2014 and Security - Information Management Today

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. CVE-2024-8357 : Lack of root of trust in App SoC, risking persistent attacker control by bypassing boot security checks. ” reads the advisory.

Ransomware

Ransomware Manufacturing Access Risk

France national cyber-security agency warns of a surge in Emotet attacks

Security Affairs

SEPTEMBER 7, 2020

The French national cyber-security agency warns of a surge in Emotet attacks targeting the private sector and public administration entities. The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

Security

Security Ransomware Access Information Security

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Security Affairs

NOVEMBER 4, 2020

Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code. Cisco has disclosed a zero-day vulnerability, tracked as CVE-2020-3556, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code.

Security

Security Authentication Communications IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Original post: [link].

Security

Security IoT Passwords Manufacturing

Polish Space Agency POLSA disconnected its network following a cyberattack

Security Affairs

MARCH 5, 2025

The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that suggests it was the victim of a ransomware attack. To secure data after the breach, POLSA’s network was immediately disconnected from the internet. . “A cybersecurity incident has occurred at POLSA.

IT

IT Ransomware Cybersecurity Security

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

RedFoxtrot has been active since at least 2014 and focused on gathering military intelligence from neighboring countries, it is suspected to work under the PLA China-linked Unit 69010. The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” Pierluigi Paganini.

Security

Security Military Insurance Cybersecurity

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. .” ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Passwords Authentication Security

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date.

Government

Government IT Access Information Security

Staples discloses data breach exposing customer order data

Security Affairs

SEPTEMBER 14, 2020

The popular security expert Troy Hunt , who runs the data breach notification service HaveIBeenPwned published on Twitter the incident notice sent out by the company to its customers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Retail Access Security

UK ICO fines hotel chain giant Marriott over data breach

Security Affairs

NOVEMBER 2, 2020

“The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.” ” In July 2019, the UK’s data privacy regulator announced that the giant hotel chain Marriott International faces a £99 million ($123 million) fines under GDPR over 2014 data breach. .

Data breaches

Data breaches Personal data GDPR Encryption

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

’ The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Organizations are recommended to implement supplementary security measures to protect SCADA systems used in the water and energy sectors. Pierluigi Paganini.

Agriculture

Agriculture Manufacturing Phishing Passwords

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Encryption Communications Access

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Security IT Information Security

Hackers hit Luxottica, production stopped at two Italian plants

Security Affairs

SEPTEMBER 22, 2020

Security experts believe that threat actor exploited the above flaw to infect the systems at the company with ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, malware).

Retail

Retail Manufacturing Ransomware Security

OpenSSL to fix the second critical flaw ever

Security Affairs

OCTOBER 26, 2022

is a security-fix release. This is the second critical vulnerability ever addressed by the OpenSSL Project after the critical Heartbleed vulnerability (CVE-2014-0160) in 2014. version is respected to be released next week, on November 1, with the maintainers that defined it as a ‘security-fix release.’.

Encryption

Encryption Security IT Information Security

Hackers stole $5.4 million from cryptocurrency exchange ETERBASE

Security Affairs

SEPTEMBER 10, 2020

Slovak cryptocurrency exchange ETERBASE disclosed a security breach, hackers stole cryptocurrency funds worth $5.4 Slovak cryptocurrency exchange ETERBASE disclosed a security breach, the hackers stole Bitcoin, Ether, ALGO, Ripple, Tezos, and TRON assets worth $5.4 million were stolen.” Pierluigi Paganini.

Data breaches

Data breaches Security IT Information Security

Thousands of WordPress WooCommerce stores potentially exposed to hack

Security Affairs

AUGUST 22, 2020

Researchers from security firm WebArx reported that Hackers are actively attempting to exploit numerous flaws in the Discount Rules for WooCommerce WordPress plugin. The list of vulnerabilities includes SQL injection, authorization flaws, and unauthenticated stored cross-site scripting (XSS) security vulnerabilities.

Security

Security Information Security IT

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities.

Government

Government Cybersecurity Access IT

Hackers stole a six-figure amount from Swiss universities

Security Affairs

OCTOBER 5, 2020

” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Hackers stole a six-figure amount from Swiss universities appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, cybercrime).

Phishing

Phishing Access IT Security

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Military

Military Manufacturing Phishing Government

A data breach broker is selling account databases of 17 companies

Security Affairs

NOVEMBER 1, 2020

According to the seller, the account databases are the results of data breaches that took place in 2020, none of the companies have disclosed security breaches prior to this week. Only RedMart, after being informed by Bleeping computer, disclosed a security breach. The seventeen companies are 8.1 million (8.1 million), Clip.mx (4.7

Data breaches

Data breaches Passwords Sales Security

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

Security Affairs

NOVEMBER 5, 2020

VMware learned about the security hole in July from Lucas Leong of Trend Micro’s Zero Day Initiative (ZDI). Now the company has released security patches to address the flaw in ESXi 6.5, Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. On October 20, 2020, an advisory was publicly released.

Cloud

Cloud Access Security IT

OWASP discloses a data breach

Security Affairs

APRIL 1, 2024

Rest assured, all current membership data remains secure. Details here: [link] pic.twitter.com/jPzTZstIEL — OWASP® Foundation (@owasp) April 1, 2024 The OWASP (Open Web Application Security Project) Foundation is a nonprofit organization focused on improving the security of software.

Data breaches

Data breaches Archiving Security Risk

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France. New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat.

Passwords

Passwords Archiving Ransomware Security

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Security Affairs

NOVEMBER 5, 2021

Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the Russian Federal Security Service (FSB). ” concludes the announcement.

Military

Military Metadata Government Passwords

Victims of ThunderX ransomware can recover their files for free

Security Affairs

SEPTEMBER 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Victims of ThunderX ransomware can recover their files for free appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Cybersecurity Security

Egregor ransomware gang leaked data alleged stolen from Ubisoft, Crytek

Security Affairs

OCTOBER 15, 2020

At the time of writing the post, media outlets only confirmed the ransomware attack against Crytek, while it is not clear if Ubisoft suffered a security breach. Security researcher MalwareHunterTeam has attempted, without success, to warn Ubisoft for almost a year that their employees were the victims of phishing attacks.

Ransomware

Ransomware Phishing Archiving Encryption

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

These are based on publicly disclosed incidents in the media or security reports.” Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Data collection Education Security

CISA Named Top-Level Root CVE Numbering Authority (CNA)

Security Affairs

SEPTEMBER 18, 2020

Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA). Recently the OT and IoT security firm Nozomi Networks announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). Pierluigi Paganini. SecurityAffairs – hacking, CNA).

IoT

IoT Cybersecurity Risk Security

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. since August. Pierluigi Paganini.

Government

Government Libraries Cybersecurity Phishing

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

According to security firm Tencent, the team of hackers has been active over the past few months by hacking into Microsoft SQL Servers (MSSQL) to install a crypto-miner. “Tencent Security Threat Intelligence Center detected a new type of mining Trojan family MrbMiner. ” continues the analysis. Pierluigi Paganini.

Mining

Mining Passwords Access Security

Google researcher found BleedingTooth flaws in Linux Bluetooth

Security Affairs

OCTOBER 14, 2020

Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. According to the Google security researcher, the issue is a zero-click flaw that means that it does not require user interaction to be exploited. ” reads the security advisory.

Encryption

Encryption Security Risk Access

Mercedes-Benz data breach impacted roughly 1000 individuals

Security Affairs

JUNE 26, 2021

million customers, exposed data includes financial data and social security numbers (SSNs). Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017. The post Mercedes-Benz data breach impacted roughly 1000 individuals appeared first on Security Affairs.

Data breaches

Data breaches Cloud Security Government

SANS Institute Email Breach – 28,000 User Records exposed

Security Affairs

AUGUST 12, 2020

On August 6, during a review of email configuration and rules, the staff at the SANS Institute discovered a security breach. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

e-Discovery

e-Discovery Data breaches Phishing Passwords

The British government aims at improving its offensive cyber capability

Security Affairs

OCTOBER 13, 2020

The news is not surprising for people working in the cyber security sector, the British military claims to have had an offensive cyber capability for a decade. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government

Government Military IT Security

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Security Affairs

AUGUST 21, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Archiving Manufacturing Data breaches

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Insurance Encryption Information Security

QNAP urges users to update NAS firmware and app to prevent infections

Security Affairs

SEPTEMBER 29, 2020

Security experts are observing the new strain of ransomware that is targeting QNAP devices since June. Last week, the Taiwanese vendor published a security advisory that provides technical details about the AgeLocker and steps to mitigate threats. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Encryption Security Cybersecurity

Hackers stole more than $150 million from KuCoin cryptocurrency exchange

Security Affairs

SEPTEMBER 26, 2020

Singapore-based cryptocurrency exchange KuCoin disclosed a security breach, hackers stole $150 million from its hot wallets. Singapore-based cryptocurrency exchange KuCoin disclosed a major security incident, the hackers breached its hot wallets and stole all the funds, around $150 million. It seems #Kucoin got hacked.

Security

Security IT Information Security

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010. Experts noticed that RedFoxtrot activity overlaps with groups tracked by other security firms as Temp.Trident and Nomad Panda. ” continues the report. Pierluigi Paganini.

Military

Military Mining Government Communications

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Security Affairs

AUGUST 28, 2020

Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. Now, security researchers from Clearsky reported details about a new phishing campaign in which the threat actors impersonate journalists from ‘DeutscheWelle’ and the ‘Jewish Journal.’

Phishing

Phishing Security Government IT

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

SEPTEMBER 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. The post A powerful DDoS attack hit Hungarian banks and telecoms services appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, Hungary).

IT

IT Security Information Security

Mazda Connect flaws allow to hack some Mazda vehicles

France national cyber-security agency warns of a surge in Emotet attacks

Webinars

Trending Sources

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Webinars

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Polish Space Agency POLSA disconnected its network following a cyberattack

China-linked Moshen Dragon abuses security software to sideload malware

Microsoft: North Korea-linked Zinc APT targets security experts

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

UberEats data leaked on the dark web

The Mask APT is back after 10 years of silence

Staples discloses data breach exposing customer order data

UK ICO fines hotel chain giant Marriott over data breach

Israel announced to have foiled an attempted cyber-attack on defence firms

New Ttint IoT botnet exploits two zero-days in Tenda routers

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Hackers hit Luxottica, production stopped at two Italian plants

OpenSSL to fix the second critical flaw ever

Hackers stole $5.4 million from cryptocurrency exchange ETERBASE

Thousands of WordPress WooCommerce stores potentially exposed to hack

FBI deleted China-linked PlugX malware from over 4,200 US computers

Hackers stole a six-figure amount from Swiss universities

Researchers found alleged sensitive documents of NATO and Turkey

A data breach broker is selling account databases of 17 companies

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

OWASP discloses a data breach

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

Victims of ThunderX ransomware can recover their files for free

Egregor ransomware gang leaked data alleged stolen from Ubisoft, Crytek

CIRWA Project tracks ransomware attacks on critical infrastructure

CISA Named Top-Level Root CVE Numbering Authority (CNA)

CISA alert warns of Emotet attacks on US govt entities

New MrbMiner malware infected thousands of MSSQL DBs

Google researcher found BleedingTooth flaws in Linux Bluetooth

Mercedes-Benz data breach impacted roughly 1000 individuals

SANS Institute Email Breach – 28,000 User Records exposed

The British government aims at improving its offensive cyber capability

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

University of Utah pays a $457,000 ransom to ransomware gang

QNAP urges users to update NAS firmware and app to prevent infections

Hackers stole more than $150 million from KuCoin cryptocurrency exchange

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

A powerful DDoS attack hit Hungarian banks and telecoms services

Stay Connected