2019 and Security - Information Management Today

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches

Data breaches Access Phishing Privacy

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. The researcher Brian Hysell reported the flaw to the security vendor.

IT

IT Authentication Cybersecurity Risk

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security. Salt Typhoon is a China-linked APT group active since at least 2019. The security breach impacted a limited number of customers, only 836 individuals.

Data breaches

Data breaches Communications Artificial Intelligence Government

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Government

Government IT Access Information Security

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

APRIL 26, 2021

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. “They’re allowing this huge security gap so they can make a profit. .”

Security

Security Authentication Access Insurance

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products.

e-Discovery

e-Discovery Security Passwords Access

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. ” reads the joint alert. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Phishing Government

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

MAY 7, 2021

Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29 , Cozy Bear , and The Dukes )). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Government Security

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May 2019, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

IT

IT Government Security Information Security

Microsoft rolled out emergency updates to fix Windows Server auth failures

Security Affairs

NOVEMBER 15, 2021

Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. ” warns Microsoft.

Authentication

Authentication Security IT Information Security

A British national has been charged for his execution of a hack-to-trade scheme

Security Affairs

SEPTEMBER 30, 2024

. “Robert Westbrook, 39, of London, United Kingdom, was arrested in the United Kingdom this week with a view towards extradition to the United States so that he can face an indictment charging him with securities fraud, wire fraud, and five counts of computer fraud.” ” reads the press release published by SEC.

Passwords

Passwords Security Information Security IT

Microsoft fixes Azurescape flaw in Azure Container Instances

Security Affairs

SEPTEMBER 10, 2021

“Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. “Back in 2019, we analyzed one of these vulnerabilities, CVE-2019-5736. Pierluigi Paganini.

Access

Access Security IT Information Security

Oracle fixes critical RCE vulnerabilities in Weblogic Server

Security Affairs

JULY 22, 2021

Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. The CVE-2019-2729 flaw is a remote code execution vulnerability that could be exploited by an unauthenticated attacker. Oracle urges customers to install security updates immediately.

Passwords

Passwords Authentication Security IT

Why Edward Snowden is urging users to stop using ExpressVPN?

Security Affairs

SEPTEMBER 19, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. DOJ also ordered the former intelligence employees to cooperate with the relevant department and FBI components; they are also condemned to a lifetime ban on future US security clearances.

Cybersecurity

Cybersecurity Military Privacy Compliance

533 Million Facebook Account Records Posted to Forum

Data Breach Today

APRIL 4, 2021

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts. Facebook says this is “old data” previously reported.

Security

Data of 533 million Facebook users leaked in a hacking forum for free

Security Affairs

APRIL 3, 2021

The data was amassed by threat actors by exploiting a vulnerability fixed in 2019 that allowed data scraping from the social network. In September 2019, another privacy incident involved Facebook , according to TechCruch, phone numbers associated with 419 million accounts of the social networking giant were exposed online.

Personal data

Personal data Archiving Passwords Privacy

Crowdfense is offering a larger 30M USD exploit acquisition program

Security Affairs

APRIL 8, 2024

In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “ Vulnerability Research Hub ” (VRH) online platform. In 2019 price list , the company offered $3 million for a zero-click remote code execution expploit for Android and iOS.

Government

Government IT Security Information Security

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 1, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. CVE-2019-0344 is a deserialization of untrusted data vulnerability.

Cloud

Cloud IT IoT Cybersecurity

MediSecure data breach impacted 12.9 million individuals

Security Affairs

JULY 19, 2024

MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. MediSecure has identified a cyber security incident impacting the personal and health information of individuals. ” reads a company’s statement on cyber security incident.

Data breaches

Data breaches Unstructured data Ransomware Phishing

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

Security Affairs

DECEMBER 27, 2021

“It is important to note that there is a free decryptor for files locked with an older version (before July 17th, 2019) of eCh0raix ransomware. In 2019, Anomali researchers reported a wave of eCh0raix attacks against Synology NAS devices, threat actors conducted brute-force attacks against them. TXTT” extension. and 1.0.6).”

Ransomware

Ransomware Encryption Manufacturing Passwords

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Security Affairs

MARCH 20, 2021

Acer is the world’s 6th-largest PC vendor by unit sales as of January 2021, it has more than 7,000 employees (2019) and in 2019 declared 234.29 Acer is currently investigating the security breach. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. billion in revenue.

Ransomware

Ransomware Computer and Electronics Sales Encryption

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

“A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available. Der Spiegel pointed out that TeamViewer did not disclose the security breach to the public. “In said company spokesman.

Access

Access Security IT Information Security

UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges

Data Breach Today

MARCH 29, 2024

Probe Finds 'Largest and Most Hazardous Nuclear Site' Violated Security Laws Britain's nuclear power watchdog said it plans to prosecute the country's "largest and most hazardous nuclear site," Sellafield, for violating nuclear industry cybersecurity regulations from 2019 to 2023.

Cleanup

Cleanup Cybersecurity Security IT

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Security Affairs

JUNE 7, 2022

The UNC2165 group has been active since at least 2019, it was mainly observed using the FAKEUPDATES infection chain (aka UNC1543 ) to access the victims’ networks. Treasury in December 2019. The researchers also noticed UNC2165 overlaps with a cluster of activity tracked as “SilverFish” by security firm ProDaft.

Ransomware

Ransomware Access Security Cybersecurity

Bitdefender releases Universal LockerGoga ransomware decryptor

Security Affairs

SEPTEMBER 17, 2022

. “We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack of the Norsk Hydro company.” ” reads the announcement published by the security firm. ” continues the announcement. Pierluigi Paganini.

Ransomware

Ransomware Encryption Cybersecurity Security

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

Security Affairs

NOVEMBER 23, 2021

Microsoft addressed the flaw with the release of Microsoft Patch Tuesday security updates for November 2021 , the vulnerability impacts on-premises Exchange Server 2016 and Exchange Server 2019. “We The post Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug appeared first on Security Affairs.

Authentication

Authentication Security IT Information Security

The source code of the Paradise Ransomware was leaked on XSS hacking forum

Security Affairs

JUNE 15, 2021

The news of the availability of the source code was first reported by Tom Malka , a senior threat intelligence analyst for security firm Security, that reported it to BleepingComputer and The Record. . In October 2019, security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware.

Ransomware

Ransomware Encryption Security IT

PulseTV discloses potential credit card breach

Security Affairs

JANUARY 1, 2022

The company performed some security checks on its website but did not find any indication of compromise. Based upon communications with the card brands, it is believed that only customers who purchased products on the website with a credit card between November 1, 2019 and August 31, 2021 may have been affected.

Data breaches

Data breaches Cybersecurity Authentication Communications

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog. CVE-2019-1069 vulnerability (CVSS score of 7.8) The flaw affects versions 12.2.1.3.0, and 14.1.1.0.0

IT

IT Cybersecurity Access Risk

WildPressure APT expands operations targeting the macOS platform

Security Affairs

JULY 7, 2021

WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Further investigation led to the discovery of other samples of the same malware that infected systems back in May, 2019. Pierluigi Paganini. SecurityAffairs – hacking, APT).

IT

IT Security Cybersecurity Information Security

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

The activity of the Lyceum APT group was first documented earlier in August 2019 by researchers at ICS security firm Dragos which tracked it as Hexane. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook.

IT

IT Military Communications Phishing

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The BSI urges operators running vulnerable instances to install available security updates and configure them securely. ” reads the alert published by the BSI.

Information Security

Information Security Cybersecurity Education Authentication

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Security Affairs

SEPTEMBER 15, 2021

The trio has worked as hackers-for-hire for the United Arab Emirates cybersecurity company DarkMatter between January 2016 and November 2019. ” DOJ also ordered the former intelligence employees to cooperate with the relevant department and FBI components; they are also condemned to a lifetime ban on future US security clearances.

Access

Access Government Security Cybersecurity

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The number of infected devices is impressive, on 2019-11-30 a trusted security partner in the US informed Qihoo 360’s Netlab Cybersecurity reported to have observed 1,962,308 unique daily active IPs from the Pink botnet targeting its systems. Pierluigi Paganini. SecurityAffairs – hacking, Pink botnet).

IT

IT Cybersecurity Passwords Security

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

Since 2019 experts found many Joker apps on Google Play store, in September 2019 security experts at Google removed from the store 24 apps. Joker malware is a serious threat, the ability of its developers and their efforts in bypassing security scanners of the official store pose a serious risk mobile users.

Encryption

Encryption Libraries Cloud Security

LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting

Security Affairs

OCTOBER 4, 2021

It is not clear how the threat actors breached the company and when the security breach took place. The LockBit ransomware gang has been active since September 2019, in June the group announced the LockBit 2.0 In August, the Australian Cyber Security Centre (ACSC) has warned of escalating LockBit 2.0 affiliate program.

Ransomware

Ransomware Security IT Information Security

US, UK, and Australian agencies warn of top routinely exploited issues

Security Affairs

JULY 28, 2021

A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S.

Cybersecurity

Cybersecurity Cloud Security Information Security

North Korea-linked Lazarus APT uses Log4J to target VMware servers

Security Affairs

MAY 22, 2022

Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. The post North Korea-linked Lazarus APT uses Log4J to target VMware servers appeared first on Security Affairs.

Communications

Communications Cybersecurity Security Access

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide.

IT

IT Security Information Security

Samsung suffered a new data breach

Security Affairs

NOVEMBER 16, 2023

The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020. “Dear Valued Customer, At Samsung Electronics (UK) Limited, security is a top priority. US customers were not impacted by the security breach.

Data breaches

Data breaches Access Archiving Passwords

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP.

File names

File names Passwords Access Cloud

Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature

Security Affairs

APRIL 26, 2021

Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Developers have to scan their software for macOS through the automated Apple’s notary service in order to have a green light from the Gatekeeper security feature.

Security

Security IT Cybersecurity Information Security

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Security Affairs

NOVEMBER 6, 2022

The gang has been active since at least 2019 and today it is one of the most active ransomware gangs. gang claims to have stolen data from Kearney & Company appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, Kearney & Company).

Ransomware

Ransomware Government IT Security

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. Despite this, Lazarus has not changed the backdoor much since 2019, when it was initially discovered.” ” concludes the report.

Manufacturing

Manufacturing Education Encryption IT

New Atrium Health data breach impacts 585,000 individuals

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Webinars

The Mask APT is back after 10 years of silence

Experian’s Credit Freeze Security is Still a Joke

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Russia-linked threat actors targets critical infrastructure, US authorities warn

Russia-linked APT29 group changes TTPs following April advisories

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Microsoft rolled out emergency updates to fix Windows Server auth failures

A British national has been charged for his execution of a hack-to-trade scheme

Microsoft fixes Azurescape flaw in Azure Container Instances

Oracle fixes critical RCE vulnerabilities in Weblogic Server

Why Edward Snowden is urging users to stop using ExpressVPN?

533 Million Facebook Account Records Posted to Forum

Data of 533 million Facebook users leaked in a hacking forum for free

Crowdfense is offering a larger 30M USD exploit acquisition program

U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

MediSecure data breach impacted 12.9 million individuals

A new wave of ech0raix ransomware attacks targets QNAP NAS devices

REvil ransomware gang hacked Acer and is demanding a $50 million ransom

Russia-linked group APT29 likely breached TeamViewer’s corporate network

UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges

Evil Corp gang starts using LockBit Ransomware to evade sanctions

Bitdefender releases Universal LockerGoga ransomware decryptor

Expert released PoC exploit code for Microsoft Exchange CVE-2021-42321 RCE bug

The source code of the Paradise Ransomware was leaked on XSS hacking forum

PulseTV discloses potential credit card breach

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

WildPressure APT expands operations targeting the macOS platform

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

New enhanced Joker Malware samples appear in the threat landscape

LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting

US, UK, and Australian agencies warn of top routinely exploited issues

North Korea-linked Lazarus APT uses Log4J to target VMware servers

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Samsung suffered a new data breach

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Stay Connected