2015 - Information Management Today

A Retrospective on the 2015 Ashley Madison Breach

Krebs on Security

JULY 27, 2022

As first reported by KrebsOnSecurity on July 19, 2015 , a group calling itself the “ Impact Team ” released data sampled from millions of users, as well as maps of internal company servers, employee network account information, company bank details and salary information. 18, 2015, the Impact Team posted a “Time’s up!”

Sales

Sales Archiving IT Privacy

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site — portal.kaseya.net — was vulnerable to CVE-2015-2862 , a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

IT

IT Ransomware Systems administration Authentication

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches

Data breaches Access Phishing Privacy

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

The wallet was monitored since 2015 because it was associated with hacking activities, it had been “ dormant ” since 2015. 2015* apparently, maybe the owner? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Security IT Information Security

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

“Pursuant to Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, this is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets.” ” reads the filing.

Ransomware

Ransomware Manufacturing IT Security

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015. The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Phishing

Phishing e-Delivery Sales Passwords

Bill Looks to Close Federal Cybersecurity Loopholes

Data Breach Today

NOVEMBER 23, 2020

have introduced a bill designed to patch loopholes in the Federal Cybersecurity Enhancement Act of 2015 that they say allow federal agencies to easily avoid implementing required cybersecurity procedures. Lawmakers Want to Restrict Agencies From Postponing Security Measures Sen. Ron Wyden, D-Ore., Lauren Underwood, D-Ill.,

Cybersecurity

Cybersecurity Security

German Parliament Sustains Another Attack

Data Breach Today

MARCH 27, 2021

This is second such incident, following the 2015 parliament hack. Members of Parliament Targeted by Spear Phishing, German Media Reports Several members of the German parliament, The Bundestag, and political activists in the country were targeted using a spear-phishing campaign, German newsmagazine der Spiegel reported Friday.

Phishing

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

” The US agency also added the CVE-2015-2051 remote code execution flaw impacting D-Link DIR-645 routers. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An attacker must have the ability to execute code on a victim system to exploit this vulnerability.”

IT

IT IoT Cybersecurity Authentication

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Security Affairs

SEPTEMBER 11, 2024

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015).

Security

Security IoT Authentication IT

Apple finally starts paying off qualifying MacBook owners as part of a class action settlement

Collaboration 2.0

AUGUST 5, 2024

If you bought a MacBook with a faulty butterfly keyboard between 2015 and 2019 and filed a claim, the check should be in the mail.

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

AUGUST 13, 2020

’ The Lazarus APT is linked to North Korea, the activity of the Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Agriculture

Agriculture Manufacturing Phishing Passwords

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

” In the past, the US Census has been hit by attacks, such as hacks and DDoS attacks during a 2018 test of census systems attributed to Russia-linked hackers and a 2015 hack attributed to the Anonymous collective. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. critical infrastructure.

Government

Government Data collection Access Communications

How 2023 Broke Long-Running Records for Health Data Breaches

Data Breach Today

FEBRUARY 1, 2024

Thanks to the massive Anthem hack, for nearly a decade 2015 has been the record year for U.S. What Will 2024 Be Like If the Healthcare Sector Doesn't Step Up? health data breaches - with 112.5 million people affected. But 2023 shattered that record, big-time. Will 2024 be another banner year for health data compromises?

Data breaches

Victims of ThunderX ransomware can recover their files for free

Security Affairs

SEPTEMBER 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The decryptor can be downloaded from the website of the NoMoreRansom project that already has helped victims of multiple ransomware to save more than one hundred million of ransom. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Encryption Cybersecurity Security

Iranian Threat Group Befriends Victims

Data Breach Today

SEPTEMBER 7, 2022

APT42 Operates on Behalf of the Islamic Revolutionary Guard Corps An Iranian state-sponsored group in operation since 2015 relies on highly targeted social engineering to try and attack individuals and organizations that Tehran deems enemies of the regime, says a new report from cyberthreat intelligence firm Mandiant.

D-Link confirms data breach, but downplayed the impact

Security Affairs

OCTOBER 18, 2023

The investigation revealed that the data was stolen from an old D-View 6 system, which reached its end of life as early as 2015. These records originated from a product registration system that reached its end of life in 2015. “The data was used for registration purposes back then. ” states the company.

Data breaches

Data breaches Sales Phishing Manufacturing

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

1, 2015, and on or about Jan. ” RaidForums was launched in 2015, its community reached over half a million users. The police arrested Coelho in the United Kingdom on Jan. 31, at the United States’ request and remain in custody pending the resolution of his extradition proceedings.

Data breaches

Data breaches Sales Passwords Marketing

Spanish police shut down illegal TV streaming network

Security Affairs

JUNE 3, 2024

Spanish police dismantled a pirated TV streaming network that allowed its operators to earn over 5,300,000 euros since 2015. The Spanish National Police dismantled a network that illicitly distributed audiovisual content, earning over 5,300,000 euros since 2015.

Marketing

Marketing IT Information Security Security

Hackers stole a six-figure amount from Swiss universities

Security Affairs

OCTOBER 5, 2020

” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. It added that part of the misappropriated funds was now in foreign accounts.” ” reads the site SwissInfo. “Umbrella organisation swissuniversities has sent a warning email to keep universities on their guard.” Pierluigi Paganini.

Phishing

Phishing Access IT Security

Staples discloses data breach exposing customer order data

Security Affairs

SEPTEMBER 14, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Exposed data could be abused by threat actors to carry out malicious activities, including identity theft and phone call scams. Customers that received the data breach notification could contact the company by phone for any questions or concerns. Pierluigi Paganini.

Data breaches

Data breaches Retail Access Security

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

OCTOBER 15, 2020

The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. Dominitz said he never imagined back in 2015 when he founded Q6Cyber that we would still be seeing so many merchants dealing with magstripe-based data breaches.

Sales

Sales Data breaches Retail Ransomware

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

In 2015, the hacker who breached the systems of the Italian surveillance firm Hacking Team leaked a 400GB package containing hacking tools and exploits codes. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Archiving

Archiving Authentication Security IT

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

The Crutch framework was employed in attacks since 2015 to siphon sensitive data and transfer them to Dropbox accounts controlled by the Russian hacking group. The list of previously known victims is long and includes also the Swiss defense firm RUAG , US Department of State, and the US Central Command.

Archiving

Archiving Communications Government Access

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. 12, 2023 scoop from The Wrap. There are several other studios pursuing documentaries on the Ashley Madison breach, and it’s not hard to see why.

IT

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

SEPTEMBER 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “There was a DDoS attack on telecom systems serving some of the banking services on Thursday,” reads the statement issued by the bank. “We Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IT

IT Security Information Security

REvil ransomware operators are recruiting new affiliates

Security Affairs

SEPTEMBER 28, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The deposit demonstrates that the ransomware operators have a profitable business and trust the hacker forum and don’t fear an exit scam of its administrators. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Ransomware

Ransomware Security IT

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” The availability of sensitive documents like the ones discovered by the experts could allow threat actors to gather intelligence on potential targets and use the leaked information to carry out spear-phishing campaigns. Pierluigi Paganini.

Military

Military Manufacturing Phishing Government

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 25, 2024

” Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer.” This oversight allowed the attacker to exploit the vulnerability without needing to access the GUI.

IT

IT Cybersecurity Authentication Risk

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

More greatest hits from Experian: 2022: Class Action Targets Experian Over Account Security 2017: Experian Site Can Give Anyone Your Credit Freeze PIN 2015: Experian Breach Affects 15 Million Customers 2015: Experian Breach Tied to NY-NJ ID Theft Ring 2015: At Experian, Security Attrition Amid Acquisitions 2015: Experian Hit With Class Action (..)

Authentication

Authentication Passwords Access Security

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, UberEats).

Data breaches

Data breaches Passwords Authentication Security

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Gaming Partners International (GPI)).

Ransomware

Ransomware Encryption Security Information Security

Ransomware attack disabled Georgia County Election database

Security Affairs

OCTOBER 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The county website published an update to announce that the attack did not impact the voting process for citizens, a situation that is differed from the scenario reported by the Times. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Authentication Government IT

Hackers hit Luxottica, production stopped at two Italian plants

Security Affairs

SEPTEMBER 22, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. At the time Luxottica has yet to release any official statement on the attack. Security experts believe that threat actor exploited the above flaw to infect the systems at the company with ransomware. Pierluigi Paganini. SecurityAffairs – hacking, malware).

Retail

Retail Manufacturing Ransomware Security

Hackers stole $5.4 million from cryptocurrency exchange ETERBASE

Security Affairs

SEPTEMBER 10, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ETERBASE revealed it has tracked the fraudulent transactions and is following the stolen funds and informed exchanges where they were moved to avoid that attackers could cash them out. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Security IT Information Security

A database containing 478,000 RaidForums members leaked online

Security Affairs

MAY 30, 2023

RaidForums was launched in 2015, its community reached over half a million users. The data are related to members registered between March 20th, 2015, and September 24th, 2020. The marketplace gained popularity for the sale of high-profile database leaks belonging to a number of US corporations across different industries. .’

Sales

Sales Phishing Passwords Cybersecurity

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

The Carbanak gang was first discovered by Kaspersky Lab in 2015, the group has stolen at least $300 million from 100 financial institutions. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks.

Ransomware

Ransomware Phishing Cybersecurity Access

A data breach broker is selling account databases of 17 companies

Security Affairs

NOVEMBER 1, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Users of the above companies have to immediately change their passwords, and if they use the same passwords at other sites, they should also change the password at those sites. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Passwords Sales Security

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

Security Affairs

AUGUST 21, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Maze Ransomware Operators).

Ransomware

Ransomware Archiving Manufacturing Data breaches

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. . “ Law enforcement recommends never pay ransom because ransomware operators could not destroy the stolen data and attempting to monetize them in other illegal activities. Stolen data could be sold to other cyber criminal organizations and used to make frauds.

Ransomware

Ransomware Insurance Encryption Information Security

The British government aims at improving its offensive cyber capability

Security Affairs

OCTOBER 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “The binary distinction between war and peace as we have approached it no longer applies,” Gen Sanders concluded. Our adversaries are applying all means to gain advantage below the threshold of war and are accruing advantage insidiously and inevitably.”.

Government

Government Military IT Security

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

Security Affairs

NOVEMBER 5, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Now the company has released security patches to address the flaw in ESXi 6.5, The vulnerability has yet to be fixed in VMware Cloud Foundation. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cloud

Cloud Access Security IT

LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Security Affairs

JULY 20, 2021

“This vulnerability was introduced in systemd v220 (April 2015) by commit 7410616c (“core: rework unit name validation and manipulation logic”), which replaced a strdup() in the heap with a strdupa() on the stack. Successful exploitation of this vulnerability allows any unprivileged user to cause denial of service via kernel panic.”

Access

Access Security IT Cybersecurity

Data from Airlink International UAE leaked on multiple dark web forums

Security Affairs

OCTOBER 8, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Airlink International UAE).

Insurance

Insurance Cybersecurity Communications Risk

A Retrospective on the 2015 Ashley Madison Breach

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Webinars

Trending Sources

New Atrium Health data breach impacts 585,000 individuals

Webinars

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Bill Looks to Close Federal Cybersecurity Loopholes

German Parliament Sustains Another Attack

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Apple finally starts paying off qualifying MacBook owners as part of a class action settlement

Israel announced to have foiled an attempted cyber-attack on defence firms

Hackers targeted the US Census Bureau network, DHS report warns

How 2023 Broke Long-Running Records for Health Data Breaches

Victims of ThunderX ransomware can recover their files for free

Iranian Threat Group Befriends Victims

D-Link confirms data breach, but downplayed the impact

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Spanish police shut down illegal TV streaming network

Hackers stole a six-figure amount from Swiss universities

Staples discloses data breach exposing customer order data

Breach at Dickey’s BBQ Smokes 3M Cards

Second-ever UEFI rootkit used in North Korea-themed attacks

Russia-linked APT Turla used a new malware toolset named Crutch

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

A powerful DDoS attack hit Hungarian banks and telecoms services

REvil ransomware operators are recruiting new affiliates

Researchers found alleged sensitive documents of NATO and Turkey

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

It’s Still Easy for Anyone to Become You at Experian

UberEats data leaked on the dark web

REvil ransomware gang hacked gaming firm Gaming Partners International

Ransomware attack disabled Georgia County Election database

Hackers hit Luxottica, production stopped at two Italian plants

Hackers stole $5.4 million from cryptocurrency exchange ETERBASE

A database containing 478,000 RaidForums members leaked online

Carbanak malware returned in ransomware attacks

A data breach broker is selling account databases of 17 companies

Steel sheet giant Hoa Sen Group hacked by Maze ransomware operators

University of Utah pays a $457,000 ransom to ransomware gang

The British government aims at improving its offensive cyber capability

VMware finally fixed the critical CVE-2020-3992 flaw in ESXi

LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Data from Airlink International UAE leaked on multiple dark web forums

Stay Connected