Advertising, Information Security, Internet and Passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage.

Internet

Internet Internet Accountability Passwords

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc An information stealer (or info stealer) is a Trojan that is designed to gather information from a system. h/t: abuse.ch.

Internet

Internet Internet Malware Banking

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. One thing better than having an incredibly good password is to have a lot of them. Multi-Factor Authentication.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

A study reveals the list of worst passwords of 2019

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019.

Passwords

Passwords Data breaches Password Management Advertising

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance.

Surveillance

Surveillance Manufacturing Passwords Internet

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

Data breaches

Data breaches Hacking Telecommunications Passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

. “Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer. The authorities also seized the exchange platform.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. ” reported the website PingWest. ?????????????

Accountability

Accountability Passwords Advertising Internet

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. In May 2021, cybercriminals offered more than 36,000 login credentials for.edu email accounts and advertised the data on an instant messaging platform.

Cybercrime

Cybercrime Education Accountability Phishing

Protecting Your Digital Identity: Celebrating Identity Management Day

Webroot

APRIL 3, 2024

Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts. This encompasses everything from protecting your passwords to being vigilant against phishing scams and online fraud. But why dedicate an entire day to this?

VPN

VPN Passwords Scams Accountability

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Passwords Accountability Advertising

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

Pluto TV is an American internet television service, it is an advertiser-supported video on demand (AVOD) service that primarily offers a selection of programming content through digital linear channels designed to emulate the experience of traditional broadcast programming. A hacker has shared 3.2

Accountability

Accountability Hacking Data breaches Passwords

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. This is a complex operation that infects small-office/home-office (SOHO) routers, deploying a Linux-based Remote Access Trojan (RAT) we’ve dubbed “AVrecon.””

Malware

Malware Advertising Cybercrime Passwords

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IoT

IoT Internet Internet Hacking

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Exposed records include information such as login credentials, full name, contact number, trip details, bank card details, account creation date. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Data breaches Mobile Advertising

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet.

Data breaches

Data breaches Phishing Passwords Advertising

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

The company recommends people to: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Data breaches

Data breaches Mobile Advertising Authentication

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

“In the last 24 hours we became aware of a dump of the Kodi user forum (MyBB) software being advertised for sale on internet forums. The company pointed out that although MyBB stores passwords in an encrypted format they assumed all passwords are compromised. This post confirms that a breach has taken place.”

Data breaches

Data breaches Backups Passwords Accountability

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Mobile

Mobile InfoSec Data breaches Advertising

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. Use a variation of unique passwords to access online accounts. Be aware of any changes in SMS-based connectivity.

Mobile

Mobile Cryptocurrency Authentication Accountability

FBI warns of crooks targeting online shoppers during the holiday season

Security Affairs

NOVEMBER 25, 2021

“During the 2020 holiday shopping season, the FBI Internet Crime Complaint Center (IC3) received over 17,000 complaints regarding the non-delivery of goods, resulting in losses over $53 million,” reads a public service announcement published by the FBI. Use safe passwords or pass phrases.

Scams

Scams Identity Theft Advertising Media

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP or Internet Protocol address is your digital identity on the internet. It may be used to download unauthorized stuff or may be used for uploading disputed content on the internet. It disguises your original identity and location and allows you to access the internet from a remote server. Use Strong Passwords.

Hacking

Hacking VPN Internet Internet

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

The Justice Department announced the seizure of internet domains used to sell the remote access Trojan Warzone RAT (www.warzone[.]ws). Justice Department (DoJ) seized the infrastructure that was used to sell the remote access trojan (RAT) Warzone RAT. The two individuals were arrested on February 7, 2024. ” concludes DoJ.

Malware

Malware Hacking Cybercrime Advertising

Data of 21 million Mixcloud users available for sale on the dark web

Security Affairs

DECEMBER 1, 2019

The hacker access to users’ data, including usernames , email addresses, SHA-2 hashed passwords, account sign-up dates and country, the last-login date, the internet (IP) address, and links to profile photos. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”

Data breaches

Data breaches Passwords Advertising Hacking

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. A hacker managed to identify a weak spot in a security camera model. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet. Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

Frost & Sullivan databases available for sale on a hacker forum

Security Affairs

JUNE 24, 2020

firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. The employee database includes first and last names, login names, email addresses, and hashed passwords. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Backups Advertising Hacking

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud. The first activity is part of an advertising fraud effort, and the second activity is likely linked to password spraying attacks and/or data exfiltration.

Malware

Malware Small Business Advertising Passwords

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

Once compromised the system, the attacker can execute arbitrary commands on the infected device, experts noticed that the bot could target Windows hosts on both the internet and intranet. Strong passwords are also encouraged to prevent dictionary attacks.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS Malware Advertising Passwords

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. Cyble also spotted a phishing tool kit, named “KingFish3 (Social master), advertised on a cybercrime forum. 4f421deb219c[.]ngrok[.]io)

Phishing

Phishing Cybercrime Mobile Internet

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Google Tsunami vulnerability scanner is now open-source

Security Affairs

JULY 9, 2020

The initial version of the Tsunami tool already includes modules to detect the following security issues: Exposed sensitive UIs: Applications such as Jenkins , Jupyter , and Hadoop Yarn ship with UIs that allow a user to schedule workloads or to execute system commands. ” concludes Google. Pierluigi Paganini.

Engineering

Engineering Advertising Authentication Passwords

Leaked confidential report states United Nations has been hacked

Security Affairs

JANUARY 30, 2020

According to the report, attackers did not access passwords. official told the AP that the hack, which was first detected over the summer, appeared “sophisticated” and that the extent of the damage remains unclear, especially in terms of p ersonal, secret or compromising information that may have been stolen.” “One U.N.

Hacking

Hacking Advertising Cyber Attacks Passwords

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password. MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.” said the spokesperson. Pierluigi Paganini.

Firewall

Firewall VPN Passwords Internet

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Scan all software downloaded from the Internet prior to executing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Government Passwords System Administration

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Once downloaded, these files infect unwitting users rather than delivering the tools originally advertised.” ” reads the analysis published by Talos. ” concludes the report. Pierluigi Paganini.

DDOS

DDOS Digital transformation Malware Advertising

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

The Russian man also advertised the platform on other hacking forums. store used by hackers to offer for sale thousands of compromised accounts, including gamer accounts and PII files containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses. appeared first on Security Affairs.

Cybercrime

Cybercrime Advertising Hacking Accountability

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Scan all software downloaded from the Internet prior to executing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Passwords Advertising Antivirus

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

Data breaches

Data breaches Passwords Telecommunications Advertising

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

TroyStealer – A new info stealer targeting Portuguese Internet users

Trending Sources

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

A study reveals the list of worst passwords of 2019

Who and What is Behind the Malware Proxy Service SocksEscort?

3.5m IP cameras exposed, with US in the lead

TP-Link Archer routers allow remote takeover without passwords

G Suite users’ passwords stored in plain-text for more than 14 years

SFO discloses data breach following the hack of 2 of its websites

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

538 Million Weibo users’ records being sold on Dark Web

FBI: Compromised US academic credentials available on various cybercrime forums

Protecting Your Digital Identity: Celebrating Identity Management Day

Hackers exploit SQL injection zero-day issue in Sophos firewall

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Hackers claim to have compromised 50,000 home cameras and posted footage online

UberEats data leaked on the dark web

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Kodi discloses data breach after its forum was compromised

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

FBI warns of crooks targeting online shoppers during the holiday season

5 Ways to Protect Yourself from IP Address Hacking

US Feds arrested two men involved in the Warzone RAT operation

Data of 21 million Mixcloud users available for sale on the dark web

Expert found multiple critical issues in MoFi routers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Frost & Sullivan databases available for sale on a hacker forum

Experts link AVRecon bot to the malware proxy service SocksEscort

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Hackers abusing the Ngrok platform phishing attacks

CISA’s advisory warns of notable increase in LokiBot malware

Google Tsunami vulnerability scanner is now open-source

Leaked confidential report states United Nations has been hacked

Sophos fixed a critical vulnerability in Cyberoam firewalls

US govt agencies share details of the China-linked espionage malware Taidoor

Crooks target Ukraine’s IT Army with a tainted DDoS tool

FBI shuts down the Russian-based hacker platform DEER.IO

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Stay Connected