Hacking, Information Security, Internet and Technology

Space and defense tech maker Exail Technologies exposes database access

Security Affairs

SEPTEMBER 21, 2023

Exail Technologies, a high-tech manufacturer whose clients include the US Coast Guard, exposed sensitive company data that could’ve enabled attackers to access its databases. The publicly accessible.env file, hosted on the exail.com website, was exposed to the internet, meaning that anyone could have accessed it.

Technology

Technology Internet Internet Manufacturing

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

APRIL 30, 2024

For all the discussion around the sophisticated technology, strategies, and tactics hackers use to infiltrate networks, sometimes the simplest attack method can do the most damage. The recent Unitronics hack , in which attackers took control over a Pennsylvania water authority and other entities, is a good example.

Penetration Testing

Penetration Testing Unstructured Data CISO Technology

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked. Some of the blocking techniques used include Domain Name System spoofing, transparent proxies with hijacked HTTPS certificates and Deep Packet Technology (DPI) implementations. SecurityAffairs – hacking, Internet).

Internet

Internet Internet DNS Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Hacking

Hacking Accountability Data breaches Marketing

Experts found hundreds of devices within federal networks having internet-exposed management interfaces

Security Affairs

JUNE 27, 2023

Researchers at Censys have identified hundreds of devices deployed within federal networks that have internet-exposed management interfaces. The experts focused on roughly 1,300 of these hosts that were accessible online and discovered hundreds of devices with management interfaces exposed to the public internet. ” states CISA.

Internet

Internet Internet Firewall Wireless

Russian Internet watchdog Roskomnadzor is going to ban Instagram

Security Affairs

MARCH 12, 2022

Russian Internet watchdog Roskomnadzor is going to ban Instagram in Russia to prevent the spreading of info related to the Ukraine invasion. Russia will ban Instagram, the decision was announced by Russian Internet watchdog Roskomnadzor. SecurityAffairs – hacking, Russia). Follow me on Twitter: @securityaffairs and Facebook.

Internet

Internet Internet Media Hacking

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

The Last Watchdog

AUGUST 16, 2021

Meanwhile, nation-states — the superpowers and second-tier nations alike — are hotly pursuing strategic advantage by stealing intellectual property, hacking into industrial controls, and dispersing political propaganda at an unheard-of scale. LW: Are you mostly optimistic, or guarded, about technology coming to the rescue?

Information Security

Information Security Government Artificial Intelligence Encryption

Phishing with hacked sites

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing

Phishing Hacking Banking Scams

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking

Hacking Penetration Testing Data breaches Authentication

Around 19,500 end-of-life Cisco routers are exposed to hack

Security Affairs

JANUARY 21, 2023

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). “A reads the advisory published by the company.

Hacking

Hacking Small Business VPN Internet

An ongoing malware campaign exploits Microsoft Exchange Server flaws

Security Affairs

MAY 22, 2024

Positive Technologies researchers observed while responding to a customer’s incident spotted an unknown keylogger embedded in the main Microsoft Exchange Server page. ” concludes the report from Positive Technologies. The keylogger was used to collect account credentials.

Malware

Malware Accountability Technology Internet

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

The security breach took place on on May 14, and the institute discovered it only on May 31, then the research institute reported the incident to the government and launched an investigation. The investigation into the intrusion revealed the involvement of 13 internet addresses including one traced to the Kimsuky APt group.

Hacking

Hacking VPN Internet Internet

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

Security Affairs

JUNE 25, 2021

The vulnerability in the management interface of FortiWeb firewall was discovered by Andrey Medov, from cybersecurity firm Positive Technologies. Medov warns of the chaining of this issue with other ones, like CVE-2020-29015 that Positive Technologies discovered in May. SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Hacking

Hacking Firewall Authentication Technology

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password. SecurityAffairs – hacking, data breach).

Data breaches

Data breaches Hacking Telecommunications Passwords

China Says NSA Is Hacking Top Military Research University

SecureWorld News

SEPTEMBER 12, 2022

China's National Computer Virus Emergency Response Center (CVERC) recently made a statement accusing the United States National Security Agency (NSA) of repeatedly hacking the Northwestern Polytechnical University, a key public military research university located in Xi'an, China. stealing over 140GB of high-value data.

Hacking

Hacking Cyber Attacks Government Internet

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

MAY 24, 2024

In this advisory, I aim to explore how implementing a specific security technological combination (TLS and DDNS) negatively influences the overall security, inadvertently creating opportunities for attackers to exploit weaknesses on a massive scale. For instance, suppose firewall manufacturer ACME Inc.

DNS

DNS Manufacturing Firewall Internet

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

Security vulnerabilities in modern communication protocol GTP used by mobile network operators can be exploited by attackers to target 4G/5G users. phone number) of a real subscriber and impersonate him to access the Internet. SecurityAffairs – hacking, 5G). Pierluigi Paganini.

Mobile

Mobile Internet Internet Wireless

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

By processing data quickly and predicting analytics, AI can do everything from automating systems to protecting information. In fact, keeping data secure is a significant part of what AI does in the modern world, though some hackers use technology for their own means. . Here are just a few ways AI is securing our data.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024. . -

Ransomware

Ransomware Manufacturing Hacking Insurance

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? Pierluigi Paganini.

Spyware

Spyware Hacking Ransomware Surveillance

Pro-Russia hackers target critical infrastructure in North America and Europe

Security Affairs

MAY 2, 2024

The attacks focus on industrial control systems (ICS) and other operational technology (OT) systems in the target infrastructure. They aim to exploit modular, internet-exposed Industrial Control Systems (ICS), targeting software components like human machine interfaces (HMIs). ” reads the joint advisory.

Passwords

Passwords Internet Internet Software

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

Security Boulevard

JANUARY 21, 2024

Then they switch to the best practices to prevent social media account takeovers, highlighting […] The post The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked appeared first on Shared Security Podcast.

Media

Media Accountability Hacking Scams

New Loop DoS attack may target 300,000 vulnerable hosts

Security Affairs

MARCH 21, 2024

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. “The vulnerability affects both legacy (e.g., QOTD, Chargen, Echo) and contemporary (e.g.,

DNS

DNS Internet Internet Information Security

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CyberPower is a prominent supplier of data center hardware and infrastructure solutions, with a specific focus on cutting-edge power protection technologies and effective power management systems.

Hacking

Hacking Firmware Authentication Software

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

His talk was nostalgic, reflecting on the 40+ years of computer hacking. Moss also said that all hacking is not infosec and that all infosec is not hacking. “Hacking can provide a lot of joy and absolutely no income. But hacking, not so much. Where with infosec the goal is to produce income. It’s a job.

Hacking

Hacking InfoSec Internet Internet

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. Surge in internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Healthcare provider Ardent Health Services disclosed a ransomware attack

Security Affairs

NOVEMBER 28, 2023

In response to the incident, the company took its network offline and suspended all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs. ” reads the notice of security incident published by the company.

Healthcare

Healthcare Ransomware Technology Internet

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

how are they connected to the Internet (hint: they aren't, they are… [link] — Robᵉʳᵗ Graham ? ErrataRob) February 7, 2024 Several experts explained that electric toothbrushes have no direct connections to the internet, they relies on Bluetooth to connect to mobile apps. what was the brand of toothbrushes?

DDOS

DDOS IoT Media Internet

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Security Affairs

APRIL 19, 2021

Recently FireEye’s incident response unit Mandiant demonstrated how to infiltrate the network of a North American utility and hack into its industrial control systems to turn off one of its smart meters. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” continues the report.

Hacking

Hacking Phishing Accountability Internet

Government of Bermuda blames Russian threat actors for the cyber attack

Security Affairs

SEPTEMBER 23, 2023

This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. “The Department of Information and Digital Technology (IDT) is working quickly to restore service.” The Department of Information and Digital Technology (IDT) is working quickly to restore service.

Cyber Attacks

Cyber Attacks Government Internet Internet

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Hacking

Hacking VPN Advertising Financial Services

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 4, 2024

Clorox estimates the costs of the August cyberattack will exceed $49 Million Mastodon fixed a flaw that can allow the takeover of any account Iranian hackers breached Albania’s Institute of Statistics (INSTAT) Operation Synergia led to the arrest of 31 individuals Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison Cloudflare breached (..)

Identity Theft

Identity Theft VPN Malware Ransomware

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Security Affairs

MAY 27, 2024

The almost overnight shift to remote work, driven by the COVID-19 pandemic, has profoundly impacted how businesses use technology. Cloud-based applications and services can be accessed from anywhere via an internet connection, facilitating seamless collaboration among remote workers. She is also a regular writer at Bora.

Cloud Migration

Cloud Migration B2B Digital transformation Data breaches

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Security Boulevard

JUNE 25, 2023

Paul also shares with us some of his greatest hacking stories and don’t miss our lively […] The post Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian appeared first on Shared Security Podcast. Paul’s been podcasting for more then 17 years!

Firmware

Firmware Hacking Internet Internet

Comcast’s Xfinity customer data exposed after CitrixBleed attack

Security Affairs

DECEMBER 19, 2023

The vulnerability was discovered by security researchers at Positive Technologies and disclosed to Citrix in October 10, 2023. Xfinity offers a variety of services, including cable television, internet, telephone, and home security. It is a major provider of broadband internet and cable TV services in the United States.

Authentication

Authentication Data breaches Passwords Internet

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Security Affairs

JANUARY 5, 2024

The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). All mobile communications and internet access were temporarily interrupted.

Mobile

Mobile Telecommunications Cyber Attacks Internet

The AI Attack Surface Map v1.0

Daniel Miessler

MAY 15, 2023

It’ll take time, but we’ve never seen a technology be used in real-world applications as fast as post-ChatGPT-AI. This is largely due to the fact that integration technologies like Langchain only rose to prominence in the last 2 months. And then internet to mobile. But yay for security. And now AI.

Technology

Technology Internet Internet Mobile

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

“The logs revealed the threat actor first connected from an unknown virtual machine (VM) to the victim’s on-premises environment via internet protocol (IP) addresses within their internal VPN range. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA)

Government

Government VPN Accountability Authentication

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

Experts uncovered a new Go-based multi-platform malware, tracked as NKAbuse, which is the first malware abusing NKN technology. The malicious code is written in Go language, it is the first malware that relies on the NKN technology for data exchange between peers. The protocol enables secure and low-cost data transfer.

Malware

Malware Architecture Technology DDOS

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. sox,” which is used to proxy traffic from the bot to the internet on behalf of a user.

IoT

IoT Cybercrime Internet Internet

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

The Security Ledger

AUGUST 12, 2021

Himes says was encouraged by the devastating Colonial Pipeline hack. Himes on Congress’s About-face on Cybersecurity appeared first on The Security Ledger with Paul F. There have been even more head slapping pronouncements of lawmakers utter cluelessness when it comes to matters of technology. The post Episode 222: US Rep.

Cybersecurity

Cybersecurity Cyber Risk Financial Services Government

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security.

Social Engineering

Social Engineering Cyber Attacks Cyber Insurance IoT

Mercedes-Benz accidentally exposed sensitive data, including source code

Security Affairs

JANUARY 29, 2024

The security firm discovered that an authentication token belonging to a Mercedes employee was left exposed in a public GitHub repository. The discovery was made during a routine internet scan in January. The spokesperson cited unspecified security reasons.” ” concludes TechCrunch.

Media

Media Authentication Passwords Internet

Space and defense tech maker Exail Technologies exposes database access

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

Webinars

Trending Sources

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Webinars

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Experts found hundreds of devices within federal networks having internet-exposed management interfaces

Russian Internet watchdog Roskomnadzor is going to ban Instagram

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

Phishing with hacked sites

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Around 19,500 end-of-life Cisco routers are exposed to hack

An ongoing malware campaign exploits Microsoft Exchange Server flaws

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Flaws in FortiWeb WAF expose Fortinet devices to remote hack

SFO discloses data breach following the hack of 2 of its websites

China Says NSA Is Hacking Top Military Research University

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Pro-Russia hackers target critical infrastructure in North America and Europe

The World of Scambaiting, Preventing Social Media Account Takeovers, Network Wrenches Hacked

New Loop DoS attack may target 300,000 vulnerable hosts

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Jeff Moss on the Evolution of Hacking at SecTor 2021

3.5m IP cameras exposed, with US in the lead

Healthcare provider Ardent Health Services disclosed a ransomware attack

New Leak Shows Business Side of China’s APT Menace

Unraveling the truth behind the DDoS attack from electric toothbrushes

Experts Demonstrated How to Hack a Utility and Take Over a Smart Meter

Government of Bermuda blames Russian threat actors for the cyber attack

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Security Podcasting, Hacking Stories, and The State of Firmware Security with Paul Asadoorian

Comcast’s Xfinity customer data exposed after CitrixBleed attack

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

The AI Attack Surface Map v1.0

U.S. CISA: hackers breached a state government organization

New NKAbuse malware abuses NKN decentralized P2P network protocol

TheMoon bot infected 40,000 devices in January and February

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Mercedes-Benz accidentally exposed sensitive data, including source code

Stay Connected