WIRED Threat Level

DECEMBER 30, 2020

This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver.

Internet 145

Internet Internet Hacking 145

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. Further reading: A Basic Timeline of the Exchange Mass-Hack. At Least 30,000 U.S.

Hacking 347

Hacking Cybercrime DNS Antivirus 347

Security Affairs

SEPTEMBER 23, 2020

September 23, 2020. In August 2020, mass anti-government protests erupted in Belarus against the re-election of the president Alexander Lukashenko and the arrest of opposition political candidates. The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked.

Internet 119

Internet Internet DNS Advertising 119

Security Affairs

JANUARY 3, 2021

Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020. Below a list of top incidents: There were a number of major data breaches that took place in 2020, in many cases stolen records flooded the cybercrime underground and were used credential stuffing attacks.

Data breaches 139

Data breaches Cybercrime Hacking Passwords 139

Security Affairs

FEBRUARY 9, 2020

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%.

DDOS 144

DDOS Internet Internet Telecommunications 144

Security Affairs

FEBRUARY 11, 2020

Dear readers, I decided to create a simple Infographic that shows Cybercrime facts in 2019, I’ve done it for Safer Internet Day 2020. SecurityAffairs – cybercrime, hacking). The post Safer internet day – Cybercrime facts Infographic appeared first on Security Affairs. Pierluigi Paganini.

Cybercrime 87

Cybercrime Internet Internet Advertising 87

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN 129

VPN Firewall Advertising Internet 129

SC Magazine

MARCH 9, 2021

The Chinese espionage group Spiral may be to blame for two intrusions in 2020 to a SolarWinds Orion server that were linked to each other but not to the infamous SolarWinds attack attributed to Russia. ( “Peter @ Solarwinds office” by ecooper99 is licensed under CC BY 2.0 ). The second attack happened in late 2020.

Internet 106

Internet Internet Authentication Media 106

Security Affairs

NOVEMBER 11, 2020

Microsoft Patch Tuesday updates for November 2020 address 112 flaws, including a Windows bug that was chained with Chrome issues in attacks. The IT giant also addressed the CVE-2020-17087 Windows flaw that was chained with the CVE-2020-15999 Chrome bug in attacks in the wild. SecurityAffairs – hacking, Chrome zero-day).

Internet 111

Internet Internet Hacking Information Security 111

Security Affairs

MAY 27, 2021

The Agency identified 1,785 cyber incidents in 2020, including brute-force attacks, email-related attacks, impersonation attacks, improper usage of the systems, loss/theft of equipment, and web-based attacks. In 2020, most of the incidents were improper usage issues, followed by loss/theft of equipment and web-based attacks.

Information Security 121

Information Security Cyber Attacks Mobile Architecture 121

CyberSecurity Insiders

NOVEMBER 24, 2022

Well, it’s because of privacy concerns, as hackers can hack the camera and see what a person is doing in front of the screen or get a glimpse of what was happening in front of the camera placed in a room or office. Now coming to the main point, i.e., how is this hacking takes place? Similar to extortion tactics….

Hacking 104

Hacking Media Internet Internet 104

Threatpost

AUGUST 6, 2020

Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.

Hacking 108

Hacking Internet Internet IoT 108

Security Affairs

SEPTEMBER 8, 2020

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. ” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image.

Advertising 86

Advertising Internet Internet Hacking 86

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware 113

Firmware Passwords Accountability VPN 113

Security Affairs

NOVEMBER 7, 2020

At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. SecurityAffairs – hacking, CVE-2020-14882). and 14.1.1.0.

Ransomware 91

Ransomware Malware Internet Internet 91

Security Affairs

MARCH 12, 2020

Microsoft released security updates to fix a recently disclosed CVE-2020-0796 vulnerability in SMBv3 protocol that could be abused by wormable malware. Microsoft has released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “ wormable ” malware.

Advertising 114

Advertising Internet Internet Malware 114

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 131

Engineering VPN Accountability Software 131

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reported BleepingComputer.

Internet 100

Internet Internet Authentication Advertising 100

Security Affairs

JUNE 25, 2021

Medov warns of the chaining of this issue with other ones, like CVE-2020-29015 that Positive Technologies discovered in May. The CVE-2020-29015 is a blind SQL injection flaw that a remote, unauthenticated attacker could exploit to execute SQL commands or queries by sending a specially crafted request. Pierluigi Paganini.

Hacking 118

Hacking Firewall Authentication Technology 118

Security Affairs

JULY 8, 2021

CVE Identifier CWE Identifier CVSS score (Severity) Remediation CVE-2020-7388 CWE-290 : Unauthenticated Command Execution Bypass by Spoofing in AdxAdmin 10.0 Critical) Update available CVE-2020-7387 CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor in AdxAdmin 5.3 SecurityAffairs – hacking, SAGE).

Hacking 109

Hacking Authentication VPN Software 109

Security Affairs

OCTOBER 29, 2020

Threat actors have started exploiting a critical vulnerability in Oracle WebLogin, tracked as CVE-2020-14882, in attacks in the wild. Threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the attempt of exploiting the a critical flaw tracked as CVE-2020-14882.

Advertising 89

Advertising Internet Internet Engineering 89

Security Affairs

AUGUST 12, 2020

Microsoft August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks. Microsoft August 2020 Patch Tuesday updates have addressed 120 flaws, including two zero-day vulnerabilities that have been exploited in attacks in the wild. ” reads the advisory.

Internet 77

Internet Internet Engineering Advertising 77

Security Affairs

MAY 12, 2021

For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. ” Summarizing, the design flaws discovered by the expert are: CVE-2020-24588 : aggregation attack (accepting non-SPP A-MSDU frames).

Hacking 127

Hacking Encryption Authentication Internet 127

Security Affairs

JULY 24, 2020

Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system. The CVE-2020-3452 flaw was independently reported to Cisco by Mikhail Klyuchnikov of Positive Technologies and Abdulrahman Nour and Ahmed Aboul-Ela from RedForce.

Firewall 110

Firewall Advertising Software Hacking 110

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. Source: DZone’s Edge Computing and IoT, 2020 . A Safer Internet of Things.

Internet 136

Internet Internet IoT Software 136

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising 127

Advertising InfoSec Government Healthcare 127

Schneier on Security

MAY 3, 2023

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn’t realize what they detected—and so ignored it. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration 196

System Administration Software Engineering Internet 196

Security Affairs

JANUARY 18, 2020

Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability (CVE-2020-0674) that is currently being exploited in the wild. The tech giant confirmed that the CVE-2020-0674 zero-day vulnerability has been actively exploited in the wild. SecurityAffairs – CVE-2020-0674 , hacking).

Internet 90

Internet Internet Advertising Engineering 90

Security Affairs

NOVEMBER 29, 2020

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159 , the flaw is rated 9.8 The flaw, tracked as CVE-2020-25159, has received a CVSS score of 9.8 SecurityAffairs – hacking, industrial automation systems).

Hacking 129

Hacking Firmware Internet Internet 129

Security Affairs

JUNE 19, 2021

The investigation into the intrusion revealed the involvement of 13 internet addresses including one traced to the Kimsuky APt group. Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc. ? SecurityAffairs – hacking, North Korea). ” reported the Reuters.

Hacking 140

Hacking VPN Internet Internet 140

Security Affairs

APRIL 1, 2020

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. We've just finished our first internet wide scan for CVE-2020-0796 and have identified 48000 vulnerable hosts. SMBv3) network communication protocol.

Advertising 106

Advertising Internet Internet Hacking 106

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet 99

Internet Internet Advertising Encryption 99

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini.

Internet 81

Internet Internet Advertising Accountability 81

Security Affairs

FEBRUARY 12, 2020

Microsoft February 2020 Patch Tuesday updates address a total of 99 new vulnerabilities, including an Internet Explorer zero-day exploited in the wild. In January, Microsoft has published a security advisory ( ADV200001 ) that includes mitigations for the CVE-2020-0674 zero-day remote code execution (RCE) flaw.

Internet 74

Internet Internet Engineering Advertising 74

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password. . SecurityAffairs – hacking, data breach).

Data breaches 143

Data breaches Hacking Telecommunications Passwords 143

The State of Security

SEPTEMBER 22, 2022

Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and play with the gear. The post SecTor 2022: The IoT Hack Lab is Back! appeared first on The State of Security.

IoT 78

IoT Hacking Internet Internet 78

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 114

Advertising Government Healthcare Education 114