fix this flaw by October 19, 2023.

Hacking 109

Hacking Risk Cybersecurity Information Security 109

Security Affairs

JULY 8, 2019

The UK Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect the personal information of roughly 500,000 customers during 2018 security breach. “The proposed fine relates to a cyber incident notified to the ICO by British Airways in September 2018. .

Data breaches 69

Data breaches Advertising Hacking Mobile 69

Security Affairs

MAY 19, 2021

Security researchers with Tencent Security Keen Lab identified five vulnerabilities, tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars. SecurityAffairs – hacking, Mercedes). Follow me on Twitter: @securityaffairs and Facebook.

Hacking 93

Hacking Firmware Engineering Software 93

Security Affairs

MAY 2, 2023

Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices. The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. At this time, the vendor has yet to release security patches to address the flaw.

Authentication 98

Authentication Retail Surveillance Education 98

Security Affairs

FEBRUARY 2, 2024

Olsen, the Assistant Attorney General for National Security; and James Smith, the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that JOSHUA ADAM SCHULTE was sentenced to 40 years in prison by U.S. District Judge Jesse M.

Computers and Electronics 94

Computers and Electronics Engineering Hacking Data breaches 94

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group.

Risk 114

Risk Spyware Hacking Accountability 114

Security Affairs

JULY 4, 2019

Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows. The post Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – Sodin, ransomware).

Ransomware 77

Ransomware Encryption Advertising Architecture 77

Security Affairs

JUNE 23, 2019

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. SecurityAffairs – NASA, hacking). The post NASA hacked! ” reads the report. Pierluigi Paganini.

Hacking 111

Hacking Data breaches Advertising Firewall 111

Security Affairs

APRIL 13, 2021

The Swedish Sports Confederation is the umbrella organisation of the Swedish sports movement, it was hacked by Russian military intelligence in a campaign conducted between December 2017 and May 2018, officials said. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Hacking 61

Hacking Media Government Information Security 61

Security Affairs

OCTOBER 29, 2020

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization.

Government 93

Government Hacking Advertising Encryption 93

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking 89

Hacking VPN Advertising Financial Services 89

Security Affairs

OCTOBER 23, 2020

In March 2018, the Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert to warn of attacks on US critical infrastructure powered by Russian threat actors. Hackers also targeted Exim mail agents ( CVE 2019-10149 ) and Fortinet SSL VPNs ( CVE-2018-13379 ). Pierluigi Paganini.

Government 113

Government Hacking Advertising Passwords 113

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless 137

Wireless VPN Software Hacking 137

Security Affairs

AUGUST 9, 2020

Paige Thompson is a transgender woman suspected to be the hacker behind the Capital One hack and attacks on 30 other organizations, in August 2019 he has been indicted on wire fraud and computer fraud. SecurityAffairs – hacking, Capital One). Thompson (33). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking 80

Hacking Banking Data breaches Advertising 80

Security Affairs

JUNE 27, 2019

In 2018 PCM generated roughly $2.2 Krebs speculates that intruders could be the same that hacked the Indian IT outsourcing giant Wipro Ltd. According to RiskIQ, the group that hacked Wipro has been active since at least 2016, it was focused on targeting gift card providers. SecurityAffairs – PCM, hacking).

Hacking 88

Hacking Advertising Accountability Data breaches 88

Security Affairs

DECEMBER 30, 2022

US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities ( KEV ) catalog, TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards. Pierluigi Paganini.

Software 86

Software Authentication Hacking Risk 86

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. On October 18, 2019, Zaidi pled guilty for his participation in the hacking activity. Ticketmaster already paid $110 million in 2018 to settle a civil suit brought by Songkick, which merged with CrowdSurge in 2015.

Hacking 85

Hacking Passwords Accountability Cybercrime 85

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The experts that analyzed the malicious code employed in the hack found many similarities with a piece of malware used in a previous attack against a German Government network that took place in 2014.

Hacking 74

Hacking Cyber Attacks Identity Theft Government 74

Security Affairs

JUNE 17, 2020

A CIA elite hacking unit that developed cyber-weapons failed in protecting its operations, states an internal report on the Vault 7 data leak. In March, Joshua Schulte , a former CIA software engineer that was accused of stealing the agency’s hacking tools and leaking them to WikiLeaks, was convicted of only minor charges.

Hacking 113

Hacking Engineering Data breaches Advertising 113

Security Affairs

DECEMBER 4, 2023

. — Microsoft Threat Intelligence (@MsftSecIntel) December 1, 2023 DanaBot is a multi-stage modular banking Trojan written in Delphi that first appeared on the threat landscape in 2018. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CACTUS ransomware)

Ransomware 103

Ransomware Malware Banking Hacking 103

Security Affairs

DECEMBER 22, 2019

In January 2018, Burns is suspected to have accessed systems operated by Jet2 and its parent company, Dart Group. On January 18, 2018, he removed user accounts from the compromised systems, locking out over 2,000 Jet2 employees from accessing the company’s systems, including their emails. SecurityAffairs – Jet2 airline, hacking).

Hacking 59

Hacking Advertising Accountability Software 59