Information Security and Internet - Cyber Security Informer

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches

Data breaches Internet Internet DDOS

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts.

Internet

Internet Internet Data breaches Authentication

Internet Archive Hacked, Introducing The AI Toilet Camera

Security Boulevard

OCTOBER 27, 2024

In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We explore these technological advancements alongside other unusual tech innovations, touching upon security […] The post Internet Archive Hacked, Introducing The AI Toilet Camera appeared first on Shared Security Podcast.

Internet

Internet Internet Hacking Data breaches

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group.

Hacking

Hacking Cybercrime Advertising Data breaches

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

Today, I'm very happy to welcome the Czech Republic's National Cyber and Information Security Agency who can now query their government domains along with the 26 other nations that have come before them. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

BadBox rapidly grows, 190,000 Android devices infected

Security Affairs

DECEMBER 21, 2024

” Recently, The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The BSI instructed all internet providers in the country with more than 100,000 subscribers to help it to carry out sinkholing operations.

Firmware

Firmware Malware Internet Internet

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. In a security advisory published Aug. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. ”

Internet

Internet Internet Technology Engineering

North Korea-linked APT37 exploited IE zero-day in a recent attack

Security Affairs

OCTOBER 19, 2024

North Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. “Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.”

Internet

Internet Internet Engineering Malware

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023.

Cybercrime

Cybercrime Internet Internet Scams

Report: U.S. Cyber Command Behind Trickbot Tricks

Krebs on Security

OCTOBER 9, 2020

On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers. The Post said U.S.

Ransomware

Ransomware Internet Internet Passwords

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

Security Affairs

MARCH 9, 2024

The researchers scanned the Internet for Internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems vulnerable to CVE-2024-21762. This week, researchers at the Shadowserver Foundation announced that nearly 150,000 devices are still potentially impacted by the issue despite Fortinet added it to the catalog.

Internet

Internet Internet VPN Engineering

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

Security Affairs

MAY 28, 2025

. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that are attempting to disable TrendMicro security features in ASUS routers, then exploit vulnerabilities and novel tradecraft in ASUS AiProtection features on those routers.”

Firmware

Firmware Internet Internet Hacking

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. Palo Alto Networks recommended reviewing best practices for securing management access to its devices. . We are actively investigating this activity.” 173.239.218[.]251

Firewall

Firewall Internet Internet VPN

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085.

Internet

Internet Internet Ransomware Authentication

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.

Internet

Internet Internet Software Hacking

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.”

Internet

Internet Internet DNS Telecommunications

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Security Affairs

NOVEMBER 10, 2024

internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China-linked threat actors have breached several U.S. Wall Street Journal reported.

Hacking

Hacking Internet Internet Government

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. from fake websites (phishing sites) disguised as websites of real securities companies.” ” reads the FSA’s alert.

Financial Services

Financial Services Passwords Accountability Antivirus

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

8037 or newer The vendor also provided the following mitigation: “To minimize the potential impact of SSLVPN vulnerabilities, please ensure that access is limited to trusted sources, or disable SSLVPN access from the Internet. For more information about disabling firewall SSLVPN access, see: how-can-i-setup-ssl-vpn.”

Firewall

Firewall Firmware VPN Authentication

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union.

Internet

Internet Internet Phishing Scams

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. ” Palo Alto Networks recommends reviewing best practices for securing management access to its devices.

Firewall

Firewall Authentication Internet Internet

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The Real Internet of Things: Details and Examples. How to use this model.

Authentication

Authentication Passwords Internet Internet

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. that provides voice, video, data, and Internet telecommunications to consumers in France. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Luxury department store Harrods suffered a cyberattack

Security Affairs

MAY 2, 2025

. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today. ” In response to the attack, the company had “restricted internet access at its sites,” however Harrods’ site remained online.

Retail

Retail Internet Internet Data breaches

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Security Affairs

JANUARY 3, 2025

Researchers at SafeBreach Labs developed a proof of concept exploit for this vulnerability that crashes any unpatched Windows Server (not just Domain Controllers) with Internet connectivity. ” states the report published by SafeBreach.

DNS

DNS Internet Internet Hacking

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

“We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” If you’ve ever thought about running a Tor bridge, now is the time.

Government

Government Internet Internet Hacking

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

Joseph Steinberg

JUNE 10, 2022

While “ zero trust ” has been a buzzword for some time, the principle of zero trust, and expenditures toward getting organizational policies, procedures, and infrastructure closer to delivering it, is gaining acceptance as constituting a fundamental component of information security programs.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Wireless

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

Security Affairs

NOVEMBER 3, 2024

The international operation was coordinated by the Central Office for Combating Internet Crime ( ZIT ) of the Public Prosecutor General’s Office in Frankfurt am Main, the Hessian State Criminal Police Office ( HLKA ) and the Federal Criminal Police Office (BKA). ” said The head of the ZIT, senior public prosecutor Dr.

DDOS

DDOS Internet Internet Hacking

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

was used by tens of millions of websites approximately 4% of all sites on the internet which highlights the severity of the incident, whose full impact is yet to be determined. However, delegating tasks also introduces new information security challenges. Why does it matter? According to Cloudflare, Polyfill.io

Internet

Internet Internet Risk Social Engineering

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Daniel Miessler

DECEMBER 18, 2021

Just to point out to those panicking about this right now: this is a very uncommon situation to be vulnerable from this cve in a “readily exploitable from the internet” way. And the internet moves fast. And Nate figured this out like 4 days ago! So, if you’re already patched to 2.15 This also applies to the DoS that 2.17

Internet

Internet Internet Information Security

A botnet exploits e GeoVision zero-day to compromise EoL devices

Security Affairs

NOVEMBER 16, 2024

According to Shadowserver Foundation, there are approximately 17,000 Internet-facing GeoVision devices vulnerable to the CVE-2024-11120 zero-day. . “Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.” ” The botnet was used to carry out DDoS or cryptomining attacks.

DDOS

DDOS Internet Internet Hacking

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Security Affairs

NOVEMBER 12, 2024

Below are the descriptions for these two vulnerabilities: CVE-2024-43451 : An NTLM Hash Disclosure Spoofing vulnerability in MSHTML allows attackers to extract a user’s NTLMv2 hash via Internet Explorer components in WebBrowser control. Although user interaction is needed, attackers can still exploit this to impersonate the victim.

Internet

Internet Internet Hacking Data breaches

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." The attack goes to show that, truly, nothing Internet-connected is sacred." Identity security is paramount in today's threat landscape.

Password Management

Password Management Passwords CISO Cybersecurity

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

Yet, it is important to understand that, if deployed without proper planning or otherwise utilized improperly, encryption can also become a dangerous double-edged sword; it can sometimes even detract from information security rather than enhance it.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

JANUARY 20, 2022

Zero Trust is a concept, an approach to information security that dramatically deviates from the approach commonly taken at businesses worldwide by security professionals for many years. . • Zero Trust cannot be purchased off the shelf even from a combination of vendors. So, what is Zero Trust – in layman’s terms?

Cybersecurity

Cybersecurity Artificial Intelligence Ransomware Social Engineering

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

JANUARY 22, 2025

Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.

Software

Software Internet Internet Hacking

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

At issue is a well-known security and privacy threat called “ namespace collision ,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. SSL/TLS certs). Image: Defcon.org.

DNS

DNS Internet Internet Authentication

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

The vendor also provided a workaround to minimize potential risks, they recommended to restrict firewall management to trusted sources or disable firewall WAN management from Internet access. Similarly, for SSLVPN, ensure that access is limited to trusted sources or disable SSLVPN access from the Internet.

VPN

VPN Ransomware Firewall Internet

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Security Affairs

OCTOBER 24, 2024

Mandiant urges organizations that may have their FortiManager exposed to the internet to conduct a forensic investigation. As additional information becomes available through our investigations, Mandiant will update this blog’s attribution assessment.” ” concludes Mandiant. ” concludes Mandiant.

Authentication

Authentication Internet Internet Hacking

Microsoft warns of critical flaw in Canon printer drivers

Security Affairs

APRIL 1, 2025

“If the product is connected directly to the Internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack.” . “Canon U.S.A., ” reads the advisory.

Engineering

Engineering Internet Internet Hacking

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Many of the infected systems were Internet of Things (IoT) devices , including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. “Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We

Cybercrime

Cybercrime Advertising IoT Malware

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

Many of the exposed IP addresses belong to major providers such as Deutsche Telekom, Vodafone, and other major internet service providers. The majority of devices included in the data leak are located in Mexico (1,603), the USA (679), and Germany (208). FortiNet has yet to comment on the case.

VPN

VPN Passwords Firewall Firmware

Internet Archive data breach impacted 31M users

Internet Archive was breached twice in a month

Trending Sources

Internet Archive Hacked, Introducing The AI Toilet Camera

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Welcoming the Czech Republic Government to Have I Been Pwned

BadBox rapidly grows, 190,000 Android devices infected

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

North Korea-linked APT37 exploited IE zero-day in a recent attack

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Report: U.S. Cyber Command Behind Trickbot Tricks

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

SonicWall warns of an exploitable SonicOS vulnerability

ICANN Launches Service to Help With WHOIS Lookups

Palo Alto Networks warns of potential RCE in PAN-OS management interface

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

CASMM (The Consumer Authentication Strength Maturity Model)

France’s second-largest telecoms provider Free suffered a cyber attack

Luxury department store Harrods suffered a cyberattack

LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Zero Trust and the Failure of Sampling: Two Important Cybersecurity Trends

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

Story of the Year: global IT outages and supply chain attacks

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

A botnet exploits e GeoVision zero-day to compromise EoL devices

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Local Networks Go Global When Domain Names Collide

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

Microsoft warns of critical flaw in Canon printer drivers

Who and What is Behind the Malware Proxy Service SocksEscort?

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Stay Connected