Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware 122

Ransomware Hacking VPN Phishing 122

Security Affairs

APRIL 7, 2022

Palo Alto Networks addressed a high-severity OpenSSL infinite loop vulnerability, tracked as CVE-2022-0778 , that affects some of its firewall, VPN, and XDR products. SecurityAffairs – hacking, cybercrime). The post Palo Alto Networks devices affected by CVE-2022-0778 OpenSSL bug appeared first on Security Affairs.

Firewall 89

Firewall VPN Cybercrime Software 89

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. The homepage of Stark Industries Solutions.

DDOS 274

DDOS Internet Internet Government 274

Krebs on Security

JULY 29, 2022

The 911 service as it existed until July 28, 2022. But some of them — like 911 — build their networks in part by offering “free VPN” or “free proxy” services that are powered by software which turns the user’s PC into a traffic relay for other users. “Not sure how did the hacker get in,” the 911 message reads.

Cybercrime 270

Cybercrime Software VPN Backups 270

Security Affairs

APRIL 7, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 94

Data breaches Small Business Hacking Malware 94

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN 313

VPN Computers and Electronics Antivirus Software 313

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from your devices or machines.

VPN 83

VPN Cryptocurrency Malware Software 83

SecureList

NOVEMBER 23, 2021

Finally, we will make some forecasts about financial attacks in 2022. The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. Also, many groups relied on vulnerabilities in VPN servers. Analysis of forecasts for 2021.

Cryptocurrency 112

Cryptocurrency Banking Cybercrime Ransomware 112

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. We talked about NAS devices and ransomware in the weekly review 37/2022.” concludes the alert.

Ransomware 103

Ransomware Backups VPN Authentication 103

SecureList

DECEMBER 14, 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. Similarly, at the beginning of February 2022, we noticed a huge spike in the amount of activity related to Gamaredon C&C servers. On May 10, the European Union attributed those malicious activities to the Russian Federation.

DDOS 136

DDOS Ransomware Government Energy and Utilities 136

SecureList

AUGUST 3, 2022

Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. The pro-Russian hacktivists Killnet, which first surfaced in January 2022, claimed responsibility for DDoS attacks on the websites of various European organizations from April through June.

DDOS 113

DDOS Government Marketing IoT 113

Security Affairs

NOVEMBER 8, 2023

In October, CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 106

Ransomware Healthcare VPN Insurance 106

Krebs on Security

FEBRUARY 14, 2022

In January, KrebsOnSecurity examined clues left behind by “ Wazawaka ,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. 26, 2020, a new user named Biba99 registered on the English language cybercrime forum RaidForums. This post is an attempt to remedy that.

VPN 209

VPN Ransomware Cybercrime Accountability 209

Krebs on Security

APRIL 22, 2022

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects.

Mobile 357

Mobile Computers and Electronics VPN Marketing 357

Security Affairs

JANUARY 13, 2024

NAS (Network-Attached Storage) servers that are often used for backups on the network have been hacked and wiped, as have automatic tape backup devices, and in almost every case we know of, all backups have been lost. We talked about NAS devices and ransomware in the weekly review 37/2022.” concludes the alert.

Ransomware 80

Ransomware Backups VPN Authentication 80

Security Affairs

DECEMBER 14, 2023

anti-cybercrime (Ofac).” The threat actors behind the Hive RaaS have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. The group used various attack methods, including malspam campaigns, vulnerable RDP servers, and compromised VPN credentials.

Ransomware 106

Ransomware Cryptocurrency Cybercrime VPN 106

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Malware 93

Malware VPN Encryption Hacking 93

Security Affairs

DECEMBER 18, 2022

SecurityAffairs – hacking, newsletter). Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia Social Blade discloses security breach Data of 5.7M Samba addressed multiple high-severity vulnerabilities Former Twitter employee sentenced to 3.5

Data breaches 89

Data breaches Hacking DDOS VPN 89

Security Affairs

APRIL 19, 2024

In December 2023, Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities 91

Energy and Utilities Telecommunications Technology Government 91

Security Affairs

MAY 17, 2023

The role of an initial access broker is essential in the cybercrime ecosystem, these actors facilitate the sale or exchange of compromised or stolen initial access to computer networks or systems. Marketplace and hacking forums offering initial access, enable crooks to speed up their attacks and monetize their cyber operations.

Energy and Utilities 85

Energy and Utilities Cybercrime Data collection VPN 85

Security Affairs

SEPTEMBER 12, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user. . ” reads an update published by Cisco on September September 11, 2022.

Ransomware 95

Ransomware VPN Authentication Phishing 95

Security Affairs

MARCH 22, 2022

The Lapsus$ extortion group claims to have hacked Microsoft ‘s internal Azure DevOps server and leaked the source code for some projects. Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Pierluigi Paganini.

Cybercrime 86

Cybercrime Telecommunications VPN Hacking 86

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 SecurityAffairs – hacking, newsletter). Pierluigi Paganini.

Small Business 84

Small Business Password Management VPN Healthcare 84

Security Affairs

MARCH 23, 2022

Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. Microsoft confirmed that Lapsus$ extortion group has hacked one of its employees to access and steal the source code of some projects. SecurityAffairs – hacking, Microsoft). Pierluigi Paganini.

Accountability 99

Accountability VPN Social Engineering Hacking 99

Security Affairs

FEBRUARY 10, 2023

The TA886 hacking group targets organizations in the United States and Germany with new spyware tracked as Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated. ” reads the post published by Proofpoint.

Malware 78

Malware Phishing Spyware Cybercrime 78

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. The threat actors obtained the VPN credentials through phishing attacks.

Ransomware 65

Ransomware VPN Cybercrime Accountability 65

Security Affairs

MAY 12, 2023

billion in revenue for 2022. Once discovered the security breach, ABB closed VPN connections with its customers to prevent the threat from spreading. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. We are in the final!

Ransomware 82

Ransomware VPN Hacking Technology 82

Security Affairs

APRIL 23, 2022

The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of the cybercrime group. SecurityAffairs – hacking, T-Mobile). ” wrote Krebs. – Source KrebsOnSecurity. “Our To nominate, please visit:?

Mobile 93

Mobile VPN Social Engineering Telecommunications 93

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). Both groups used MULLVAD VPN. Threat actors masqueraded the attacks as a standard ransomware operation.

Ransomware 83

Ransomware Cybercrime VPN Education 83

Security Affairs

DECEMBER 22, 2022

The Zerobot botnet first appeared in the wild in November 2022 targeting devices running on Linux operating system. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT 112

IoT DDOS Malware Firmware 112

Security Affairs

DECEMBER 3, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini. The post Security Affairs newsletter Round 396 appeared first on Security Affairs.

Spyware 89

Spyware Data breaches VPN Hacking 89

Security Affairs

AUGUST 29, 2023

Citrix reported that successful exploitation requires that the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Then threat actors sent data as an image file to a web-accessible path: cp /var/tmp/test.tar.gz /netscaler/ns_gui/vpn/medialogininit.png. php) on victim machines.

VPN 97

VPN Ransomware DNS Malware 97

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams 252

Scams DDOS Cryptocurrency Accountability 252

Security Affairs

MAY 28, 2023

billion in revenue for 2022. Once discovered the security breach, ABB closed VPN connections with its customers to prevent the threat from spreading. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ABB has more than 105,000 employees and has $29.4

Data breaches 84

Data breaches Ransomware VPN Hacking 84

Security Affairs

MAY 9, 2023

Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. The new ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware 71

Ransomware VPN Antivirus Encryption 71

Security Affairs

JANUARY 22, 2023

The Irish DPC fined WhatsApp €5.5M The Irish DPC fined WhatsApp €5.5M The Irish DPC fined WhatsApp €5.5M

Data breaches 86

Data breaches Retail Malware VPN 86

Security Affairs

OCTOBER 24, 2021

SecurityAffairs – hacking, newsletter). Supply-chain attack on NPM Package UAParser, which has millions of daily downloads Facebook SSRF Dashboard allows hunting SSRF vulnerabilities Groove ransomware group calls on other ransomware gangs to hit US public sector DarkSide ransomware operators move 6.8M Pierluigi Paganini.

Artificial Intelligence 58

Artificial Intelligence Ransomware Hacking VPN 58