Krebs on Security

DECEMBER 4, 2024

image: x.com/vxunderground The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. An image tweeted by Matveev showing the Justice Department’s wanted poster for him on a t-shirt. “Mother Russia will help you.

Cybercrime 251

Cybercrime Ransomware Cryptocurrency Government 251

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. Thus, the second factor cannot be phished, either over the phone or Internet. What else do we know about the cause of these incidents?

Hacking 332

Hacking Social Engineering Phishing Scams 332

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities.

Retail 274

Retail Advertising Cryptocurrency Cybercrime 274

Schneier on Security

DECEMBER 20, 2021

One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. By the way, this vulnerability was patched on 13 Sep 2021 in iOS 14.8. Citizen Lab published another report on the spyware used against two Egyptian nationals.

Manufacturing 356

Manufacturing Spyware Hacking Internet 356

Krebs on Security

DECEMBER 13, 2022

In November 2021, KrebsOnSecurity detailed how Pompompurin abused a vulnerability in an FBI online portal designed to share information with state and local law enforcement authorities, and how that access was used to blast out thousands of hoax email messages — all sent from an FBI email and Internet address.

Hacking 363

Hacking Cybercrime Energy and Utilities Accountability 363

Security Affairs

DECEMBER 2, 2024

“We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges. Russia first blocked Tor in 2021, but at the time the censorship was bypassed via bridges. If you’ve ever thought about running a Tor bridge, now is the time.

Government 129

Government Internet Internet Hacking 129

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. and its allies for hacking activities in July. Wall Street Journal reported.

Mobile 114

Mobile Telecommunications Data breaches Hacking 114

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture 109

Architecture Internet Internet Malware 109

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. China has enclosed its national internet servers within what is colloquially called ‘the Great Firewall.’ Related: How China challenged Google in Operation Aurora.

Hacking 243

Hacking Passwords Firewall Internet 243

Security Affairs

JANUARY 21, 2025

The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP). Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Mercedes) The MBUX system consists of several key components.

Software 134

Software Architecture Media Engineering 134

Security Affairs

SEPTEMBER 8, 2021

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems.

Internet 140

Internet Internet Engineering Hacking 140

Krebs on Security

MAY 20, 2025

The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 Image: Cloudflare.

DDOS 293

DDOS IoT Internet Internet 293

Daniel Miessler

MAY 19, 2021

Top actions in breaches were: phishing (social), use of stolen credentials (hacking), other, ransomware (malware), pretexting (social), misconfiguration (error), misdelivery (error), brute force (hacking), C2 (malware), and backdoor (malware). Top three for beginning: hacking, error, and social.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 Image: Qrator.

IoT 353

IoT DDOS Internet Internet 353

Security Affairs

NOVEMBER 2, 2021

Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205 , in GitLab’s web interface that has been actively exploited in the wild. It is now mitigated in the latest release and is assigned CVE-2021-22205.” SecurityAffairs – hacking, RCE).

Internet 145

Internet Internet VPN Hacking 145

Security Affairs

DECEMBER 3, 2024

The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country. In 2021, the University of Toronto-based Citizen Lab Internet reported that a Polish opposition duo was hacked with NSO spyware.

Spyware 120

Spyware Government Surveillance Hacking 120

Security Affairs

FEBRUARY 13, 2025

Microsoft now spotted the subgroup compromising multiple Internet-facing infrastructures to enable Seashell Blizzard APT group to maintain persistence in the networks of high-value targets and support tailored network operations. ” reads the report published by Microsoft.

Telecommunications 109

Telecommunications DNS Hacking Passwords 109

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

SEPTEMBER 25, 2021

Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it. Researchers warn that immediately after the release of the exploit code for the recently addressed CVE-2021-22005 flaw in VMware vCenter threat actors started using it. SecurityAffairs – hacking, VMware).

Internet 138

Internet Internet Engineering Hacking 138

Security Affairs

NOVEMBER 19, 2024

Evgenii Ptitsyn and others allegedly ran an international hacking scheme since November 2020, deploying Phobos ransomware to extort victims. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024. Attorney Erek L.

Cybercrime 117

Cybercrime Ransomware Healthcare Education 117

Security Affairs

MAY 23, 2021

The wormable CVE-2021-31166 vulnerability in the HTTP Protocol Stack of the Windows IIS server also affects WinRM on Windows 10 and Server systems. This really expands the number of vulnerable systems, although no one would intentionally put that service on the internet. — Jim DeVries (@JimDinMN) May 19, 2021.

Firewall 142

Firewall Engineering Internet Internet 142

Security Affairs

JUNE 4, 2021

Hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware. Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. Pierluigi Paganini.

Internet 144

Internet Internet Ransomware Encryption 144

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. During 2020 and 2021, more than 500 router vulnerabilities were found. search results for “default password” in June 2021.

DDOS 133

DDOS Passwords IoT Firmware 133

Security Affairs

JANUARY 11, 2022

The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively.

Ransomware 137

Ransomware Hacking Internet Internet 137

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. SecurityAffairs – hacking, SolarMarker).

Software 145

Software VPN Cybersecurity Internet 145

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS 145

DNS Malware Internet Cryptocurrency 145

Security Affairs

APRIL 13, 2025

The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals. RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty. They shame non-payers by leaking data.

Data breaches 130

Data breaches Unstructured Data Identity Theft Healthcare 130

Security Affairs

DECEMBER 10, 2022

Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Over the years, researchers disclosed several severe vulnerabilities in the server software, in April of 2021, CISA published a report warning of the exploitation of Pulse Connect secure flaws. SecurityAffairs – hacking, Pulse).

Internet 116

Internet Internet VPN Software 116

eSecurity Planet

APRIL 2, 2025

In a troubling security breach, a hacker exposed the personal data of over 270,000 Samsung customers in Germany, freely dumping it on the internet. The hack, attributed to a cybercriminal operating under the alias GHNA, occurred when the attacker accessed a system used by Samsungs German customer service.

Identity Theft 121

Identity Theft Scams Cybersecurity Accountability 121

Schneier on Security

SEPTEMBER 19, 2024

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Telecommunications 291

Telecommunications Media Malware Internet 291

Security Affairs

SEPTEMBER 28, 2021

An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild. deployments.

Software 143

Software Hacking Internet Internet 143

Google Security

FEBRUARY 10, 2022

Throughout 2021, we partnered with the security researcher community to identify and fix thousands of vulnerabilities – helping keep our users and the internet safe. We also launched bughunters.google.com in 2021, a public researcher portal dedicated to keeping Google products and the internet safe and secure.

Internet 145

Internet Internet Manufacturing Hacking 145

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. But on Dec. AWM Proxy’s online storefront disappeared that same day.

Passwords 321

Passwords Malware Internet Internet 321

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. SecurityAffairs – hacking, Hikvision).

Hacking 126

Hacking Firmware Internet Internet 126

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT 145

IoT Firmware Authentication Wireless 145

Krebs on Security

JUNE 14, 2022

Today, however, the group began publishing individual victim websites on the public Internet, with the leaked data made available in an easily searchable form. ALPHV recently announced on its victim shaming and extortion website that it had hacked a luxury spa and resort in the western United States.

Ransomware 313

Ransomware Internet Internet Cybercrime 313