2012 - Information Management Today

Horde Webmail Software is affected by a dangerous bug since 2012

Security Affairs

FEBRUARY 23, 2022

The bug affects all the versions since the commit that took place on 30 Nov 2012. The post Horde Webmail Software is affected by a dangerous bug since 2012 appeared first on Security Affairs. .” The vulnerability discovered by Sonarsource is a stored XSS vulnerability that was introduced with the commit 325a7ae , 9 years ago.

Access

Access Communications Government Security

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

Kislitsin is accused of hacking into the now-defunct social networking site Formspring in 2012, and conspiring with another Russian man convicted of stealing tens of millions of usernames and passwords from LinkedIn and Dropbox that same year. Nikita Kislitsin, at a security conference in Russia. prison system.

Cybersecurity

Cybersecurity Passwords Government Security

Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012

Security Affairs

OCTOBER 9, 2019

The post Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012 appeared first on Security Affairs. . ~ Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – iTerms2, hacking).

Security

Security Cybersecurity IT Information Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Microsoft rolled out emergency updates to fix Windows Server auth failures

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication

Authentication Security IT Information Security

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Windows Server 2012: If the command returns false, SMBv1 is not enabled. Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled. Windows Server 2012: Set-SmbServerConfiguration -EnableSMB1Protocol $false -force. Get-SmbServerConfiguration | Select EnableSMB1Protocol. Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Communications Encryption IT

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Sales

Sales Passwords Data breaches Phishing

Russian watchdog fines Twitter, Facebook for not moving user data to local servers

Security Affairs

FEBRUARY 14, 2020

According to the media, these are the largest penalties imposed by the Kremlin on Western IT firms under internet use laws since 2012. ” reported the Associated Press.

Personal data

Personal data Government Security IT

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

JULY 24, 2024

Remote attackers can exploit the flaw to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. is a use-after-free issue in Microsoft Internet Explorer 6 through 8.

IT

IT Cybersecurity Access Risk

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. Source: US Defense Watch.com.

Passwords

Passwords Sales Phishing Access

Threat actors are offering for sale 550 million stolen user records

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million September 2012 Bukalapak.com 13 million February 2018 Bookmate.com 8 million July 2018 ReverbNation.com 7.9

Sales

Sales Data breaches Archiving Passwords

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

and Windows Server 2012 R2 systems. and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. and Windows Server 2012 R2. and Windows Server 2012 R2,” reads Microsoft’s advisory. Microsoft released this week an out-of-band security update for Windows 8.1

Security

Security Access IT Information Security

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Security

Security Access Cybersecurity Risk

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 13, 2012, after a state IT contractor clicked a malicious link in an email.

Sales

Sales Retail Insurance IT

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Education

Education Authentication Access Security

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 12, 2025

The exploit, linked to the PipeMagic backdoor , has targeted unsupported Windows versions like Server 2012 R2 and 8.1 The flaw enables attackers with low privileges to escalate to SYSTEM privileges but requires winning a race condition. but also affects Windows 10 (build 1809 and earlier) and Server 2016.

IT

IT Cybersecurity Access Security

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. NetWire has been sold openly on the same website since 2012: worldwiredlabs[.]com. org , also registered in 2012.

Access

Access Passwords Sales Retail

Police Shutter Largest German-Speaking Criminal Marketplace

Data Breach Today

DECEMBER 4, 2024

Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. Crimenetwork Served as a Platform for Illegal Goods and Services German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services.

Marketing

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Security Affairs

NOVEMBER 24, 2020

Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. Operators behind the botnet powered a massive adware campaign active since 2012, crooks mainly targeted users in Russia, Ukraine, Belarus, and Kazakhstan searching for pirated software.

IT

IT Security Information Security

Authorities Bust Accused Seller of Widely Used RAT Malware

Data Breach Today

FEBRUARY 12, 2024

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection (..)

Sales

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Data provided in the reports are disconcerting, British telecommunications firms supported GCHQ in collecting a large volume of internet data from undersea cables, the overall amount of information from 2007 to 2012 registered a 7,000-fold increase, meanwhile, the spying system monitored nearly 46 billion private communications “events” every day.

Military

Military Communications Data collection Access

Authorities Take Down Seller of Widely Used RAT Malware

Data Breach Today

FEBRUARY 9, 2024

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection (..)

Sales

Julian Assange sentenced to 50 weeks in jail

Security Affairs

MAY 1, 2019

Julian Assange has been sentenced to 11 months in prison for breaching his bail conditions in 2012 and finding asylum into Ecuadorian embassy for more than seven years. Immediately after his arrest, Assange was convicted at Westminster Magistrates’ Court of jumping the bail in June 2012 after the extradition order to Sweden.

Security

Security IT

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs

JUNE 9, 2024

This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. ” reads the advisory published by DEVCORE.

Honeypots

Honeypots IT Cybersecurity Risk

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . A threat actor that goes online with the name “integra” has deposited 26.99

Security

Security Access Cybersecurity Information Security

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Security

Security IT Cybersecurity Information Security

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, the managed a network of servers containing lists of millions of stolen login credentials.

Passwords

Passwords Security Access IT

Lebanese Cedar APT group broke into telco and ISPs worldwide

Security Affairs

JANUARY 28, 2021

The APT group has been active since 2012, experts linked the group to the Hezbollah militant group. CVE-2012-3152). Clearsky researchers linked the Lebanese Cedar group (aka Volatile Cedar) to a cyber espionage campaign that targeted companies around the world.

Access

Access Security Information Security IT

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

In 2012 a British judge ruled WikiLeaks founder Julian Assange should be extradited to Sweden to face allegations of sexual assault there, but Assange received political asylum from Ecuador and spent the last years in its London embassy.

Military

Military Government Risk Passwords

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents.

Libraries

Libraries Encryption Security IT

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

The presence of the ‘ VelvetSweatshop’ hardcoded password is known since 2012 and it is tracked as CVE-2012-0158. The process could be automated using the default VelvetSweatshop password used by Excel to protect the files that have been sent in read-only mode.

Passwords

Passwords Encryption Security IT

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Security Affairs

SEPTEMBER 19, 2021

Fahd was the mind behind a criminal scheme that begun in 2012 and that caused more than $200 million in losses to the company, according to DoJ, he continued his activity even after he became aware that law enforcement was investigating. ” reads the press release published by DoJ.

IT

IT Security Information Security

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Risk

Risk Security IT

DeathStalker cyber-mercenary group targets the financial sector

Security Affairs

AUGUST 26, 2020

A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012.

Archiving

Archiving Phishing Communications Ransomware

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” reads a press release published by DoJ. ’ (aka Dragonfly , Berzerk Bear, Energetic Bear, and Crouching Yeti ).

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

Cicada 3301 is the name given to three sets of puzzles posted under the name “3301” online between 2012 and 2014. The first puzzle started on January 4, 2012, on 4chan and ran for nearly a month. The following image shows the list of victims published by the gang on its Dark Web leak site.

Ransomware

Ransomware Encryption Libraries IT

Wikileaks founder Julian Assange is free

Security Affairs

JUNE 25, 2024

In 2012 a British judge ruled WikiLeaks founder Julian Assange should be extradited to Sweden to face allegations of sexual assault there, but Assange received political asylum from Ecuador and spent the last years in its London embassy.

Military

Military Passwords Access Government

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware

Ransomware Security Cybersecurity Risk

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

They also used Bitcoin addresses associated with their accounts on two other Bitcoin exchanges The two Russian nations also used a Bitcoin brokerage service known as the New York Bitcoin Broker to transfer large amounts of funds to overseas bank accounts between March 2012 and April 2013 under the guise of an advertising services contract.

Access

Access Security IT Information Security

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Security Affairs

DECEMBER 20, 2018

The IE zero-day vulnerability impacts IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, IE 11 from Windows 7 to Windows 10, and IE 11 on Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security IT

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Windows Server 2012 R2: KB5010794 Windows Server 2012: KB5010797. Emergency out-of-band (OOB) updates through Windows Update are optional updates and have to be manually installed. Below are the updates can only be downloaded through the Microsoft Update Catalog: Windows 8.1,

Security

Security Access Information Security IT

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. According to people involved, Chinese hackers Tick may have been involved.

Manufacturing

Manufacturing Data breaches Access Sales

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data. “According to people involved, Chinese hackers Tick may have been involved.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Security Affairs

JULY 10, 2022

According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). The researchers tested a remote keyless entry system (RKE) that allows to remotely unlock or start a vehicle and discovered the Rolling-PWN attack issue. Therefore, those commands can be used later to unlock the car at will.”

Marketing

Marketing Security IT Information Security

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Security Affairs

MAY 16, 2019

was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. replaces the original Attack Surface Analzyer tool, released publicly in 2012.” The first version of the Attack Surface Analyzer 1.0 “Attack Surface Analyzer 2.0

IT

IT Security Risk Information Security

Horde Webmail Software is affected by a dangerous bug since 2012

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Webinars

Trending Sources

Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012

Webinars

Microsoft rolled out emergency updates to fix Windows Server auth failures

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Russian watchdog fines Twitter, Facebook for not moving user data to local servers

U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Threat actors are offering for sale 550 million stolen user records

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

A critical flaw in industrial automation systems opens to remote hack

Who Stole 3.6M Tax Records from South Carolina?

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Who’s Behind the NetWire Remote Access Trojan?

Police Shutter Largest German-Speaking Criminal Marketplace

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Authorities Bust Accused Seller of Widely Used RAT Malware

Russian spies are attempting to tap transatlantic undersea cables

Authorities Take Down Seller of Widely Used RAT Malware

Julian Assange sentenced to 50 weeks in jail

PHP addressed critical RCE flaw potentially impacting millions of servers

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Colombian authorities arrested hacker behind the Gozi Virus

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Lebanese Cedar APT group broke into telco and ISPs worldwide

British Court rejects the US’s request to extradite Julian Assange

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

Microsoft Issues Emergency Fix for IE Zero Day

DeathStalker cyber-mercenary group targets the financial sector

US indicted 4 Russian government employees for attacks on critical infrastructure

A new variant of Cicada ransomware targets VMware ESXi systems

Wikileaks founder Julian Assange is free

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Mitsubishi Electric discloses data breach, media blame China-linked APT

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Stay Connected