2021, Authentication, Cybercrime and Information Security

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. .” Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Security Affairs

JUNE 17, 2021

UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. “The intrusion that is detailed in this post began on May 18, 2021, which occurred days after the publicly reported shutdown of the overall DARKSIDE program ( Mandiant Advantage background ).

Cybercrime

Cybercrime Ransomware Antivirus Software

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. and certificate-based authentication. appeared first on Security Affairs.

Phishing

Phishing Authentication Social Engineering Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile

Mobile Cryptocurrency Authentication Accountability

AT&T confirmed that a data breach impacted 73 million customers

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. The archive contains 73.481.539 records. “It

Data breaches

Data breaches Telecommunications Cybercrime Hacking

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

Security Affairs

SEPTEMBER 3, 2021

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. . US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Authentication

Authentication Cryptocurrency Hacking Government

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Security Affairs

SEPTEMBER 30, 2021

Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. At the end of August, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product. link] — U.S.

Cryptocurrency

Cryptocurrency Authentication Malware Marketing

Twitter says recently leaked user data are from 2021 breach

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. ” the source told 9to5Mac.

Data breaches

Data breaches Accountability Media Hacking

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking

Banking Government Information Security Authentication

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware

Ransomware Firmware Antivirus Accountability

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We For more information, please visit www.veridiumid.com.

InfoSec

InfoSec B2C B2B Authentication

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Database, source code allegedly related to bulletproof hosting, once Parler’s service provider, up for sale on hacker forum

Security Affairs

JUNE 2, 2021

Group-IB discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum. The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. The seller registered this account on exploit[.]in

DDOS

DDOS Cybercrime Authentication Accountability

PoC exploit for 2 flaws in Dahua cameras leaked online

Security Affairs

OCTOBER 7, 2021

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. “The identity authentication bypass vulnerability found in some Dahua products during the login process.

Authentication

Authentication Firmware Hacking Engineering

AT&T states that the data breach impacted 51 million former and current customers

Security Affairs

APRIL 10, 2024

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches

Data breaches Telecommunications Identity Theft Hacking

Over 1 million WordPress sites affected by OptinMonster plugin flaws

Security Affairs

OCTOBER 28, 2021

A high-severity vulnerability (CVE-2021-39341) in The OptinMonster plugin can allow unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. SecurityAffairs – hacking, cybercrime). Admins of WordPress sites using vulnerable versions of the OptinMonster plugin have to install the 2.6.5

Cybercrime

Cybercrime Accountability Authentication Hacking

The dangers of “connected” healthcare: predictions for 2022

SecureList

NOVEMBER 23, 2021

Part of our predictions last year were based on the assumption that in 2021, the pandemic will continue for at least a few months and, because this assumption turned out to be accurate, so did many of our predictions. The medical theme will forever be a popular one for use as bait in cybercrime schemes. Predictions for the year 2022.

Healthcare

Healthcare Ransomware Cybercrime Scams

Security Affairs newsletter Round 313

Security Affairs

MAY 9, 2021

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager UNC2529, a new sophisticated cybercrime gang that targets U.S.

Data breaches

Data breaches DDOS VPN Hacking

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Threat actors are targeting Pulse Connect Secure VPN devices exploiting multiple flaws, including CVE-2021-22893 and CVE-2021-22937. CVE-2021-22893 is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 One file is designed to intercept certificate-based multi-factor authentication.

Malware

Malware VPN Authentication Hacking

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

.” These upgrades prove that Hive is one of the fastest evolving ransomware families in the cybercrime ecosystem. The Hive ransomware operation has been active since June 2021, it provides Ransomware-as-a-Service Hive and adopts a double-extortion model threatening to publish data stolen from the victims on their leak site (HiveLeaks).

Encryption

Encryption Ransomware Cybercrime Malware

SynAck ransomware gang releases master decryption keys for old victims

Security Affairs

AUGUST 13, 2021

The news was first reported by TheRecord website, the master decryption keys work for victims that were infected between July 2017 and early 2021. “The keys have been verified as authentic by Michael Gillespie , a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.”

Ransomware

Ransomware Authentication Malware Hacking

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

Security Affairs

SEPTEMBER 22, 2021

link] #Cybersecurity #Ransomware pic.twitter.com/UQ7bZCtu0e — US-CERT (@USCERT_gov) September 22, 2021. The advisory urges organizations to take supplementary measures to increase their level of security. Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider.

Ransomware

Ransomware Cybercrime Authentication Healthcare

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Kaspersky’s own research found that as of 2021 91% of global medical providers had implemented telehealth capabilities. Now, more than two years since the start of the pandemic, some of the homebrew telehealth projects have since grown and become more stable and secure. In 2021, the situation did not improve.

Phishing

Phishing Healthcare IoT Authentication

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware

Spyware Backups Manufacturing Data breaches

A server of the Jenkins project hacked by exploiting a Confluence flaw

Security Affairs

SEPTEMBER 7, 2021

The attackers breached a deprecated Confluence service used by the organization exploiting the Confluence CVE-2021-26084 vulnerability. In response to the incident, the Jenkins team took the affected server offline and launched an investigation into the security incident. Cyber Command (@US_CYBERCOM) September 3, 2021.

Hacking

Hacking Cryptocurrency Authentication Internet

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

Just yesterday, only two days after the publication, our home security solution, Secure Home , detected attempts to exploit these vulnerabilities to spread a variant of a Mirai malware.” As of August 18th, we have identified attempts to exploit CVE-2021-35395 in the wild.” ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

Threat actors stole $120 M in crypto from BadgerDAO DeFi platform

Security Affairs

DECEMBER 3, 2021

peckshield) December 2, 2021. peckshield) December 2, 2021. BadgeDAO notified US and Canadian authorities and is investigating the security breach with the help of forensics firm Chainalysis. adgerDAO (@BadgerDAO) December 2, 2021. adgerDAO (@BadgerDAO) December 2, 2021. The investigation continues.

Hacking

Hacking Phishing Authentication Cryptocurrency

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Security Affairs

FEBRUARY 19, 2024

Anatsa was first detected by the Italian cybersecurity firm Cleafy in March 2021 while it was targeting banks in Spain, Germany, Italy, Belgium, and the Netherlands. The experts observed five droppers in the latest campaign with over 100,000 total installations. ” concludes the report.

Banking

Banking Malware Mobile Authentication

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.” Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

DNS

DNS Manufacturing Education Authentication

Twitter confirms zero-day used to access data of 5.4 million accounts

Security Affairs

AUGUST 5, 2022

The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings. “This bug resulted from an update to our code in June 2021.

Accountability

Accountability Data breaches Authentication Media

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

MARCH 23, 2023

The authors claim that Nexus has been entirely written from scratch, but the researchers found similarities between Nexus and the SOVA banking trojan , which appeared on the threat landscape in August 2021. Like other malware, Nexus doesn’t infect systems located in Russia and CIS countries.

Banking

Banking Cryptocurrency Malware Advertising

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

Malware

Malware Authentication Software Accountability

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Security Affairs

NOVEMBER 30, 2021

Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official Google Play Store between August and November 2021. Threat actors are refining their techniques to bypass security checks implemented by Google for the app in its Play Store. ” concludes the report.

Banking

Banking Antivirus Malware Authentication

Broward Health suffered a data breach that impacted +1.3 million people

Security Affairs

JANUARY 4, 2022

The attack took place on October 15, 2021, when threat actors breached the hospital’s network and accessed patient data. The healthcare system discovered the security breach on October 19, and reported the incident to local authorities, it also hired a third-party cybersecurity expert to help with the investigations.

Data breaches

Data breaches Healthcare Identity Theft Insurance

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Security Affairs

OCTOBER 24, 2021

The decrypter only allows decrypting files encrypted with BlackMatter versions used gang between mid-July and late-September 2021 , the most recent version of the ransomware addressed the issue. More details can be found here: [link] — Fabian Wosar (@fwosar) October 24, 2021.

Ransomware

Ransomware Encryption Backups Healthcare

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Use multifactor authentication where possible. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware DDOS Passwords Backups

Herjavec Group is Recognized by Cyber Defence Black Unicorn Awards

Herjavec Group

AUGUST 2, 2021

Herjavec Group is thrilled to announce that we have won two distinctions and received 2 finalist recognitions in the 2021 Cyber Defense Black Unicorn Awards. . In the 2021 CDM Black Unicorn Awards, Herjavec Group has been recognized as: . Winner: 2021 Top 10 MSSPs – Herjavec Group.

InfoSec

InfoSec Cybersecurity Computers and Electronics Technology

Russian streaming platform Start discloses a data breach impacting 7.5M users

Security Affairs

AUGUST 31, 2022

According to the company, the attackers stole a 2021 database from its infrastructure and also shared a samples online to demonstrate the authenticity of the claims. The Russian media streaming platform START disclosed a data breach that impacted 7.5 millions of its users. “As follows from the leak, 24.6 million from Ukraine.”

Data breaches

Data breaches Passwords Banking Media

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware

Ransomware Risk Encryption Passwords

Security Affairs newsletter Round 376 by Pierluigi Paganini

Security Affairs

JULY 31, 2022

and Blackmatter ransomware U.S. increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S.

Firmware

Firmware Surveillance Malware DDOS

Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches

Security Affairs

NOVEMBER 26, 2022

The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings. “In This bug resulted from an update to our code in June 2021.

Data breaches

Data breaches Accountability Media Hacking

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

SEPTEMBER 12, 2021

pt” domain have been used to host several malicious campaigns during 2021, including the maxtrilha malware wave. domain used to distribute campaigns in the wild during 2021, including the maxtrilha malware wave. Filename: PdF.exe / MSITrueColor.exe MD5: a6f3e35760bc2848cd258b786c1fd247 Creation date: 2021-09-06 09:20:49.

Banking

Banking Malware Internet Internet

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

UNC2465 cybercrime group launched a supply chain attack on CCTV vendor

Webinars

Trending Sources

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Webinars

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

AT&T confirmed that a data breach impacted 73 million customers

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Twitter says recently leaked user data are from 2021 breach

Many Public Salesforce Sites are Leaking Private Data

Ranzy Locker ransomware hit tens of US companies in 2021

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Database, source code allegedly related to bulletproof hosting, once Parler’s service provider, up for sale on hacker forum

PoC exploit for 2 flaws in Dahua cameras leaked online

AT&T states that the data breach impacted 51 million former and current customers

Over 1 million WordPress sites affected by OptinMonster plugin flaws

The dangers of “connected” healthcare: predictions for 2022

Security Affairs newsletter Round 313

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

New Hive ransomware variant is written in Rust and use improved encryption method

SynAck ransomware gang releases master decryption keys for old victims

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

Telehealth: A New Frontier in Medicine—and Security

Security Affairs newsletter Round 303

A server of the Jenkins project hacked by exploiting a Confluence flaw

Realtek SDK flaws exploited to deliver Mirai bot variant

Threat actors stole $120 M in crypto from BadgerDAO DeFi platform

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Twitter confirms zero-day used to access data of 5.4 million accounts

Nexus, an emerging Android banking Trojan targets 450 financial apps

YTStealer info-stealing malware targets YouTube content creators

4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Broward Health suffered a data breach that impacted +1.3 million people

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Avoslocker ransomware gang targets US critical infrastructure

Herjavec Group is Recognized by Cyber Defence Black Unicorn Awards

Russian streaming platform Start discloses a data breach impacting 7.5M users

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs newsletter Round 376 by Pierluigi Paganini

Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches

The new maxtrilha trojan is being disseminated and targeting several banks

Stay Connected