Hacking, Internet and Software - Cyber Security Informer

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. But a review of this Araneida nickname on the cybercrime forums shows they have been active in the criminal hacking scene since at least 2018.

Hacking

Hacking Cybercrime Advertising Data breaches

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Hacking Weapons Systems

Schneier on Security

MARCH 26, 2021

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is.

Hacking

Hacking Software Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. federal agencies from using Kaspersky software, mandating its removal within 90 days.

Malware

Malware Antivirus Software DDOS

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Hacking

Hacking Software Government Internet

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

FEBRUARY 14, 2024

The Minnesota-based Internet provider U.S. Internet Corp. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser. Internet with their email.

Internet

Internet Internet Wireless Government

The Software-Defined Car

Schneier on Security

JUNE 5, 2023

Developers are starting to talk about the software-defined car. The behavior of new cars is increasingly defined by software, too. But keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this,” Anhalt said. They’re highly secure.

Software

Software Engineering Internet Internet

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. and its allies for hacking activities in July. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

Using Google Search to Find Software Can Be Risky

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software

Software Advertising Malware Accountability

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

Security Affairs

JUNE 9, 2025

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process. “Most of the infected devices were manufactured in China.

IoT

IoT Internet Internet Advertising

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. Further reading: A Basic Timeline of the Exchange Mass-Hack. At Least 30,000 U.S.

Hacking

Hacking Cybercrime DNS Antivirus

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server.

Authentication

Authentication Engineering Malware Passwords

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

Security Affairs

NOVEMBER 21, 2024

Threat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Shadowserver researchers, who are tracking the number of compromised Palo Alto Networks firewalls, reported that approximately 2,000 have been hacked due to a CVE-2024-0012/CVE-2024-9474 campaign.

Firewall

Firewall Hacking VPN Authentication

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software

Software Risk Artificial Intelligence Cyber Attacks

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

The Last Watchdog

AUGUST 3, 2024

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

Hacking

Hacking Internet Internet Software

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

Working with law enforcement partners in France, Germany, Latvia, the Netherlands, Romania and the United Kingdom, the DOJ said it was able to seize more than 50 Internet servers tied to the malware network, and nearly $9 million in ill-gotten cryptocurrency from QakBot’s cybercriminal overlords.

Hacking

Hacking Malware Ransomware Government

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. ” reads the FSA’s alert.

Financial Services

Financial Services Passwords Accountability Antivirus

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

Russia’s interior ministry last week issued a statement saying a 32-year-old hacker had been charged with violating domestic laws against the creation and use of malicious software. The announcement didn’t name the accused, but the Russian state news agency RIA Novosti cited anonymous sources saying the man detained is Matveev.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature.

Software

Software Internet Internet Hacking

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Krebs on Security

MAY 20, 2025

The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Aisuru reportedly went quiet after that exposure, only to reappear in November with even more firepower and software exploits. Image: Cloudflare.

DDOS

DDOS IoT Internet Internet

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. The key works without the need for any special software drivers. Thus, the second factor cannot be phished, either over the phone or Internet.

Hacking

Hacking Social Engineering Phishing Scams

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans.

Hacking

Hacking Identity Theft Government Phishing

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

North Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. “Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.” ” reads the advisory published by AhnLab.

Internet

Internet Internet Engineering Malware

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. The catastrophe is yet another reminder of how brittle global internet infrastructure is. The CrowdStrike failure was the result of a buggy software update.

Marketing

Marketing Software Internet Internet

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

MARCH 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. The SANS Internet Storm Center no-frills breakdown of the fixes.

DNS

DNS Internet Internet Software

Hackers breach ISP to poison software updates with malware

Bleeping Computer

AUGUST 3, 2024

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [.]

Software

Software Malware Internet Internet

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware

Spyware Government Surveillance Hacking

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

The Last Watchdog

JANUARY 25, 2021

SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.

Hacking

Hacking B2B Authentication Software

Smart Contract Bug Results in $31 Million Loss

Schneier on Security

DECEMBER 2, 2021

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another.

Internet

Internet Internet Hacking Software

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. While the open-source nature of these tools can help security experts spot them faster, the primary victims here are everyday internet users.”

Antivirus

Antivirus Malware Banking Passwords

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors. But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

DDOS

DDOS System Administration Internet Internet

No company too small for Phobos ransomware gang, indictment reveals

Malwarebytes

DECEMBER 2, 2024

Ptitsyn and his co-conspirators hacked not only large corporations but also schools, hospitals, nonprofits, and a federally recognized tribe, and they extorted more than $16 million in ransom payments.” Use always-on cybersecurity software that can prevent exploits and malware used to deliver ransomware.

Ransomware

Ransomware Backups Small Business Malware

How Hacker's hack Android Devices

Hacker's King

JANUARY 8, 2025

You may also like to read: How Hackers Spy On Hacked Phone? How To Detect and Secure Yourself Hacker's Most Preferred Hacking Techniques These techniques can be described as the most liked techniques of users to hack Android devices. By using this technique, hackers extract any information required to hack your Android device.

Hacking

Hacking Spyware Antivirus Passwords

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet

Internet Internet Energy and Utilities IoT

Backdoor in XZ Utils That Almost Happened

Schneier on Security

APRIL 11, 2024

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. There are libraries for everything: displaying objects in 3D, spell-checking, performing complex mathematics, managing an e-commerce shopping cart, moving files around the internet—everything.

Software

Software Engineering Internet Internet

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. In a security advisory published Aug.

Internet

Internet Internet Technology Engineering

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. Cloud Router was previously called 911 S5.

VPN

VPN Government Cybercrime Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP).

Software

Software Architecture Media Engineering

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software. A cached copy of flashupdate[.]net

Cybercrime

Cybercrime Software Backups VPN

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec. ” Indeed, the NSA’s Dec.

Software

Software Authentication Hacking Government

SolarWinds Detected Six Months Earlier

Schneier on Security

MAY 3, 2023

Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked.

System Administration

System Administration Software Engineering Internet

My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack

The Last Watchdog

JUNE 16, 2023

Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. Related: Supply-chain hack ultimatum The nefarious Clop gang initially compromised MOVEit, which provided them a beachhead to gain access to Zellis, a UK-based supplier of payroll services.

Hacking

Hacking Ransomware Cybersecurity Internet

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Internet Archive data breach impacted 31M users

Trending Sources

Hacking Weapons Systems

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

U.S. Internet Leaked Years of Internal, Customer Emails

The Software-Defined Car

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Using Google Search to Find Software Can Be Risky

BadBox 2.0 botnet infects millions of IoT devices worldwide, FBI warns

No, I Did Not Hack Your MS Exchange Server

Microsoft Patch Tuesday, November 2024 Edition

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Black Hat Fireside Chat: ‘Black Girls Hack’ emphasizes diversity as effective force multiplier

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

U.S. Offered $10M for Hacker Just Arrested by Russia

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

When Low-Tech Hacks Cause High-Impact Breaches

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

North Korea-linked APT37 exploited IE zero-day in a recent attack

The CrowdStrike Outage and Market-Driven Brittleness

Microsoft Patch Tuesday, March 2021 Edition

Hackers breach ISP to poison software updates with malware

Poland probes Pegasus spyware abuse under the PiS government

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

Smart Contract Bug Results in $31 Million Loss

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

DDoS Mitigation Firm Founder Admits to DDoS

No company too small for Phobos ransomware gang, indictment reveals

How Hacker's hack Android Devices

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

Backdoor in XZ Utils That Almost Happened

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Is Your Computer Part of ‘The Largest Botnet Ever?’

A Deep Dive Into the Residential Proxy Service ‘911’

Experts found multiple flaws in Mercedes-Benz infotainment system

911 Proxy Service Implodes After Disclosing Breach

VMware Flaw a Vector in SolarWinds Breach?

SolarWinds Detected Six Months Earlier

My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack

Stay Connected