Accountability, Education, Hacking and Information Security

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

AutoZone disclosed a data breach resulting from the hack of their MOVEit Transfer installation. The car parts giant is notifying 184,995 individuals that the massive MOVEit hacking campaign compromised their personal information. based organizations account for 83.9 million Genworth 2.5 million PH Tech 1.7 million “U.S.-based

Data breaches

Data breaches Hacking Retail Identity Theft

Google banned 173k developer accounts in 2022

Security Affairs

MAY 1, 2023

The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps.

Accountability

Accountability Education Media Hacking

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Some users with AT&T email addresses wrote on Reddit that they have been hacked, and some of them claim they had the same issue for months.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability

Accountability Education Media Authentication

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Japan have already deployed to streamline sign-in for their users. ” continues the post.

Accountability

Accountability Passwords Password Management Phishing

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. SecurityAffairs – hacking, FBI).

Education

Education Ransomware Encryption Antivirus

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN

VPN Ransomware Hacking Education

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Hacking

Hacking Ransomware Manufacturing Education

Google sued by New Mexico attorney general for collecting student data through its Education Platform

Security Affairs

FEBRUARY 23, 2020

New Mexico sues Google for allegedly using the Google for Education platform to gather personal and private data from children. Google is facing a new lawsuit for allegedly using the Google for Education platform to gather personal and private data from students with an age of less than 13 years. Pierluigi Paganini.

Education

Education Advertising Accountability Passwords

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

Security Affairs

APRIL 26, 2023

Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion.

Hacking

Hacking Cyber Attacks Education Media

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

“My slice”, the details of the Italian campaign Last year, a highly targeted phishing campaign that I renamed “My slice” (derived from the name of a variable in the javascript code of the landing page) targeted e-mail account holders of Italian organisations. Education improves awareness” is his slogan.

Phishing

Phishing Education Social Engineering Media

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

OCTOBER 16, 2023

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Microsoft Defender capabilities prevented breached accounts were being used to access endpoints and other resources in the network. ” reads the analysis published by Microsoft.

Engineering

Engineering Ransomware Hacking Education

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. “Shevlyakov also attempted to acquire computer hacking tools.” hacking tools and electronics appeared first on Security Affairs. ” reads a press release published by DoJ.

Computers and Electronics

Computers and Electronics Hacking Penetration Testing Manufacturing

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

barely and cannot afford to leave the camp, nor to operate his own bank account but only to survive miserably. “ Do you ensure that you do not run away with the money once it is received in your bank account? ”. “ The 419 scam is very widespread and dangerous, and can cause serious economic and psychological damage to victims.

Scams

Scams Banking Computers and Electronics Accountability

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, enterprise network equipment ) The post Hackers can hack organizations using data found on their discarded enterprise network equipment appeared first on Security Affairs.

Hacking

Hacking VPN Marketing Authentication

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

APRIL 3, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Moobot botnet) The post Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover appeared first on Security Affairs. Below is the disclosure timeline: Jan.

Accountability

Accountability Education Media Authentication

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

The State of Maine was the victim of the large-scale hacking campaign that targeted organizations using the MOVEit file transfer tool. Threat actors exploited the zero-day vulnerability CVE-2023-34362 to hack the file transfer platform and steal the data of the organization. based organizations account for 83.9 million “U.S.-based

Data breaches

Data breaches Insurance Identity Theft Education

National Student Clearinghouse data breach impacted approximately 900 US schools

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- reads the message published by the gang.

Data breaches

Data breaches Education Ransomware Software

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Security Affairs

AUGUST 28, 2023

Cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation. based organizations account for 83.9 million Genworth 2.5 million PH Tech 1.7 million “U.S.-based

Insurance

Insurance Data breaches Education Ransomware

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Hacking

Hacking Education Software Media

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

“This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. Cisco has been actively investigating the hacking campaign with the help of Rapid7. reads report published by Rapid7.

Ransomware

Ransomware VPN Authentication Hacking

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware

Ransomware Firmware Hacking Manufacturing

Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale

Security Affairs

DECEMBER 15, 2022

The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a cybercrime forum. ” The seller, who is a forum member that goes online with moniker USDoD, is demanding $50,000 for the full user database containing names and contact information. Pierluigi Paganini.

Cybercrime

Cybercrime Accountability Hacking Education

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The price for a stolen account was very cheap, paying a few dollars crooks were able to use it for a specific period. Genesis Market provided access to accounts of the most popular services, including Amazon, eBay, Facebook, Gmail, Netflix, PayPal, Spotify, and Zoom.

Marketing

Marketing Cybercrime Accountability Education

Google Gmail client-side encryption is available globally

Security Affairs

FEBRUARY 28, 2023

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

Encryption

Encryption Education Digital transformation Hacking

Welltok data breach impacted 8.5 million patients in the U.S.

Security Affairs

NOVEMBER 23, 2023

On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server. “ The company was one of the victims of the large-scale hacking campaign exploiting a zero-day in MOVEit Transfer software. based organizations account for 83.9 The company disclosed a data breach that exposed the personal data of nearly 8.5

Data breaches

Data breaches Insurance Healthcare Hacking

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. Unlike past variants, the Rust version of the Agenda ransomware is able to terminate the Windows AppInfo process and disable User Account Control (UAC). AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Healthcare Education

Lockbit ransomware gang demanded an 80 million ransom to CDW

Security Affairs

OCTOBER 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. CDW Corporation is a provider of technology solutions and services for business, government and education. CDW Corporation is a provider of technology solutions and services for business, government and education.

Ransomware

Ransomware Technology Healthcare Government

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

Security Affairs

APRIL 20, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, vRealize ) The post VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root appeared first on Security Affairs.

Education

Education Media Hacking Accountability

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities VPN Manufacturing Firewall

Health insurer Point32Health suffered a ransomware attack

Security Affairs

APRIL 23, 2023

“On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. ” reads the statement published by the insurer.

Insurance

Insurance Ransomware Education Accountability

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 15, 2023

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account; Google addressed the vulnerability CVE-2023-20963 with the release of “ The Android Security Bulletin—March 2023 ” security updates.

Education

Education Accountability Media Cybersecurity

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

JUNE 23, 2019

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. SecurityAffairs – NASA, hacking). The post NASA hacked! ” the NASA OIG said. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Advertising Firewall

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Accountability Hacking Surveillance

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Education Accountability Telecommunications

OpenAI launched a bug bounty program

Security Affairs

APRIL 12, 2023

.” In March, 2023, OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories.

Accountability

Accountability Education Media Hacking

LockBit leaks data stolen from the South Korean National Tax Service

Security Affairs

APRIL 1, 2023

On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The major functions of National Tax Service are: Supplying the revenue base Promoting taxation fairness The deadline has come and the group has announced the publication of the stolen information.

Identity Theft

Identity Theft Ransomware Scams Education

Experts warn of an emerging Python-based credential harvester named Legion

Security Affairs

APRIL 17, 2023

Legion is an emerging Python-based credential harvester and hacking tool that allows operators to break into various online services. Cado Labs researchers recently discovered a new Python-based credential harvester and hacking tool, named Legion, which was sold via Telegram. ” reads the analysis published by Cado Labs.

Mobile

Mobile Hacking Malware Accountability

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, April security updates) The post SAP April 2023 security updates fix critical vulnerabilities appeared first on Security Affairs.

Education

Education Media Authentication Passwords

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Google banned 173k developer accounts in 2022

Webinars

Trending Sources

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Webinars

Remcos RAT campaign targets US accounting and tax return preparation firms

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Passwordless sign-in with passkeys is now available for Google accounts

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Money Message ransomware group claims to have hacked IT giant MSI

Google sued by New Mexico attorney general for collecting student data through its Education Platform

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

“My Slice”, an Italian adaptive phishing campaign

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Akira ransomware received $42M in ransom payments from over 250 victims

FBI: Compromised US academic credentials available on various cybercrime forums

Hackers can hack organizations using data found on their discarded enterprise network equipment

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Hackers are taking advantage of the interest in generative AI to install Malware

The State of Maine disclosed a data breach that impacted 1.3M people

National Student Clearinghouse data breach impacted approximately 900 US schools

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

MSI confirms security breach after Money Message ransomware attack

Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale

Law enforcement seized the Genesis Market cybercrime marketplace

Google Gmail client-side encryption is available globally

Welltok data breach impacted 8.5 million patients in the U.S.

Experts spotted a variant of the Agenda Ransomware written in Rust

Lockbit ransomware gang demanded an 80 million ransom to CDW

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Health insurer Point32Health suffered a ransomware attack

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Google TAG warns of Russia-linked APT groups targeting Ukraine

OpenAI launched a bug bounty program

LockBit leaks data stolen from the South Korean National Tax Service

Experts warn of an emerging Python-based credential harvester named Legion

SAP April 2023 security updates fix critical vulnerabilities

Stay Connected