Authentication, Technology, Telecommunications and VPN

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications

Telecommunications Authentication Data collection Passwords

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Authentication Small Business Telecommunications

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN

VPN Malware Authentication Small Business

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Media

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Security Affairs

MARCH 22, 2022

This data leak could have a serious impact on the company if it will be confirmed the authenticity of the leaked files. On Thursday, March 10, the group announced they’re starting to recruit insiders employed within major technology giants and ISPs, such companies include Microsoft, Apple, EA Games and IBM.

Cybercrime

Cybercrime Telecommunications VPN Hacking

Lapsus$: The New Name in Ransomware Gangs

Security Boulevard

MARCH 15, 2022

Other targets include Brazil’s Ministry of Health (MoH) and Brazilian telecommunications operator Claro. A few days later, Lapsus$ announced on its Telegram channel that it had breached Samsung and offered evidence including biometric authentication information and source code from both Samsung and one of its suppliers, Qualcomm.

Ransomware

Ransomware Telecommunications Firmware Media

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text. adpvpn.adpolice.gov.ae: VPN service for the Abu Dhabi Police. mail.cyta.com.cy: Cyta telecommunications and Internet provider, Cyprus. mail.asp.gov.al: email for Albanian State Police. Image: APNIC.

DNS

DNS Internet Internet Government

Nobelium continues to target organizations worldwide with custom malware

Security Affairs

DECEMBER 6, 2021

NOBELIUM focuses on government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. In some campaigns analyzed by Mandiant, the threat actor was using residential IP address ranges to authenticate to target environments.

Malware

Malware VPN Telecommunications Accountability

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

virtual private network (VPN), remote desktop protocol (RDP), virtual desktop infrastructure (VDI) including Citrix, or Identity providers (including Azure Active Directory, Okta)). Their scope of interests includes – major telecommunications companies such as Claro, Telefonica and AT&T. ” continues the analysis.

Accountability

Accountability VPN Social Engineering Hacking

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

AES encryption can be commonly found in communication protocols, virtual private network (VPN) encryption, full-disk encryption, and Wi-Fi transmission protocols. Encryption protocols can also verify the authenticity of sources and prevent a sender from denying they were the origin of a transmission.

Encryption

Encryption Passwords IoT Firewall

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

As a leading VC, BVP offers budding companies plenty to consider, with a set of roadmaps and tools for today’s technologies and market complexities. Notable cybersecurity exits for the company include AVG Technologies, Cognitive Security, OpenDNS, and Carbon Black. Also read : Addressing Remote Desktop Attacks and Security.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

From a different angle, reporting from The Intercept revealed mobile surveillance capabilities available to Iran for the purposes of domestic investigations that leverage direct access to (and cooperation of) local telecommunication companies. Fortunately for them, the hacker appears to have been a lone 16-year-old.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Trending Sources

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Voice Phishers Targeting Corporate VPNs

Lapsus$ extortion gang leaked the source code for some Microsoft projects

Lapsus$: The New Name in Ransomware Gangs

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Nobelium continues to target organizations worldwide with custom malware

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

What Is Encryption? Definition, How it Works, & Examples

Top VC Firms in Cybersecurity of 2022

Advanced threat predictions for 2023

Stay Connected