2016 and Security - Information Management Today

Cyber thieves move $760 million stolen in the 2016 Bitfinex heist

Security Affairs

APRIL 15, 2021

Over $760 million worth of Bitcoin that were stolen from cryptocurrency exchange Bitfinex in 2016 were moved to new accounts. More than $760 million worth of Bitcoin, stolen from Asian cryptocurrency exchange Bitfinex in 2016 , were moved on Wednesday to new accounts. No exchange will process them. ” reported The Record.

Marketing

Marketing Security Information Security IT

Telco service provider giant Syniverse had unauthorized access since 2016

Security Affairs

OCTOBER 5, 2021

Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers’ credentials. Syniverse discloses a security breach, threat actors have had access to its databases since 2016. ” states Motherboard. ” states Motherboard.

Access

Access Cybersecurity Business Services Security

Personal health information of 42M Americans leaked between 2016 and 2021

Security Affairs

DECEMBER 31, 2022

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. million in 2016 to close to 16.5

Ransomware

Ransomware Access Security IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

Security Affairs

AUGUST 4, 2023

A married couple from New York pleaded guilty this week to laundering billions of dollars stolen from Bitfinex in 2016. The couple pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex that took place in 2016. Law enforcement also seized over $3.6

Marketing

Marketing Access Government Security

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

TrickGate is a shellcode-based packer offered as a service, which is used at least since July 2016, to hide malware from defense programs. TrickGate is a shellcode-based packer offered as a service to malware authors to avoid detection, CheckPoint researchers reported.

Manufacturing

Manufacturing Archiving Education Phishing

Security Affairs Newsletter is back!

Security Affairs

DECEMBER 13, 2020

Security Affairs newsletter is back, it is the right time to subscribe to it. Every day I receive several emails asking me to resume the Security Affairs newsletter, for this reason, I decided to open it again for the first 2000 users. The post Security Affairs Newsletter is back! appeared first on Security Affairs.

Security

Security GDPR Privacy Marketing

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

IT

IT Cybersecurity Security Risk

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. SecurityAffairs – hacking, crypto security breaches). The post Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021 appeared first on Security Affairs. Gox, $615M.

Security

Security Marketing IT Information Security

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Security Affairs

NOVEMBER 24, 2024

PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016. The defendants are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person to offer access devices.

IT

IT Sales Access Ransomware

Privacy and security in the software designing

Security Affairs

APRIL 22, 2021

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. Therefore, it’s essential to carry out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy.

Privacy

Privacy Security Data Privacy Risk

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

“A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available. Der Spiegel pointed out that TeamViewer did not disclose the security breach to the public. “In said company spokesman. “Out

Access

Access Security IT Information Security

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. .” ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately.

Security

Security Ransomware Phishing Cloud

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

Microsoft rolled out emergency updates to fix Windows Server auth failures

Security Affairs

NOVEMBER 15, 2021

Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. ” warns Microsoft.

Authentication

Authentication Security IT Information Security

Researchers Uncover Widely Used Malware Crypter

Data Breach Today

MARCH 18, 2021

Avast Says OnionCrypter Has Been in Use Since 2016 Security researchers at Avast have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter.

Security

Esperts found new DoNot Team APT group’s Android malware

Security Affairs

JANUARY 20, 2025

The Donot Team (aka APT-C-35 and Origami Elephant) has been active since 2016, it focuses ongovernment and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries.

Military

Military Access Phishing Cybersecurity

Social Blade discloses security breach

Security Affairs

DECEMBER 16, 2022

Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale. This is not the first time that the Social Blade infrastructure was breached, in 2016, the company suffered another security breach. Pierluigi Paganini.

Security

Security Data breaches Sales Analytics

Security Affairs newsletter Round 400 by Pierluigi Paganini

Security Affairs

JANUARY 1, 2023

Every week the best security articles from Security Affairs free for you in your email box. Personal health information of 42M Americans leaked between 2016 and 2021 Malvertising campaign MasquerAds abuses Google Ads New Linux malware targets WordPress sites by exploiting 30 bugs NETGEAR fixes a severe bug in its routers.

Security

Security Ransomware Sales IT

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 12, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windowsflaws to its Known Exploited Vulnerabilities catalog. CVE-2025-26633 (CVSS 7.0): An improper neutralization flaw in Microsoft Management Console that lets unauthorized attackers bypass security features locally. A few days ago, U.S.

IT

IT Cybersecurity Access Security

Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Now experts from McAfee Labs warn of a novel technique used by threat actors that are using non-malicious documents to disable security warnings prior to executing macro code on the recipient’s PC.

Security

Security Passwords IT Phishing

Microsoft to notify Office 365 users of nation-state attacks

Security Affairs

FEBRUARY 8, 2021

Since 2016 , Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard. The new security alert will notify companies when their employees are being targeted by state-sponsored attacks. . It automatically investigates and remediates attacks.

Systems administration

Systems administration Phishing Security IT

US agencies offer $2M in reward for Ukrainian hackers that breached the SEC

Security Affairs

JULY 22, 2020

The US State Department and Secret Service offered $2 million in reward money for help capturing two Ukrainian hackers that have been charged with hacking and selling insider corporate data stolen from the Securities and Exchange Commission. The offer was covered by the State Department’s Transnational Organized Crime Rewards Program.

Government

Government Security Access IT

Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked

Security Affairs

AUGUST 19, 2020

” The Taiwanese Government accuses the Chinese government of continues cyber incursions since 2016 when President Tsai Ing-wen was elected. The post Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked appeared first on Security Affairs. Pierluigi Paganini.

Government

Government Military IT Access

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk

Risk Archiving Access Privacy

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

APRIL 27, 2020

” Organizations are recommended to implement supplementary security measures to protect SCADA systems used in the water and energy sectors. Government worldwide are worning of hackers targeting water utilities and urge the operators to secure industrial control systems (ICS). Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Government Passwords Ransomware

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Security Affairs

NOVEMBER 23, 2021

Microsoft addressed the flaw with the release of Microsoft Patch Tuesday security updates for November 2021 , the vulnerability impacts on-premises Exchange Server 2016 and Exchange Server 2019. “We The post Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug appeared first on Security Affairs.

Authentication

Authentication Security IT Information Security

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

National Security Agency (NSA) Equation Group. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. .” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, backdoor).

Encryption

Encryption Military Archiving Government

TrickBot gang developer arrested at the Seoul international airport

Security Affairs

SEPTEMBER 6, 2021

In October, Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. The man was recruited by the criminal organization in 2016.

Ransomware

Ransomware Government IT Security

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

. “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.” ” The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.

Data breaches

Data breaches Information Security Government Access

CIA elite hacking unit was not able to protect its tools and cyber weapons

Security Affairs

JUNE 17, 2020

According to an internal report drown up after the 2016 data breach that led to the ‘ Vault 7 ‘ data leak, a specialized CIA unit involved in the development of hacking tools and cyber weapons failed in protecting its operations and was able to respond after the leak of its secrets. ” reported The Washington Post. .

IT

IT Data breaches Systems administration Security

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Access Risk

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Security Affairs

SEPTEMBER 5, 2024

DFS immediately reported the attack to national security authorities. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Cybersecurity Government Security

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

Security Affairs

APRIL 11, 2020

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. name=CVE-2016-9223.

Phishing

Phishing Cloud Communications Security

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

The 911 user interface, as it existed when the service first launched in 2016. net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. .

Computer and Electronics

Computer and Electronics Sales Marketing Access

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The BSI urges operators running vulnerable instances to install available security updates and configure them securely. ” reads the alert published by the BSI.

Information Security

Information Security Cybersecurity Education Authentication

OpenSSL to fix the second critical flaw ever

Security Affairs

OCTOBER 26, 2022

Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. is a security-fix release. version is respected to be released next week, on November 1, with the maintainers that defined it as a ‘security-fix release.’. ” reads the announcement. “OpenSSL 3.0.7

Encryption

Encryption Security IT Information Security

SAP systems are targeted within 72 hours after updates are released

Security Affairs

APRIL 6, 2021

On-premises SAP systems are targeted by threat actors within 72 hours after security patches are released, security SAP security firm Onapsis warns. According to a joint study published by Onapsis and SAP, on-premises SAP systems are targeted by threat actors within 72 hours after security patches are released.

Honeypots

Honeypots Compliance Cybersecurity Risk

Uber hacked, internal systems and confidential documents were allegedly compromised

Security Affairs

SEPTEMBER 16, 2022

Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. The attackers allegedly compromised several internal systems and provided images of email, cloud storage and code repositories to The New York Times and some cyber security researchers.

Data breaches

Data breaches Access Information Security Security

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments.”

Military

Military Manufacturing Access Security

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

.” The issue affects multiple Microsoft Office versions, including Office, Office 2016, and Office 2021. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cybersecurity

Cybersecurity Security IT Information Security

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

to , and vDOS , a DDoS-for-hire service that was shut down in 2016 after its founders were arrested. According to the cyber intelligence firm Intel 471 , a user named Finndev registered on multiple cybercrime forums, including Raidforums [ seized by the FBI in 2022 ], Void[.]to The email address used for those accounts was f.grimpe@gmail.com.

Archiving

Archiving Passwords Government IT

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. It’s Testing U.S.

Security

Security Military Phishing Sales

UK ICO fines hotel chain giant Marriott over data breach

Security Affairs

NOVEMBER 2, 2020

“The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.” Marriott International has bought Starwood Hotels and Resorts Worldwide in 2016 for $13 billion. The UK Information Commissioner’s Office announced it has fined Marriott £18.4 million ($23.5

Data breaches

Data breaches Personal data GDPR Encryption

Cyber thieves move $760 million stolen in the 2016 Bitfinex heist

Telco service provider giant Syniverse had unauthorized access since 2016

Webinars

Trending Sources

Personal health information of 42M Americans leaked between 2016 and 2021

Webinars

Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs Newsletter is back!

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

DoJ seized credit card marketplace PopeyeTools and charges its administrators

Privacy and security in the software designing

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Microsoft: North Korea-linked Zinc APT targets security experts

Microsoft Patches Six Zero-Day Security Holes

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Microsoft rolled out emergency updates to fix Windows Server auth failures

Researchers Uncover Widely Used Malware Crypter

Esperts found new DoNot Team APT group’s Android malware

Social Blade discloses security breach

Security Affairs newsletter Round 400 by Pierluigi Paganini

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs

Microsoft to notify Office 365 users of nation-state attacks

US agencies offer $2M in reward for Ukrainian hackers that breached the SEC

Over 6,000 email accounts belonging to Taiwan government agencies hacked by Chinese hacked

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

TrickBot gang developer arrested at the Seoul international airport

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

CIA elite hacking unit was not able to protect its tools and cyber weapons

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

A Deep Dive Into the Residential Proxy Service ‘911’

German BSI warns of 17,000 unpatched Microsoft Exchange servers

OpenSSL to fix the second critical flaw ever

SAP systems are targeted within 72 hours after updates are released

Uber hacked, internal systems and confidential documents were allegedly compromised

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

UK ICO fines hotel chain giant Marriott over data breach

Stay Connected