Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. The Judge, however, decided that NSO Group would not be forced to reveal the names of its clients or information about its server architecture.

Spyware 115

Spyware Surveillance Architecture Software 115

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Pierluigi Paganini.

Security Intelligence 125

Security Intelligence Authentication Advertising Passwords 125

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. . SecurityAffairs – hacking, Windows).

Authentication 127

Authentication Advertising Architecture Cybercrime 127

The Last Watchdog

MAY 19, 2021

As wake up calls go, the Colonial Pipeline ransomware hack was piercing. This very high-profile caper is part of an extended surge of ransomware attacks, which quintupled globally between the first quarter of 2018 and the fourth quarter of 2020, and is expected to rise 20 percent to 40 percent this year, according to insurance giant Aon.

Hacking 205

Hacking Government Technology Ransomware 205

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020.

Cybercrime 110

Cybercrime Security Intelligence Authentication Banking 110

Security Affairs

JUNE 22, 2020

AMD recently announced that it was preparing patches for an SMM Callout Privilege Escalation vulnerability, tracked as CVE-2020-12890 , that affects the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). SecurityAffairs – hacking, chips). ” reads the AMD’s announcement. Pierluigi Paganini.

Firmware 91

Firmware Architecture Advertising Manufacturing 91

Security Affairs

JULY 19, 2021

Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale it on multiple hacking forums. ” ZeroX claims to have exploited a zero-day flaw to steal the data from the infrastructure of Saudi Aramco back in 2020.

Engineering 133

Engineering Telecommunications Wireless Data breaches 133

Security Affairs

MARCH 16, 2021

The shell script downloads several Mirai binaries that were compiled for different architectures, then it executes these binaries one by one. SecurityAffairs – hacking, Mirai). “The attacks are still ongoing at the time of this writing. “The attacks are still ongoing at the time of this writing. Pierluigi Paganini.

Wireless 119

Wireless IoT DNS VPN 119

Security Affairs

NOVEMBER 1, 2021

On 2020-01-02, CNCERT reported that “the number of Bot node IP addresses associated with this botnet exceeds 5 million. The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. SecurityAffairs – hacking, Pink botnet). Pierluigi Paganini.

Architecture 116

Architecture DDOS Advertising Firmware 116

Threatpost

AUGUST 7, 2020

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

Architecture 125

Architecture Mobile Hacking 125

Security Affairs

JUNE 21, 2022

Researchers linked a new APT group, tracked as ToddyCat, to a series of attacks targeting entities in Europe and Asia since at least December 2020. Researchers from Kaspersky have linked a new APT group, tracked as ToddyCat, to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020.

Architecture 108

Architecture Malware Hacking Cybersecurity 108

Security Affairs

OCTOBER 12, 2020

According to the Alert (AA20-283A), advanced persistent threat (APT) actors are exploiting multiple legacy vulnerabilities in combination with a the recently discovered Zerologon vulnerability (CVE-2020-1472). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. SecurityAffairs – hacking, Zerologon).

VPN 136

VPN Government Authentication Advertising 136

Security Affairs

MAY 24, 2021

Below the full vulnerabilities list: CVE-2020-28903 – XSS in Nagios XI when attacker has control over fused server. CVE-2020-28905 – Nagios Fusion authenticated remote code execution (from the context of low-privileges user). CVE-2020-28910 – Nagios XI getprofile.sh and modification of proxy config.

Software 101

Software Risk Authentication Architecture 101

Security Affairs

DECEMBER 22, 2022

includes several new flaws, including: Vulnerability Affected software CVE-2017-17105 Zivif PR115-204-P-RS CVE-2019-10655 Grandstream CVE-2020-25223 WebAdmin of Sophos SG UTM CVE-2021-42013 Apache CVE-2022-31137 Roxy-WI CVE-2022-33891 Apache Spark ZSL-2022-5717 MiniDVBLinux. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

IoT 112

IoT DDOS Malware Firmware 112

Troy Hunt

AUGUST 7, 2020

link] — Junade Ali (@IcyApril) August 5, 2020 This tweet isn't entirely accurate; it was all Junade's idea and he designed the k-anonymity implementation for HIBP's Pwned Passwords. I asked on Twitter earlier today, and it's, well, extensive: Chromium — Isaac Weaver (@IsaacjWeaver) August 7, 2020 Wordpress.

Passwords 363

Passwords Architecture Data breaches Internet 363

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. SecurityAffairs – hacking, Enemybot). Upon installing the threat, the bot drops a file in /tmp/.pwned To nominate, please visit:?

DDOS 129

DDOS Architecture Malware Cybercrime 129

Security Affairs

SEPTEMBER 20, 2020

DHS CISA issued an emergency directive to tells government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday. The Department of Homeland Security’s CISA issued an emergency directive to order government agencies to address the Zerologon vulnerability (CVE-2020-1472) by Monday. Pierluigi Paganini.

Authentication 104

Authentication Passwords Advertising Government 104

Security Affairs

OCTOBER 28, 2020

Steelcase is a US-based furniture company that produces office furniture, architectural and technology products for office environments and the education, health care and retail industries. billion in 2020. “On October 22, 2020, Steelcase Inc. . “On October 22, 2020, Steelcase Inc. ” reads the 8-K form.

Ransomware 93

Ransomware Computers and Electronics Manufacturing Advertising 93

Security Affairs

JUNE 15, 2021

Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers. cc, further investigations allowed the researchers to date some of the campaigns back at least to May 2020.

Malware 111

Malware Internet Internet DDOS 111

Security Affairs

OCTOBER 6, 2020

The Zerologon vulnerability, tracked as CVE-2020-1472 , is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 95

Authentication Advertising Architecture Security Intelligence 95

SecureWorld News

FEBRUARY 9, 2024

Technology: Technology is the foundation for an IAM program delivery within a layered security architecture. RELATED: Death of the VPN: A Security Eulogy ] VPNs have notably higher operating costs and lower scalability when using device-based architecture. Processes enable Identity to power people-centric security.

IoT 89

IoT VPN Architecture Risk 89

Security Affairs

JULY 2, 2020

The most severe flaw, tracked as CVE-2020-3297, affects Small Business and managed switches, it has been rated by Cisco as high severity. The issue tracked as CVE-2020-3431 could be exploited by tricking a user of the interface into clicking a crafted link. SecurityAffairs – hacking, routers). Pierluigi Paganini.

Small Business 100

Small Business Engineering Authentication Architecture 100

SC Magazine

MARCH 29, 2021

Bugcrowd, which offers a platform allowing companies to connect their applications to a community of thousands of security researchers who root out for bugs and vulnerabilities, reported a 50 percent increase in total bug bounty submissions in 2020 compared to 2019. Now it’s up to us all as a society to do it.”.

Software 120

Software Hacking Government Cyber Insurance 120

SecureWorld News

MAY 27, 2021

In this case, the audit found that employees were opening the space agency to cyber threats like never before: "According to NASA data, the Agency identified 1,785 cyber incidents in 2020. Further, improper use continued to be the top attack vector type in 2020.".

Cyber Risk 59

Cyber Risk Risk Architecture Cyber threats 59

Security Affairs

MAY 30, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X RCE CVE-2020-5902 F5 BigIP RCE No CVE (vulnerability published on 2019) ThinkPHP 5.X

Malware 138

Malware DDOS IoT Cybercrime 138

Security Affairs

FEBRUARY 23, 2021

Two issues, tracked as CVE-2020-14782 and CVE-2020-27221, affect Runtime Environment Java 7 and 8 which is used in IBM Integration Designer. IBM Integration Designer is a complete authoring environment that you use for end-to-end integration in your service-oriented architecture (SOA). SecurityAffairs – hacking, IBM).

Architecture 73

Architecture Hacking Information Security Malware 73

Security Affairs

SEPTEMBER 14, 2020

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472.

Authentication 85

Authentication Passwords Advertising Architecture 85

Security Affairs

MAY 15, 2022

The botnet has been active since at least the end of 2020, but its activity was documented in April 2021 by multiple security researchers. “Sysrv-hello is a multi-architecture Cryptojacking ( T1496 ) botnet that first emerged in late 2020, and employs Golang malware compiled into both Linux and Windows payloads.

Security Intelligence 77

Security Intelligence Malware Architecture Backups 77

Security Affairs

DECEMBER 6, 2020

Cyber Command (@US_CYBERCOM) December 4, 2020. ” The PCTE platform was launched in February 2020 as a component of the U.S. military’s Joint Cyber Warfighting Architecture, it allows multiple independent cyber training operations to run simultaneously. SecurityAffairs – hacking, US Cyber Command).

Architecture 107

Architecture Hacking Technology Information Security 107

Security Affairs

OCTOBER 2, 2020

The activity of the cyber espionage group was first documented by ESET experts Matthieu Faou and Francis Labelle in a talk at the Virus Bulletin 2020 security conference. SecurityAffairs – hacking, XDSpy). “It is very uncommon to find a cyber espionage operation without any public reporting after almost 10 years of activity.”

Malware 133

Malware Government Advertising Phishing 133

Security Affairs

APRIL 19, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. SecurityAffairs – hacking, XCSSET). states the report published by Kaspersky.

Malware 103

Malware Cryptocurrency Architecture Engineering 103

Security Affairs

NOVEMBER 9, 2021

Threat actors also scan the web for ports 2375, 2376, 2377, 4243, 4244, and attempt to gather server info such as the OS type, container registry, architecture, number of CPU cores, and the current swarm participation status. SecurityAffairs – hacking, Dockers). Experts noticed that the IP address 45[.]9[.]148[.]182

Cryptocurrency 93

Cryptocurrency Malware Cybercrime Architecture 93

Security Affairs

OCTOBER 22, 2020

The Taiwanese vendor QNAP has published an advisory to warn customers that certain versions of the operating system for its network-attached storage (NAS) devices, also known as of QTS, are affected by the Zerologon vulnerability ( CVE-2020-1472 ). The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon.

Authentication 78

Authentication Advertising Architecture Cybercrime 78

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. According to a new report published by IBM, the Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020. SecurityAffairs – hacking, Mozi botnet).

IoT 119

IoT DDOS Architecture Passwords 119

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords 107

Passwords Architecture Backups Cyber Attacks 107

Security Affairs

MARCH 13, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. SecurityAffairs – hacking, Apple). ” states the report published by Kaspersky.

Malware 98

Malware Adware Architecture Antivirus 98