2009 and Communications - Information Management Today

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

The Platinum cyber espionage group uses steganographic technique to hide communications with the Command and Control Servers (C&C). Experts from Kaspersky have linked the Platinum APT group with cyber attacks involving an elaborate, and new steganographic technique used to hide communications with C2 servers. Pierluigi Paganini.

Communications

Communications Encryption Military Government

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

The vulnerability, tracked as CVE-2009-0692 , could be exploited by an attacker to crash the ISC DHCP client and execute arbitrary code with the permissions of the client. Avaya did not address the vulnerability issue in some of its VoIP devices by applying the necessary patches that were released after the discovery of the flaw in 2009.

IoT

IoT Communications Privacy Risk

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Ireland is a strategic place for intercontinental communications because it represents the place where undersea cables which carry internet traffic connect to Europe. This has raised concerns that Russian agents are checking the cables for weak points, with a view to tapping or even damaging them in the future.” Source [link].

Military

Military Communications Data collection Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. The targets of the two groups show significant overlap, Billbug also targeted organizations many military and government organizations in South Asia since at least January 2009.

Military

Military Communications Government Education

Newly Discovered Malware Evades Detection by Hijacking Communications

eSecurity Planet

MARCH 1, 2022

However, Symantec researchers concluded Daxin is particularly stealthy, with a powerful ability to communicate over hijacked TCP/IP connections. Multi-node Communications a New Tactic. Codebase Dates to 2009. The post Newly Discovered Malware Evades Detection by Hijacking Communications appeared first on eSecurityPlanet.

Communications

Communications Encryption Government Cybersecurity

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The use of MSP is increasing the attack surface for attackers, the DHS’ alert TA18-276B , is related to activity that was uncovered by DHS’ National Cybersecurity and Communications Integration Center (NCCIC) in April 2017. ” reads the alert issued by DHS. APT actors have targeted victims in several U.S.

Communications

Communications Manufacturing Cybersecurity Phishing

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The Mac RAT implements a C&C communication similar to the Linux variant.

Libraries

Libraries Communications Encryption Authentication

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Manufacturing

Manufacturing Risk Communications Security

The Now-Defunct Firms Behind 8chan, QAnon

Krebs on Security

OCTOBER 22, 2020

The same is true for Centauri Communications , a Freemont, Calif.-based ” It appears that Centauri hasn’t filed any business records with the state since 2009, and the state subsequently suspended the company’s license to do business in Aug. Neither Centauri Communications nor N.T. Click to Enlarge.

Communications

Communications IT Access Security

PwnKit: Local Privilege Escalation bug affects major Linux distros

Security Affairs

JANUARY 26, 2022

The flaw, dubbed PwnKit, was introduced more than 12 years ago (May 2009) since the initial commit of pkexec, this means that all the versions are affected. It allows non-privileged processes to communicate with privileged processes. Polkit (formerly PolicyKit) is a component used to controll system-wide privileges in Unix-like OS.

Communications

Communications IT Security Information Security

ENISA provides data related to major telecom security incidents in 2021

Security Affairs

JULY 28, 2022

The reporting of security incidents has been part of the EU’s regulatory framework for telecoms since the 2009 reform of the telecoms package. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.

Security

Security Authentication Communications IT

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io

Security

Security Phishing Information Security Communications

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Security Affairs

JUNE 17, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. For further communication with the customer, they used their own email address mimicking the victim’s.”

Military

Military Archiving Passwords Communications

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

The Missouri Highway Patrol report includes an interview with Mallory McGowin , the chief communications officer for the state’s Department of Elementary and Secondary Education (DESE). She stated in 2009, policy was changed to move all information technology services to the Office of Administration.”

Education

Education Access Security Communications

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Security Affairs

JANUARY 16, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The PowerRatankba sample used in the Chilean interbank attack, differently from other variants, communicates to the C&C server on HTTPS.

Communications

Communications Ransomware Security IT

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. “They have developed custom PowerShell scripts that communicate with malicious C2 servers and execute commands from the operator.

Communications

Communications Ransomware IT Security

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

The leaked information included names, phone numbers, emails, private communication via SMS messages, passwords, and employees’ credentials. Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail.

Personal data

Personal data Passwords Phishing Communications

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

SEPTEMBER 15, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. . This shows that APT10 is very capable of maintaining and updating their malware,” .

Phishing

Phishing Passwords Encryption Communications

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Zinc APT group, aka Lazarus, surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Security

Security Encryption Passwords Communications

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. This is a common used technique by the Lazarus Group.” ” continues the analysis.

CMS

CMS File names Encryption Access

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In one incident in 2017, HIDDEN COBRA actors enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries.

Retail

Retail Libraries Government Phishing

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

DECEMBER 21, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Computer and Electronics

Computer and Electronics Healthcare Manufacturing Government

US authorities aim to dismantle North Korea’s Joanap Botnet

Security Affairs

FEBRUARY 1, 2019

The authorities set up servers that mimic the botnet’s communication system in order to collect information on infected systems and share them with ISP and the owners of the compromised computers.

Military

Military Access Communications Security

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Metadata

Metadata Phishing Communications Ransomware

0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects

Security Affairs

JULY 20, 2019

According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum. Mentor – a project to spy on email communications managed by Russian companies. Reward – a project to covertly penetrate P2P networks.

Data breaches

Data breaches Military Communications Security

Microsoft Buys Corp.com So Bad Guys Can’t

Krebs on Security

APRIL 7, 2020

In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this “corp” designation for its Active Directory domain.

Sales

Sales Risk Access Security

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. mod module is responsible of providing communication with the C2 server, providing the malware integrity and persistence mechanism and managing other malware modules. .” The dump also included an intriguing Pyton script named sigs.py mod and glue30.dll. The updater.

Libraries

Libraries Phishing Communications Cloud

Severe vulnerabilities allow hacking older GE anesthesia machines

Security Affairs

JULY 10, 2019

. “If an attacker gains access to a hospital’s network and if the GE Aestiva or GE Aespire devices are connected via terminal servers, the attacker can force the device(s) to revert to an earlier, less secure version of the communication protocol and remotely modify parameters without authorization.”

Risk

Risk Manufacturing Access Authentication

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. that dates back to 2009. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library.

Libraries

Libraries Manufacturing Security Communications

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

According to cyber intelligence firm Intel 471 , Megatraffer has been active on more than a half-dozen crime forums from September 2009 to the present day. In November 2009, Fitis wrote, “I am the perfect criminal. WHO IS MEGATRAFFER? And on most of these identities, Megatraffer has used the email address 774748@gmail.com.

Healthcare

Healthcare Passwords Sales Ransomware

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Phishing

Phishing Encryption Communications Ransomware

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

An ad for war.md, circa 2009. ru ) show that in 2009 he was a spammer who peddled knockoff prescription drugs via Rx-Promotion , once one of the largest pharmacy spam moneymaking programs for Russian-speaking affiliates. Neculiti was the owner of war[.]md Cached copies of DonChicho’s vanity domain ( donchicho[.]ru

Cloud

Cloud Education Government Communications

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). biz, circa 2007.

Encryption

Encryption Ransomware Government Communications

Hackers Expose Russian FSB Cyberattack Projects

Schneier on Security

JULY 22, 2019

More nation-state activity in cyberspace, this time from Russia : Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum.

Communications

Communications IT

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

Icamis and Sal were in daily communications with these botmasters, via the Spamdot forum and private messages. Also, it was common for Icamis to reply when Spamdot members communicated a request or complaint to Sal, and vice versa. Image: maps.google.com Still, other clues suggested Icamis and Sal were two separate individuals.

Computer and Electronics

Computer and Electronics Passwords Government Sales

4-year old Misfortune Cookie vulnerability threatens Capsule Technologies medical gateway device

Security Affairs

AUGUST 30, 2018

. “Altering the availability and/or configuration of the Capsule Datacaptor Terminal Server directly influences the connectivity of the medical device and allows spoofing communication to and/or from the medical device. ” continues the report. .

IoT

IoT Manufacturing Communications Security

Where next for Enterprise RSS in 2009

ChiefTech

DECEMBER 18, 2008

At the end of the day enterprise RSS is predicated on the notion that shoving all communications through email is too inefficient and must be augmented with other communications channels. Or is it something you plan to look at in 2009? In other words, all is not well in the enterprise RSS space.I’m

Communications

Communications IT

Cybaze-Yoroi ZLab analyze GoBrut: A new GoLang Botnet

Security Affairs

MARCH 1, 2019

Malware written in Go programming language has roots almost a decade ago, few years after its first public release back in 2009: starting from InfoStealer samples discovered since 2012 and abused in cyber-criminal campaigns, to modern cyber arsenal like the Sofacy one. Figure 3: Command and Control communication routine. Introduction.

Authentication

Authentication IT Communications Security

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast.

IT

IT Archiving Encryption Passwords

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

Krebs on Security

MARCH 2, 2025

The attorneys said when they tried to verify Lanterman’s work history, “the police department responded with a story that would be almost impossible to believe if it was not corroborated by Lanterman’s own email communications.” ” As recounted in the March 14 filing, Lanterman was deposed on Feb.

Computer and Electronics

Computer and Electronics Cybersecurity Education Sales

Microsoft Buys Corp.com

Schneier on Security

APRIL 9, 2020

In practical terms, this means that whoever controls corp.com can passively intercept private communications from hundreds of thousands of computers that end up being taken outside of a corporate environment which uses this "corp" designation for its Active Directory domain.

Communications

Communications Access Security IT

Exclusive – Analysis of the sample that hit the Kudankulam Nuclear Power Plant

Security Affairs

NOVEMBER 3, 2019

The analyzed sample is quite modular and it can be weaponized with many capabilities for example: external communication over TLS, Command and Control and RAT, but on my runs the sample never showed such additional behaviors. Attribution. Attribution is always a very hard and challenging section in Malware Analyses.

IT

IT Communications Security Information Security

FAQ: Are text messages records? (redux)

The Texas Record

SEPTEMBER 21, 2017

The fact that a text is (usually) a short electronic communication, even one sent and/or received on a device you own, does not prevent it from being a government record. Just because government transacts business by SMS instead of email or paper doesn’t change the communication’s status as a record. City of Lubbock (Aug.

Government

Government Paper Communications Cloud

This is the old ChiefTech blog.: Matt's Knowledge Management definition

ChiefTech

JUNE 26, 2007

©2005-2009. From last nights KM Forum with Matt Moore : " Knowledge Management is people communicating with each other about what they do, so they can do it better. " And dont assume that communication equals technology. This is the old ChiefTech blog. Nice of you to drop in and visit. Or something like that anyway.

Communications

Communications Paper Archiving IT

Platinum APT and leverages steganography to hide C2 communications

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Webinars

Trending Sources

Russian spies are attempting to tap transatlantic undersea cables

Webinars

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Newly Discovered Malware Evades Detection by Hijacking Communications

DHS issued an alert on attacks aimed at Managed Service Providers

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Belgium telecom operators Proximus and Orange drop Huawei

The Now-Defunct Firms Behind 8chan, QAnon

PwnKit: Local Privilege Escalation bug affects major Linux distros

ENISA provides data related to major telecom security incidents in 2021

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Operation In(ter)reception targets Military and Aerospace employees in Europe and the Middle East

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Personal info of 90k hikers leaked by French tourism company La Malle Postale

China-linked APT10 group behind new attacks on the Japanese media sector

Microsoft: North Korea-linked Zinc APT targets security experts

Dacls RAT, the first Lazarus malware that targets Linux devices

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

US authorities aim to dismantle North Korea’s Joanap Botnet

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

0v1ru$ hackers breach FSB contractor SyTech and expose Russian intel projects

Microsoft Buys Corp.com So Bad Guys Can’t

Mysterious DarkUniverse APT remained undetected for 8 years

Severe vulnerabilities allow hacking older GE anesthesia machines

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Ask Fitis, the Bear: Real Crooks Sign Their Malware

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Stark Industries Solutions: An Iron Hammer in the Cloud

Adventures in Contacting the Russian FSB

Hackers Expose Russian FSB Cyberattack Projects

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

4-year old Misfortune Cookie vulnerability threatens Capsule Technologies medical gateway device

Where next for Enterprise RSS in 2009

Cybaze-Yoroi ZLab analyze GoBrut: A new GoLang Botnet

The Platinum APT group adds the Titanium backdoor to its arsenal

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

Microsoft Buys Corp.com

Exclusive – Analysis of the sample that hit the Kudankulam Nuclear Power Plant

FAQ: Are text messages records? (redux)

This is the old ChiefTech blog.: Matt's Knowledge Management definition

Stay Connected