2020, Cyber Attacks, Information Security and Passwords

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking

Hacking Risk Mobile Banking

Bugs in Avast AntiTrack expose users to cyber attacks

Security Affairs

MARCH 11, 2020

A flaw in the impacting Avast and AVG AntiTrack privacy software could expose users to browser hijacking and Man-in-The-Middle (MiTM) attacks. “A remote attacker running a malicious proxy could capture their victim’s HTTPS traffic and record credentials for later re-use. . ” reads the advisory published by Eade.

Cyber Attacks

Cyber Attacks Advertising Software Internet

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. reads the alert.

Ransomware

Ransomware VPN Cybercrime Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Data Breach at Britain JD Sports leaks 10 million customers

CyberSecurity Insiders

JANUARY 30, 2023

JD Sports, Britain’s online retailer of branded sportswear, has reportedly become a victim of a cyber attack that leaked information of over 10 million customers. JD Sports has assured that hackers accessed no passwords related to their accounts and issued an apology for failing to protect the customer info.

Data breaches

Data breaches Retail Identity Theft Social Engineering

Only 5% of total info stored across the world is secure

CyberSecurity Insiders

AUGUST 11, 2021

A survey conducted by Gartner in 2019 said that 88% of companies operating worldwide were hit by a cyber attack and out of those, 51% of them experienced the incident for password steal. Norton Security that recently acquired Avast business for $8.3 billion by 2023.

Cyber Attacks

Cyber Attacks Marketing Passwords Government

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

. “The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Authentication

Authentication Advertising Architecture Cybercrime

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

No reliable technical findings have been made of what information was transferred, but the investigation shows that there were probably usernames and passwords associated with employees in various state administration offices. . “The actor also succeeded in transferring some data from the offices’ systems.

Government

Government Hacking Cyber Attacks Passwords

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxide, by a factor of more than 100.

Passwords

Passwords Social Engineering Software System Administration

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. We do not store any credit card or payment related information on our servers.”

Media

Media Hacking Passwords Data breaches

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Security Affairs

DECEMBER 24, 2020

Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. Security experts from Qualys are warning that more than 7.5 As a result of the recent SolarWinds supply chain attack, multiple organizations were compromised, including FireEye.

Hacking

Hacking Cyber Attacks Passwords Software

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. — Microsoft Security Intelligence (@MsftSecIntel) October 6, 2020. This is the second alert published by Microsoft related to Zerologon attack in the wild.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Iranian hackers access unsecured HMI at Israeli Water Facility

Security Affairs

DECEMBER 4, 2020

The hackers claimed to have breached an Israeli water facility, likely recycled water, in a video that was published the night of December 1st, 2020. “The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access to it. ” concludes the post.

Cyber Attacks

Cyber Attacks Hacking Authentication Education

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Energetic Bear successfully compromised the infrastructure and as of October 1, 2020, exfiltrated data from at least two victim servers. ” reads the advisory.

Government

Government Hacking Advertising Passwords

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

Bookstore giant Barnes & Noble has disclosed a cyber attack and that the threat actors have exposed the customers’ data. 1/2 — NOOK (@nookBN) October 14, 2020. (2/2) — NOOK (@nookBN) October 14, 2020. Barnes & Noble, Inc. , Thank you for your patience.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Security Affairs

NOVEMBER 11, 2021

The security breach took place between August 2020 and May 2021, the intrusion has been attributed to a financially motivated attacker that deployed a custom implant to redirect visitor traffic to an online video platform. It seems that attackers did not exfiltrate sensitive data from the compromised server.

Hacking

Hacking Passwords Government Security Awareness

Security Affairs newsletter Round 293

Security Affairs

DECEMBER 13, 2020

Every week the best security articles from Security Affairs free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Computers and Electronics

Computers and Electronics VPN Hacking Ransomware

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Security Affairs

AUGUST 1, 2022

The company Encevo, which owns the majority of Creos, published a security advisory to announce that the gas pipeline form has suffered a cyber attack that took place between July 22 and 23. During this attack, a number of data were exfiltrated from computer systems or made inaccessible by hackers.”

Ransomware

Ransomware Passwords Cyber Attacks Hacking

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

. “On May 20, 2021, Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered an information security incident. ” reads the letter.

Data breaches

Data breaches Hacking Banking Financial Services

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

sys “) by triggering the CVE-2020-15368 flaw to execute malicious code in the Windows kernel. ” Mandiant, which tack the toolkit as INCONTROLLER, also published a detailed analysis warning of its dangerous cyber attack capability. ” reads the analysis published by Mandiant.

Passwords

Passwords Architecture Backups Cyber Attacks

Ubisoft suffered a cyber security incident that caused a temporary disruption

Security Affairs

MARCH 12, 2022

Video game company Ubisoft has suffered a ‘cyber security incident’ that had a severe impact on games, systems, and services. The rumors of a cyber attack against Ubisoft circulated online in the last few days, while data extortion group LAPSUS$ claimed to have hacked the company.

Data breaches

Data breaches Telecommunications Hacking Cyber Attacks

Dissecting the malicious arsenal of the Makop ransomware gang

Security Affairs

MARCH 14, 2023

Makop gang did not conduct any significative retooling since 2020, which is a clear indicator of their effectiveness even after three years and hundreds of successful compromises. Introduction The Makop ransomware operators started their infamous criminal business in 2020 leveraging a new variant of the notorious Phobos ransomware.

Ransomware

Ransomware Software System Administration Encryption

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

.” T-Mobile said that threat actors did not access names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches

Data breaches Mobile Telecommunications Wireless

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high.

Advertising

Advertising Malware IoT Technology

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia. FBI recommends using passphrases instead of complex passwords. FireEye Mandiant M-Trends 2020 report: 500+ new Malware strains in 2019. Lampion malware v2 February 2020. New Cyber Attack Campaign Leverages the COVID-19 Infodemic.

Banking

Banking Malware Advertising Ransomware

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China has been using #Taidoor malware to conduct #cyber espionage on governments, corporations, and think tanks. NSCS @cse_cst @CISAgov @FBI [link] — @U.S.CyberCommand (@US_CYBERCOM) August 3, 2020. If these services are required, use strong passwords or Active Directory authentication.

Malware

Malware Government Passwords System Administration

Experts confirmed that the networks of the United Nations were hacked earlier this year

Security Affairs

SEPTEMBER 10, 2021

The UN and other international agencies are privileged targets for cyber criminals and nation-state actors and unfortunately, it is quite easy to find login credentials belonging to their employees available for sale on the dark web. One of the offices that were hit by a sophisticated cyber attack is the U.N. Pierluigi Paganini.

Hacking

Hacking Data breaches Cyber Attacks Software

NCA arrested 21 customers of the WeLeakInfo service

Security Affairs

JANUARY 3, 2021

In early 2020, a joint operation conducted by the FBI in coordination with the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. .” ” reads the announcement published by the UK NCA. Pierluigi Paganini.

Data breaches

Data breaches Cybercrime Cyber Attacks Advertising

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

According to Bleeping Computer , the hackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, the security breach did not impact business customers. Impacted T-Mobile customers are recommended to change their password, PIN, and security questions.

Mobile

Mobile Telecommunications Data breaches Identity Theft

T-Mobile data breach has impacted 48.6 million customers

Security Affairs

AUGUST 18, 2021

million current T-Mobile postpaid customer accounts’ information appears to be contained in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile. . “Our preliminary analysis is that approximately 7.8

Data breaches

Data breaches Mobile Telecommunications Wireless

Security Affairs newsletter Round 304

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Data breaches

Data breaches Data collection Ransomware Hacking

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware

Ransomware Hacking Encryption Penetration Testing

P&N Bank data breach may have impacted 100,000 West Australians

Security Affairs

JANUARY 15, 2020

pic.twitter.com/BywQtf6qSE — Nick (@vrNicknack) January 15, 2020. According to The West Australian website , hackers have stolen personal information from 100,000 West Australians in the cyber attack. Received this notice 15mins ago.

Data breaches

Data breaches Banking Cyber Attacks Accountability

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Security Affairs

NOVEMBER 15, 2023

IPStorm botnet continues to infect systems across the world, its size passed from around 3,000 infected systems in May 2019 to more than 13,500 devices in October 2020. The experts from both security firms reported that IPStorm was infecting Android systems with ADB (Android Debug Bridge) port exposed online.

Hacking

Hacking Cryptocurrency Cyber Attacks Advertising

Security Affairs newsletter Round 260

Security Affairs

APRIL 19, 2020

Scams

Scams Phishing Advertising DDOS

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

In this blog post, we'll explore common techniques used to penetrate systems and how organizations can defend against each type of attack. Common Types of Cyber Attacks Common techniques that criminal hackers use to penetrate systems include social engineering, password attacks, malware, and exploitation of software vulnerabilities.

Social Engineering

Social Engineering Passwords Engineering Software

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. review Active Directory password policy. In 2020 groups were demanding as much as $30 million to unlock a victim’s files and systems.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

Experts have found tens of security vulnerabilities in Zyxel Network Management Software, including backdoors and hardcoded SSH keys. Security researchers Pierre Kim and Alexandre Torres have discovered several vulnerabilities Zyxel Cloud CNM SecuManager software that could expose users to cyber attacks.

Accountability

Accountability Advertising Software Authentication

Experts found gained access to the Git Repositories of the United Nations

Security Affairs

JANUARY 11, 2021

In January 2020, an internal confidential report from the United Nations that was leaked to The New Humanitarian revealed that dozens of servers of the organization were “compromised” at offices in Geneva and Vienna. One of the offices that were hit by a sophisticated cyber attack is the U.N. ” conclude the experts.

Backups

Backups Cyber Attacks Passwords Hacking

US and UK sanctioned seven Russian members of Trickbot gang

Security Affairs

FEBRUARY 9, 2023

The Trickbot Group’s preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services.” companies.” . : “By sanctioning these cyber criminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account.”

Banking

Banking Ransomware Cybercrime Malware

We can attract more women by busting the ‘hoodie’ stereotype

SC Magazine

MARCH 8, 2021

As a result, there has been a marked increase in cyber attacks on cloud infrastructure as well as a rise in phishing attempts. In the United States, women ended 2020 with 5.4 Joanna Burkey, chief information security officer, HP Inc. At the same time, the pandemic has wreaked havoc on the gender employment gap.

CISO

CISO B2B Cybersecurity Engineering

Cyber CEO: A Look Back at Cybersecurity in 2021

Herjavec Group

DECEMBER 15, 2021

This forced security leaders and enterprise executives to assess their information security operations and overall cybersecurity posture to ensure their organizations were ready to face the challenges ahead. For cyber actors, it’s a lucrative cyber attack option that can be delivered in various ways.

Cybersecurity

Cybersecurity Digital transformation Ransomware Cyber Risk

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. These distinct pieces of evidence can include a one-time password or a fingerprint scan.

IoT

IoT Phishing Passwords Scams

Hundreds of millions of Android users exposed to hack due to CVE-2020-8913

Bugs in Avast AntiTrack expose users to cyber attacks

Webinars

Trending Sources

NetWalker ransomware operators have made $25 million since March 2020

Webinars

Data Breach at Britain JD Sports leaks 10 million customers

Only 5% of total info stored across the world is secure

FBI: Compromised US academic credentials available on various cybercrime forums

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Norway blames China-linked APT31 for 2018 government hack

FBI’s alert warns about using Windows 7 and TeamViewer

Asian media firm E27 hacked, attackers asked for a “donation”

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Iranian hackers access unsecured HMI at Israeli Water Facility

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Threat actors hacked a server of a Queensland water supplier and remained undetected for 9 months

Security Affairs newsletter Round 293

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Ubisoft suffered a cyber security incident that caused a temporary disruption

Dissecting the malicious arsenal of the Makop ransomware gang

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

OT attacks increased by over 2000 percent in 2019, IBM reports

Security Affairs newsletter Round 253

US govt agencies share details of the China-linked espionage malware Taidoor

Experts confirmed that the networks of the United Nations were hacked earlier this year

NCA arrested 21 customers of the WeLeakInfo service

T-Mobile customers were hit with SIM swapping attacks

T-Mobile data breach has impacted 48.6 million customers

Security Affairs newsletter Round 304

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

P&N Bank data breach may have impacted 100,000 West Australians

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Security Affairs newsletter Round 260

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

Cyber Security Roundup for April 2021

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Experts found gained access to the Git Repositories of the United Nations

US and UK sanctioned seven Russian members of Trickbot gang

We can attract more women by busting the ‘hoodie’ stereotype

Cyber CEO: A Look Back at Cybersecurity in 2021

Top 5 Attack Vectors to Look Out For in 2022

Stay Connected