2019, Hacking and Information Security - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019. Vasinskyi was extradited to the U.S. in March 2022.

Ransomware

Ransomware Hacking Malware Cybercrime

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.

Spyware

Spyware Hacking Surveillance Malware

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Security Affairs

MAY 5, 2025

Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Sansec identified these backdoors in the following packages which were published between 2019 and 2022.” ” reads the report published by Sansec.

eCommerce

eCommerce Hacking Authentication Software

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. said Gil Lanier, vice president of global communications for the Israeli firm.

Spyware

Spyware Surveillance Software Hacking

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals.

Hacking

Hacking Accountability Data breaches Marketing

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. Salt Typhoon is a China-linked APT group active since at least 2019.

Mobile

Mobile Telecommunications Data breaches Hacking

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

CVE-2019-16278 – is a directory traversal issue in the function http_verify in nostromo nhttpd through 1.9.6 Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA ) Versions up to 2.3.6 and unpatched 2.3.7

Firewall

Firewall Authentication Accountability Risk

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

Security Affairs

MAY 13, 2025

DoppelPaymer ransomware has been active since June 2019 ; in November 2020, Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymerransomwareand provided useful information on the threat. The Europol states that in the US, victims payed at least 40 million euros between May 2019 and March 2021.

Ransomware

Ransomware Cybercrime Malware Banking

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Cyber Attacks

Cyber Attacks Hacking Government Malware

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches

Data breaches Identity Theft Accountability Technology

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware

Spyware Government Surveillance Hacking

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. If convicted, the man could face up to 20 years in prison for each wire fraud count, 10 years for each computer hacking charge, and 5 years for conspiracy to commit computer fraud and abuse.

Cybercrime

Cybercrime Ransomware Healthcare Education

A British national has been charged for his execution of a hack-to-trade scheme

Security Affairs

SEPTEMBER 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits.

Hacking

Hacking Accountability Passwords Cybercrime

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations. In November 2019, the criminals behind a ransomware species called Maze started a new trend that is currently gaining momentum on the dark web.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Data of 533 million Facebook users leaked in a hacking forum for free

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. SecurityAffairs – hacking, data leak). Pierluigi Paganini.

Hacking

Hacking Accountability Passwords Data breaches

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. Pierluigi Paganini.

Ransomware

Ransomware Hacking Encryption Malware

Black Basta ransomware gang hacked Hyundai Motor Europe

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. In December 2019, German media reported that hackers suspected to be members of the Vietnam-linked APT Ocean Lotus ( APT32 ) group breached the networks of the car manufacturers BMW and Hyundai.

Hacking

Hacking Ransomware Data breaches Manufacturing

DHS announces its ‘Hack DHS’ bug bounty program

Security Affairs

DECEMBER 14, 2021

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas. “The

Hacking

Hacking Government Cybersecurity Technology

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 financial spreadsheets, bank documents and communications) as proof of the hack. Acer is currently investigating the security breach. SecurityAffairs – hacking, ransoware).

Ransomware

Ransomware Hacking Computers and Electronics Malware

XE Group shifts from credit card skimming to exploiting zero-days

Security Affairs

FEBRUARY 10, 2025

The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, newsletter)

Manufacturing

Manufacturing Cybercrime Passwords Authentication

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Snatch group claims to have hacked military provider HENSOLDT France

Security Affairs

OCTOBER 31, 2022

The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. The group has published a sample of the stolen data (94 MB) as proof of the hack. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Hacking Ransomware Data breaches

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.

Advertising

Advertising Cybercrime System Administration Hacking

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Security Affairs

DECEMBER 15, 2023

The Snatch ransomware group announced it had hacked the food giant Kraft Heinz, the company is investigating the claims. The Snatch ransomware group claims to have hacked Kraft Heinz in August and on December 14, it added the company to the list of victims on its leak site.

Hacking

Hacking Ransomware Computers and Electronics Marketing

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN

VPN Government Hacking Accountability

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software

Software Architecture Media Engineering

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors. .

DNS

DNS Telecommunications Architecture Media

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Security Affairs

DECEMBER 21, 2024

The NetWalker ransomware group has been active since 2019, it was operating using the Ransomware-as-a-Service (RaaS) model. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware) under the U.S.-Romania Romania extradition treaty. million ransom to recover its files.

Ransomware

Ransomware Healthcare Government Cryptocurrency

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

PRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978 , Tropical Scorpius , UNC2596 ), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities.

Encryption

Encryption Ransomware Malware Phishing

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 27, 2025

CVE-2019-9874 (CVSS score of 9.8) Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, CISA ) is a Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 is a Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1

Authentication

Authentication Hacking Cybersecurity Risk

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” Denis Kloster, as posted to his Vkontakte page in 2019. “Thanks to you, we are now developing in the field of information security and anonymity!,”

Cybercrime

Cybercrime Advertising IoT Malware

PoC rootkit Curing evades traditional Linux detection systems

Security Affairs

APRIL 28, 2025

.” io_uring is a Linux API for asynchronous I/O that uses shared ring buffers between user and kernel space, letting applications perform actions without system calls, making syscall-based security tools ineffective. in March 2019. The io_uring was introduced in the Linux kernel version 5.1

Risk

Risk Hacking Information Security Malware

The source code of Zeppelin Ransomware sold on a hacking forum

Security Affairs

JANUARY 5, 2024

In August 222, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory to warn of Zeppelin ransomware attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, ransomware)

Ransomware

Ransomware Hacking Encryption Malware

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking

Hacking VPN Ransomware Passwords

Snatch gang claims the hack of the Department of Defence South Africa

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. In October 2022, the Snatch ransomware group claimed to have hacked the French company HENSOLDT France. The Snatch ransomware group added the Department of Defence South Africa to its data leak site.

Hacking

Hacking Computers and Electronics Ransomware Risk

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

“In some systems, initial access was gained through exploiting the RDP vulnerability (BlueKeep, CVE-2019-0708). Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Kimsuky) Attackers exploited an RDP vulnerability to gain initial access to the target systems.

Phishing

Phishing Malware Security Intelligence Hacking

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Software Architecture

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S. SecurityAffairs – hacking, Russia-linked threat actors). The post Russia-linked threat actors targets critical infrastructure, US authorities warn appeared first on Security Affairs. Pierluigi Paganini.

Malware

Malware Cyber threats Government Hacking

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services

Security Affairs

NOVEMBER 18, 2023

The man was arrested in September 2019 while traveling to the U. Azari orchestrated the international hacking-for-hire spearphishing campaign from his home in Israel. “From approximately November 2014 to September 2019, AZARI engaged in an extensive spearphishing campaign that targeted individuals and companies in the U.

Identity Theft

Identity Theft Phishing Hacking Accountability

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

MAY 7, 2021

SecurityAffairs – hacking, APT29). The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs. US CISA also published details about Russian SVR activities related to SolarWinds compromise which include mitigation strategies. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Hacking Government Malware

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ExpressVPN published an official response that confirmed the accusation of the DoJ but that pointed out that the experts took part to the Project Raven before he joined to the company in 2019.

Surveillance

Surveillance VPN Hacking Cybersecurity

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Meanwhile, the advanced hacking collectives invest in innovation and press forward. In the first four months of 2019 alone, some 22 attacks have been disclosed. days in Q2 2019, as compared to 7.3 days in Q1 2019. 2017: WannaCry – Attackers leverage hacking tools stolen from the NSA. mayors attending the U.S.

Ransomware

Ransomware Internet Internet Hacking

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

Security Affairs

MARCH 7, 2025

Garantex has been active since 2019, the service allowed customers to buy and sell virtual currencies using fiat currencies. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,cryptocurrenycy) Secret Service seized the website (“garantex[.]org”)

Banking

Banking Marketing Cryptocurrency Hacking

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Four REvil Ransomware members sentenced for hacking and money laundering

Trending Sources

WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

The Mask APT is back after 10 years of silence

New Atrium Health data breach impacts 585,000 individuals

Poland probes Pegasus spyware abuse under the PiS government

Russian Phobos ransomware operator faces cybercrime charges

A British national has been charged for his execution of a hack-to-trade scheme

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Data of 533 million Facebook users leaked in a hacking forum for free

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Black Basta ransomware gang hacked Hyundai Motor Europe

DHS announces its ‘Hack DHS’ bug bounty program

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

XE Group shifts from credit card skimming to exploiting zero-days

New Leak Shows Business Side of China’s APT Menace

Snatch group claims to have hacked military provider HENSOLDT France

Meet the Administrators of the RSOCKS Proxy Botnet

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

APT hacked a US municipal government via an unpatched Fortinet VPN

Experts found multiple flaws in Mercedes-Benz infotainment system

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

Administrator of RSOCKS Proxy Botnet Pleads Guilty

PoC rootkit Curing evades traditional Linux detection systems

The source code of Zeppelin Ransomware sold on a hacking forum

Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

Snatch gang claims the hack of the Department of Defence South Africa

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Russia-linked threat actors targets critical infrastructure, US authorities warn

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services

Russia-linked APT29 group changes TTPs following April advisories

Why Edward Snowden is urging users to stop using ExpressVPN?

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

International law enforcement operation seized the domain of the Russian crypto exchange Garantex

Stay Connected