Event, Hacking and Information Security

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

million records containing employee data on the hacking forum BreachForums. Compromised data includes names, contact information, building locations, email addresses, and more. Exposed data did not include Social Security numbers or financial information. A threat actor using the handle Nam3L3ss leaked over 2.8

Data breaches

Data breaches Hacking Technology Ransomware

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Security Affairs

OCTOBER 24, 2024

On day two of Pwn2Own Ireland 2024 , hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. ” reads the announcement published by ZDI. ” reads the announcement published by ZDI. CONFIRMED!!

Hacking

Hacking Information Security

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

The Mongolian Skimmer captures final data entries using the beforeunload event, ensures cross-browser compatibility with various event-handling techniques, and employs anti-debugging tactics by monitoring formatting changes to detect and evade debugging attempts.

Data collection

Data collection Engineering Hacking Malware

Scammers live-streamed on YouTube a fake Apple crypto event

Security Affairs

SEPTEMBER 10, 2022

Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. SecurityAffairs – hacking, scam).

Scams

Scams Advertising Hacking Information Security

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking

Hacking Risk Cybersecurity Government

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers. ” said U.S.

Telecommunications

Telecommunications Software Healthcare Technology

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

OCTOBER 30, 2024

. “The victim will be unaware of the manipulation, as the malware’s fake UI will mimic the actual banking experience, allowing the attacker to extract sensitive information or gain unauthorized access to the victim’s financial accounts.” Upon detecting specific events (e.g.,

Banking

Banking Malware Accountability Phishing

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

” DoubleClickjacking exploits timing differences between mousedown and onclick events to hijack user actions. “By exploiting the event timing between clicks, attackers can seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. ” concludes the post.

Accountability

Accountability Hacking Authentication Information Security

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. ” APT41 used spear phishing emails with a ZIP file hosted on a hacked government site. It creates hidden events on specific hardcoded dates to exfiltrate stolen data and receive commands.

Malware

Malware Government Encryption Hacking

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

Security Affairs

MARCH 3, 2025

Android vendors must urgently strengthen defensive security features to mitigate threats from untrusted USB connections to locked devices.” ” Amnesty International said that a 23-year-old student activist (named Vedran to preserve his privacy) was attending a ruling party event in Serbia on December 25, 2024.

Hacking

Hacking Spyware Technology Surveillance

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The backdoor can drop additional payloads, block input, clear event logs, wipe clipboard, delete browser data, and erase profiles for apps like Skype and Telegram. Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

Malware

Malware Encryption Phishing Hacking

A crime ring compromised Italian state databases reselling stolen info

Security Affairs

OCTOBER 28, 2024

The charges being pursued by investigators include criminal conspiracy for unauthorized access to computer systems, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion. ” reads a statement from a lawyer for Del Vecchio.

Computers and Electronics

Computers and Electronics Banking Marketing Hacking

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. disclosed a data breach that exposed its customers’ credit card data after threat actors hacked a third-party application from its e-commerce providerBigCommerce. ” concludes the notification.

Data breaches

Data breaches Computers and Electronics Hacking Wireless

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

Security Affairs

MAY 6, 2025

Forensics showed rapid version changes, installer file use, and event log entries tied to EDR tampering. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,BYOI) Once disabled the EDR agent, the attackers deployed the Babuk ransomware.

Ransomware

Ransomware Hacking Information Security

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Proactive monitoring of Windows event logs, specifically from the “Microsoft-Windows-BitLocker-API/Management” source, can help organizations detect early stages of BitLocker attacks, such as when attackers test encryption capabilities. ” concludes the report.

Ransomware

Ransomware Encryption Passwords Healthcare

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

This widespread geographical distribution of “Free Leaksmas” event highlights the extensive global reach and severe impact of these cybercriminal activities.

Identity Theft

Identity Theft Data breaches Hacking Government

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach) The company has disabled public access to the site while we continue the investigation.

Cybercrime

Cybercrime Data breaches Technology Banking

DHS announces its ‘Hack DHS’ bug bounty program

Security Affairs

DECEMBER 14, 2021

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. Mayorkas. “The

Hacking

Hacking Government Cybersecurity Technology

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

On November 20, a verified Bohemia administrator provided on the dark web forum Dread information about the disruptions affecting the marketplace. “The statement claims that in a “shameful and disgruntled set of events” a lead developer went “rogue”, withdrawing small amounts of Bitcoin (BTC) over a period of just over a month.

Marketing

Marketing Cybercrime DDOS Cryptocurrency

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. In early January, the Cactus ransomware group claimed to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Sophisticated hacking campaign uses Windows and Android zero-days

Security Affairs

JANUARY 12, 2021

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. And who puts "informational" event logging in their Android downloader malware? SecurityAffairs – hacking, Project Zero). Pierluigi Paganini.

Hacking

Hacking Engineering Malware Information Security

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Security Affairs

DECEMBER 21, 2020

In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor” reads the post published by Mic rosoft. “In

Hacking

Hacking Software Malware Information Security

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

“Following these events, and during 2024, various cyberattacks against other entities, public bodies and even Spanish universities took place.” “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.” ” continues the press release.

Cybercrime

Cybercrime Government Data breaches Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

“The attackers have identified a method that causes login events to be logged in the Non-Interactive Sign-In logs, which may result in reduced security visibility and response.” ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,malware)

Passwords

Passwords Accountability Authentication Hacking

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

Severe monitoring events are flagged and shared on WeChat for internal handling, raising privacy concerns due to China’s cybersecurity laws. A leaked document from September 2023 shows tasks related to sensitive word detection and forwarding asset identifiers to Zhao Nannan, linked to political events in Shanghai.

Government

Government Cybersecurity Hacking Internet

Abilene city, Texas, takes systems offline following a cyberattack

Security Affairs

APRIL 22, 2025

The experts who are investigating the incident are not aware of financial irregularities following the event. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Texas) Card systems at government offices are down, so only cash, checks, or online card payments are accepted.

Ransomware

Ransomware Government Hacking Accountability

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, data breach) The company disabled public access to the site while we continue the investigation.

Data breaches

Data breaches Cybercrime Authentication Technology

ESXi ransomware attacks use SSH tunnels to avoid detection

Security Affairs

JANUARY 27, 2025

Configuring log forwarding is essential to streamline monitoring and centralize event capture. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ESXi ransomware attacks)

Ransomware

Ransomware Authentication Hacking Cybersecurity

California Cryobank, the largest US sperm bank, disclosed a data breach

Security Affairs

MARCH 19, 2025

. “In addition, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,California Cryobank)

Data breaches

Data breaches Banking Insurance Hacking

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

DECEMBER 2, 2022

Keyboard and mouse apps connect to a server on a desktop or laptop computer and transmit mouse and keyboard events to a remote server. SecurityAffairs – hacking, Android Keyboard). The post Android Keyboard Apps with 2 Million downloads can remotely hack your device appeared first on Security Affairs.

Hacking

Hacking Authentication Mobile Passwords

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

Security Affairs

AUGUST 19, 2021

On January 31, 2020 the Bureau receives its second CISA request to investigate the compromised servers and a few days later, on February 5, 2020, the Bureau confirmed that other servers were hacked. SecurityAffairs – hacking, Citrix). ” states the report. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Firewall Accountability Technology

DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’

Security Boulevard

NOVEMBER 20, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’ appeared first on Security Boulevard.

Hacking

Hacking Architecture Education Information Security

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Security Affairs

OCTOBER 20, 2023

This will ensure that the HTTP Server feature is not unexpectedly enabled in the event of a system reload.” VulnCheck researchers observed that the vulnerability was exploited in a large-scale hacking campaign targeting Cisco IOS XE routers and switches. concludes the advisory that also includes Indicators of Compromise (IoCs).”After

Hacking

Hacking Internet Internet Accountability

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Security Affairs

APRIL 21, 2025

.” About a year after its last WINELOADER campaign, the Russia-linked threat actor launched new phishing attacks posing as the European Ministry of Foreign Affairs, inviting targets to fake wine tasting events. The phishing campaign used domains like bakenhof[.]com com and silry[.]com

Malware

Malware Phishing Encryption Hacking

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

We encourage all customers to follow security, identity, and compliance best practices. In the event a customer suspects they may have exposed their credentials, they can start by following the steps listed in this post. As always, customers can contact AWS Support with any questions or concerns about the security of their account.

Encryption

Encryption Ransomware Authentication Accountability

Get ready for the 2021 Google CTF

Google Security

JUNE 18, 2021

Posted by Kristoffer Janke, Information Security Engineer Are you ready for no sleep, no chill and a lot of hacking? Whether you’re a seasoned CTF player or just curious about cyber security and ethical hacking, we want you to join us. Our annual Google CTF is back! Teams can register at [link]. in prize money.

Hacking

Hacking Engineering Information Security

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Security Affairs

APRIL 28, 2025

It served as a marketplace for threat actors to buy and sell stolen data, hacking tools, and compromised credentials. The forum was founded by Conor Brian Fitzpatrick , known online as “ pompompurin ,” who had previously claimed responsibility for the 2021 FBI email hack. breachforums[.]st.

Risk

Risk Hacking Cybercrime Scams

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Security Affairs

DECEMBER 5, 2024

The tool uses SQLite3 databases to track uploads, device details, and network events. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Turla) Storm-0156 used a C2 tool dubbed Arsenal, built on QtFramework, for file transfer and control of the device.

Penetration Testing

Penetration Testing Hacking Network Security Government

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

critical infrastructure in the event of a major crisis or conflict with the United States. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China)

VPN

VPN Government Malware Firewall

Vietnam Post exposes 1.2TB of data, including email addresses

Security Affairs

NOVEMBER 16, 2023

At the time of discovery, the data store contained 226 million logged events, resulting in 1.2 The leaked information also had employee names and emails. Those logs were mainly attributable to cybersecurity software such as Extended Detection and Response (XDR) and Security Information and Event Management (SIEM).

IoT

IoT Government Cyber threats Software

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Notably, another prominent ransomware group DragonForce took the lead capitalizing on these events. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, BlackLock)

Ransomware

Ransomware Cybersecurity Healthcare Accountability

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

My Definitions of Event, Alert, and Incident. A definitions reminder: Incident : A security event that compromises the integrity, confidentiality or availability of an information asset. For incidents, the breakdown was: dos (hacking), phishing (social), other, and then ransomware (malware). Content extraction.

Data breaches

Data breaches Social Engineering Ransomware Phishing

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. SecurityAffairs – hacking, Pwn2Own Vancouver 2022 ).

Hacking

Hacking Cybersecurity Information Security

Amazon discloses employee data breach after May 2023 MOVEit attacks

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

Trending Sources

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Scammers live-streamed on YouTube a fake Apple crypto event

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Russia warns financial sector organizations of IT service provider LANIT compromise

New version of Android malware FakeCall redirects bank calls to scammers

DoubleClickjacking allows clickjacking on major websites

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

PLAYFULGHOST backdoor supports multiple information stealing features

A crime ring compromised Italian state databases reselling stolen info

ZAGG disclosed a data breach that exposed its customers’ credit card data

New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR

Bitdefender released a decryptor for the ShrinkLocker ransomware

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

DHS announces its ‘Hack DHS’ bug bounty program

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Cactus ransomware gang claims the Schneider Electric hack

Sophisticated hacking campaign uses Windows and Android zero-days

SUPERNOVA, a Backdoor Found While Investigating SolarWinds Hack

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

A large botnet targets M365 accounts with password spraying attacks

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Abilene city, Texas, takes systems offline following a cyberattack

Cisco states that the second data leak is linked to the one from October

ESXi ransomware attacks use SSH tunnels to avoid detection

California Cryobank, the largest US sperm bank, disclosed a data breach

Android Keyboard Apps with 2 Million downloads can remotely hack your device

New Leak Shows Business Side of China’s APT Menace

Threat actors hacked US Census Bureau in 2020 by exploiting a Citrix flaw

DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Get ready for the 2021 Google CTF

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

China’s Volt Typhoon botnet has re-emerged

Vietnam Post exposes 1.2TB of data, including email addresses

BlackLock Ransomware Targeted by Cybersecurity Firm

Analysis of the 2021 Verizon Data Breach Report (DBIR)

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Stay Connected