Accountability, Information Security and Internet

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. orange_es Meow meow meow!

Internet

Internet Internet Accountability Passwords

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The flaw can be exploited to hijack an account without any interaction.

Accountability

Accountability Passwords Internet Internet

A flaw in Synology DiskStation Manager allows admin account takeover

Security Affairs

OCTOBER 18, 2023

. “Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account.” Then they used the password to login to the admin account (after enabling it).

Accountability

Accountability Passwords Hacking Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Reading the FBI IC3’s ‘2020 Internet Crime Report’

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. In 2020, the IC3 received 19,369 Business Email Compromise (BEC)/Email Account Compromise (EAC) complaints, these crimes caused $1.8 billion in losses.

Internet

Internet Internet Scams Identity Theft

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media

Media Accountability Hacking Scams

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. ” warns Censys. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Internet Internet Hacking

Two students uncovered a flaw that allows to use laundry machines for free

Security Affairs

MAY 20, 2024

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance support.

Mobile

Mobile Internet Internet Accountability

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Security Affairs

JANUARY 6, 2022

million of their customers have had their user accounts compromised in credential stuffing attacks. million accounts of their customers were compromised in credential stuffing attacks. million customer accounts, all of which appeared to have been compromised in credential stuffing attacks.” million customer accounts.

Accountability

Accountability Retail Passwords Data breaches

Microsoft warns of a zero-day in Internet Explorer that is actively exploited

Security Affairs

SEPTEMBER 8, 2021

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Pierluigi Paganini.

Internet

Internet Internet Engineering Hacking

50% of internet-facing GitLab installations are still affected by a RCE flaw

Security Affairs

NOVEMBER 2, 2021

The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. Threat actors created two user accounts with admin privileges on a publicly-accessible GitLab server belonging to this organization. In addition, ideally, GitLab should not be an internet facing service.

Internet

Internet Internet VPN Hacking

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

Security Affairs

SEPTEMBER 5, 2021

A massive DDoS hit New Zealand ‘s third-largest internet operator isolating parts of the country from the Internet. A massive DDoS hit Vocus ISP, New Zealand ‘s third-largest internet operator, isolating parts of the country from the Internet. Please contact your account manager if you are unable to connect.”

DDOS

DDOS Internet Internet Telecommunications

Reading the 2019 Internet Crime Complaint Center (IC3) report

Security Affairs

FEBRUARY 12, 2020

The FBI’s Internal Crime Complaint Center (IC3) released the FBI 2019 Internet Crime Report , a document that outlines cybercrime trends over the past year. Here we are to analyze the annual FBI 2019 Internet Crime Complaint Center (IC3) , one of the most interesting documents on the crime trends observed in the last 12 months.

Internet

Internet Internet Scams Cybercrime

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc The message sent in the email template is related to problems with the victim’s bank account. on Twitter, and targeting Portuguese users.

Internet

Internet Internet Malware Banking

Russian Internet watchdog Roskomnadzor is going to ban Instagram

Security Affairs

MARCH 12, 2022

Russian Internet watchdog Roskomnadzor is going to ban Instagram in Russia to prevent the spreading of info related to the Ukraine invasion. Russia will ban Instagram, the decision was announced by Russian Internet watchdog Roskomnadzor. “As you know, on March 11, Meta Platforms Inc. Pierluigi Paganini.

Internet

Internet Internet Media Hacking

Twitter removes 100 accounts linked to Russia disseminating disinformation

Security Affairs

FEBRUARY 23, 2021

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance.

Accountability

Accountability Government Internet Internet

GoDaddy discloses a data breach, web hosting account credentials exposed

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. ” reads the data breach notice submitted by the company.

Data breaches

Data breaches Accountability Advertising Internet

Europol seized 30,506 Internet domain names for IP Infringement

Security Affairs

DECEMBER 2, 2019

Europol announced another success in the fight against cybercrime, the agency shut down 30,506 Internet domain names for distributing counterfeit and pirated items. Europol announced the shutdown of 30,506 Internet domain names for distributing counterfeit and pirated items as part of the ‘In Our Sites’ (IOS) operation launched in 2014.

Internet

Internet Internet Advertising Cybercrime

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. accounts exposed appeared first on Security Affairs. A hacker has shared 3.2 Pierluigi Paganini. SecurityAffairs – hacking, ShinyHunters). The post ShinyHunters hacked Pluto TV service, 3.2M

Accountability

Accountability Hacking Data breaches Passwords

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Vishing attacks conducted to steal corporate accounts, FBI warns

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The threat actors are using Voice over Internet Protocol (VoIP) platforms to obtain employees’ credentials. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Accountability

Accountability VPN Social Engineering Phishing

While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio

Security Affairs

MARCH 28, 2022

While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). The group plans to distribute the stolen documents to various points on the internet to prevent they are censored. Our Anonymous brother @OpsAn0n got suspended by @Twitter. Enough is Enough!

Accountability

Accountability Hacking Banking Government

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches

Data breaches Accountability Mobile Phishing

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Resolving conflicts between security best practices and compliance mandates

CSO Magazine

AUGUST 31, 2022

So, you read a great tip on the internet and think it would improve your security posture. Before you bring that tip to management, it’s wise to determine if it’s allowed by your security compliance requirements or can become an acceptable exception to your compliance templates. To read this article in full, please click here

Insurance

Insurance Internet Internet Technology

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs

JULY 18, 2020

Hackers have been scanning the Internet for SAP systems affected by RECON vulnerability, researchers from Bad Packets warn. Researchers from Bad Packets reported that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability , , tracked as CVE-2020-6287. Pierluigi Paganini.

Internet

Internet Internet Advertising Accountability

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails. Blocking without accountability. There are several aspects of the Internet blocking in Myanmar that raise questions. Circumvention of Internet blocking. A month later, no response has been provided.

Internet

Internet Internet Telecommunications DNS

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” ” The researchers pointed out that despite the vulnerable service is intended for LAN access only, querying Shodan they identified over 91,000 devices that expose the service to the Internet.

Hacking

Hacking Internet Internet Authentication

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Security Affairs

OCTOBER 17, 2023

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Internet

Internet Internet Hacking Accountability

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

barely and cannot afford to leave the camp, nor to operate his own bank account but only to survive miserably. “ I am writing to you from an old desktop computer in the tent of the chaplain who works on behalf of a refugee agency, because here there is no internet point or effective means of communication. […].

Scams

Scams Banking Computers and Electronics Accountability

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The threat actor likely obtained the employee’s account credentials from a third-party data breach. ” reads the report published by CISA.

Government

Government VPN Accountability Authentication

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. ” reported Slashgear. Pierluigi Paganini.

Accountability

Accountability Data breaches Passwords Advertising

Cisco warns of active exploitation of IOS XE zero-day

Security Affairs

OCTOBER 16, 2023

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.” ” states Cisco Talos.

Accountability

Accountability Internet Internet Software

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Security Affairs

OCTOBER 31, 2023

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Internet

Internet Internet Software Accountability

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Sea Turtle also used code from a publicly accessible GitHub account, which is likely under the control of the threat actor. Sea Turtle also used code from a publicly accessible GitHub account, which is likely under the control of the threat actor. Limit logon attempts on accounts to reduce the chance of successful brute force attacks.

Media

Media Accountability Telecommunications Government

German police seized the darknet marketplace Nemesis Market

Security Affairs

MARCH 23, 2024

“On Wednesday , the Frankfurt am Main Public Prosecutor’s Office – Central Office for Combating Internet Crime ( ZIT ) – and the Federal Criminal Police Office ( BKA ) secured the server infrastructure of the global illegal darknet marketplace “Nemesis Market” located in Germany and Lithuania and thus closed it.”

Marketing

Marketing Cybercrime DDOS Internet

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. They might even lock you out of your own accounts by resetting your passwords. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Security Affairs

OCTOBER 20, 2023

The advisory published by the vendor states that the exploitation of the vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Hacking

Hacking Internet Internet Accountability

German police seized the dark web marketplace Kingdom Market

Security Affairs

DECEMBER 20, 2023

The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in the seizure of the dark web marketplace Kingdom Market.

Marketing

Marketing Cryptocurrency Accountability Banking

Russia-linked APT29 switched to targeting cloud services

Security Affairs

FEBRUARY 26, 2024

In previous campaigns associated with this threat actor, APT29 used brute forcing and password spraying to compromise service accounts. These accounts aren’t operated by a human and for this reason lack of multi-factor authentication (MFA). ” continues the advisory.

Accountability

Accountability Authentication Passwords Internet

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Google Responds to Warrants for “About” Searches

Schneier on Security

OCTOBER 13, 2020

The IPv6 addresses were traced to Verizon Wireless, which told the investigators that the addresses were in use by an account belonging to Williams. Data obtained by Avondale police from Google did show that a device logged into Molina’s Google account was in the area at the time of Knight’s murder.

Surveillance

Surveillance Wireless Accountability Architecture

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Microsoft AI research division accidentally exposed 38TB of sensitive data

Security Affairs

SEPTEMBER 18, 2023

. “The researchers shared their files using an Azure feature called SAS tokens, which allows you to share data from Azure Storage accounts.” ”The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files.”

Accountability

Accountability Backups Risk Passwords

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. ” reads the analysis published by Microsoft.

Accountability

Accountability Government Authentication Engineering

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

5379 GitLab servers vulnerable to zero-click account takeover attacks

Webinars

Trending Sources

A flaw in Synology DiskStation Manager allows admin account takeover

Webinars

Reading the FBI IC3’s ‘2020 Internet Crime Report’

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Two students uncovered a flaw that allows to use laundry machines for free

Threat actors stole 1.1 million customer accounts from 17 well-known companies

Microsoft warns of a zero-day in Internet Explorer that is actively exploited

50% of internet-facing GitLab installations are still affected by a RCE flaw

Major IPS in New Zealand hit by massive DDoS, Internet outages reported

Reading the 2019 Internet Crime Complaint Center (IC3) report

TroyStealer – A new info stealer targeting Portuguese Internet users

Russian Internet watchdog Roskomnadzor is going to ban Instagram

Twitter removes 100 accounts linked to Russia disseminating disinformation

GoDaddy discloses a data breach, web hosting account credentials exposed

Europol seized 30,506 Internet domain names for IP Infringement

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Vishing attacks conducted to steal corporate accounts, FBI warns

While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Interview With a Crypto Scam Investment Spammer

Resolving conflicts between security best practices and compliance mandates

Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

U.S. CISA: hackers breached a state government organization

Slickwraps discloses data leak that impacted 850,000 user accounts

Cisco warns of active exploitation of IOS XE zero-day

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

German police seized the darknet marketplace Nemesis Market

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

German police seized the dark web marketplace Kingdom Market

Russia-linked APT29 switched to targeting cloud services

Hackers are taking advantage of the interest in generative AI to install Malware

Google Responds to Warrants for “About” Searches

FBI: Compromised US academic credentials available on various cybercrime forums

Microsoft AI research division accidentally exposed 38TB of sensitive data

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Stay Connected