2007 and Security - Information Management Today

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years.

Government

Government IT Access Information Security

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. .” ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Data Breach Today

APRIL 8, 2020

Fix Released in February Only Installed on 18 Percent of Servers, Rapid7 Warns Patch or perish alert: Less than 20 percent of vulnerable Microsoft Exchange servers have received a fix for a serious flaw that Microsoft first disclosed nearly two months ago, security firm Rapid7 warns.

Security

Security IT

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector.

Computer and Electronics

Computer and Electronics Digital transformation Government IT

How 30 Lines of Code Blew Up a 27-Ton Generator

WIRED Threat Level

OCTOBER 23, 2020

A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif.

Security

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. The post Colombian authorities arrested hacker behind the Gozi Virus appeared first on Security Affairs.

Security

Security IT Cybersecurity Information Security

Reddit locked Down accounts due to alleged security breach

Security Affairs

JANUARY 10, 2019

Reddit locked down a large number of user accounts after due to a security concern after detecting suspicious activity on them. . A large group of accounts were locked down due to a security concern. In August 2018, Reddit warned users of a security breach, an attacker broke into the systems of the platform and accessed user data.

Security

Security Data breaches Passwords Access

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. ” Now the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Authentication

Authentication Data breaches Communications Access

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

Security experts Simon Zuckerbraun from Zero Day Initiative published technical details on how to exploit the Microsoft Exchange CVE-2020-0688 along with a video PoC. A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Authentication

Authentication Communications Cybersecurity Security

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. The post LockBit Ransomware operators hit Swiss helicopter maker Kopter appeared first on Security Affairs. The company focuses on the design of small and medium-class civilian helicopters such as the SH09 helicopter.

Ransomware

Ransomware Encryption Passwords Authentication

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates. The vulnerability CVE-2022-38028 was reported by the U.S. APT28 deployed GooseEgg to gain elevated access to target systems and steal credentials and sensitive information.

Military

Military File names Education Phishing

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The post Grief ransomware gang hit US National Rifle Association (NRA) appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Government IT Security

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

Since at least 2007, Web Listings Inc. The mailer references the domain name web-listings.net , one of several similarly-named domains registered sometime in 2007 or later to a “ James Madison ,” who lists his address variously as a university in New Britain, Connecticut or a UPS Store mailbox in Niagara Falls, New York.

Marketing

Marketing Sales Financial Services IT

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists. At the time of this writing, no ransomware group has claimed responsibility for the security breach. ” reads the Notice of Data Incident published by the company.

Education

Education Data breaches Ransomware Access

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. financial sector hacks, from approximately 2007 to mid-2015 TYURIN also conducted cyberattacks against numerous U.S. financial sector hacks, from approximately 2007 to mid-2015 TYURIN also conducted cyberattacks against numerous U.S.

Marketing

Marketing Security Risk Information Security

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

Security Affairs

SEPTEMBER 26, 2018

Security researchers have discovered a new integer overflow vulnerability in Linux Kernel, dubbed Mutagen Astronomy, that affects Red Hat, CentOS, and Debian Distributions. The flaw tracked as CVE-2018-14634 affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, x and 4.14.x,

Access

Access Security IT

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The post Evil Corp rebrands their ransomware, this time is the Macaw Locker appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Government

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July.

Government

Government Security IT Information Security

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) uploaded the samples on the Virus Total online virus scan platform. The post US Cyber Command details implants used in attacks on parliaments and embassies appeared first on Security Affairs.

Cybersecurity

Cybersecurity Government Security IT

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

“As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. Brovko was involved in the illegal practice between 2007 and 2019. ” reads the press release published by the DoJ.

Data collection

Data collection Access Security IT

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software.

Cybersecurity

Cybersecurity Ransomware Security IT

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. The post Belgium telecom operators Proximus and Orange drop Huawei appeared first on Security Affairs.

Manufacturing

Manufacturing Risk Communications Security

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub , allegedly employed by Russia-linked the APT28 group. The post FBI and NSA joint report details APT28’s Linux malware Drovorub appeared first on Security Affairs. Pierluigi Paganini.

Military

Military IoT Government Phishing

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

“A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available. Der Spiegel pointed out that TeamViewer did not disclose the security breach to the public. “In said company spokesman.

Access

Access Security IT Information Security

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

Security Affairs

OCTOBER 25, 2018

Security Affairs – ICO, Cambridge Analytica). The post UK ICO fines Facebook with maximum for Cambridge Analytica scandal appeared first on Security Affairs. The announcement was made by the UK’s data protection regulator, Information Commissioner Elizabeth Denham. ” she said. Pierluigi Paganini.

GDPR

GDPR Access Privacy Security

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. and above 2007 Workspace ONE UEM patch 20.7.0.17 The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds.

Access

Access Authentication Cloud Security

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions. The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . Follow me on Twitter: @securityaffairs and Facebook.

Sales

Sales Government Encryption Communications

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. If you signed up for Reddit after 2007, you’re clear here.

Data breaches

Data breaches Access Passwords Authentication

79 Netgear router models affected by a dangerous Zero-day

Security Affairs

JUNE 18, 2020

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. The security experts reported the vulnerability to the vendor early this year. Oldest firmware versions have been released as far back as 2007. Pierluigi Paganini.

Security

Security Communications IT Information Security

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Government Authentication

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. As we dug into the issue, we realized this was in fact CVE-2007-4559.” ” reads the post published by security firm Trellix.”The

Archiving

Archiving File names Metadata Security

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

and Israel get Stuxnet onto the highly secured Natanz plant? In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. “[T Security Affairs – Stuxnet, ICS).

Military

Military Manufacturing Access Security

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

According to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation (FBI), and U.S. The post North Korea-linked APT group BeagleBoyz targets banks appeared first on Security Affairs. Pierluigi Paganini.

Access

Access Government Ransomware Cybersecurity

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Healthcare

Healthcare Phishing Archiving Education

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reads the analysis published by Palo Alto Networks.

Security

Security Government IT Information Security

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. This information contains, for example, the list of installed security patches.” The document also includes a series of recommendations to protect against this type of attack.

Military

Military Phishing Government Security

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

In June, security experts from Symantec reported that at least 31 organizations in the United States have been targeted with the recently discovered WastedLocker ransomware. This group has been active since at least 2007, in December 2019, the U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V. (32)

Ransomware

Ransomware Retail Manufacturing Encryption

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors.

Mining

Mining Manufacturing Government Phishing

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. Pierluigi Paganini. SecurityAffairs – hacking, Turla).

Security

Security Government IT Information Security

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. com / wp -includes/data_from_db_top [. ] Pierluigi Paganini.

Archiving

Archiving Government Communications IT

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The post Russia-linked APT28 has been scanning vulnerable email servers in the last year appeared first on Security Affairs. Pierluigi Paganini.

Phishing

Phishing Military Government Passwords

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Pierluigi Paganini.

Healthcare

Healthcare Communications IT Security

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Megatraffer explained that malware purveyors need a certificate because many antivirus products will be far more interested in unsigned software, and because signed files downloaded from the Internet don’t tend to get blocked by security features built into modern web browsers. “Why do I need a certificate? ru in 2008.

Healthcare

Healthcare Passwords Sales Ransomware

The Mask APT is back after 10 years of silence

Microsoft: North Korea-linked Zinc APT targets security experts

Webinars

Trending Sources

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Webinars

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

How 30 Lines of Code Blew Up a 27-Ton Generator

Colombian authorities arrested hacker behind the Gozi Virus

Reddit locked Down accounts due to alleged security breach

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Grief ransomware gang hit US National Rifle Association (NRA)

Who’s Behind the ‘Web Listings’ Mail Scam?

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

Evil Corp rebrands their ransomware, this time is the Macaw Locker

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

US Cyber Command details implants used in attacks on parliaments and embassies

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Belgium telecom operators Proximus and Orange drop Huawei

FBI and NSA joint report details APT28’s Linux malware Drovorub

Russia-linked group APT29 likely breached TeamViewer’s corporate network

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

French court indicted Nexa Technologies for complicity in acts of torture

Reddit discloses a data breach, a hacker accessed user data

79 Netgear router models affected by a dangerous Zero-day

APT28 targets key networks in Europe with HeadLace malware

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

North Korea-linked APT group BeagleBoyz targets banks

Financially motivated Earth Lusca threat actors targets organizations worldwide

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Connecting the dots between SolarWinds and Russia-linked Turla APT

Russia-Linked Turla APT uses new malware in watering hole attacks

Russia-linked APT28 has been scanning vulnerable email servers in the last year

China-linked Winnti APT targets South Korean Gaming firm

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Stay Connected