2007 - Information Management Today

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The Mask APT has been active since at least 2007, it demonstrated the capability to use complex implants, often delivered through zero-day exploits. Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years.

Government

Government IT Access Information Security

How 30 Lines of Code Blew Up a 27-Ton Generator

WIRED Threat Level

OCTOBER 23, 2020

A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif.

Security

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Data Breach Today

APRIL 8, 2020

It also found a "concerning number" of Exchange 2007 servers, which Microsoft stopped supporting in 2017.

Security

Security IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Meta Delays Data Harvesting for AI Plans in Europe

Data Breach Today

JUNE 14, 2024

Company Says It Will Still Attempt to Use Public Posts Dating to 2007 to Train AI Social media giant Meta will delay plans to train artificial intelligence with data harvested from European Instagram and Facebook users weeks after a rights group lodged a complaint against the company with 11 European data regulators.

Artificial Intelligence

Artificial Intelligence IT

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Security Affairs

AUGUST 19, 2022

Undersecretary for Digital Transformation Luukas Ilves announced that Estonia was hit by the most extensive wave of DDoS attacks it has faced since 2007. Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. The DDoS attacks targeted both public institutions and the private sector.

Computer and Electronics

Computer and Electronics Digital transformation Government IT

Colombian authorities arrested hacker behind the Gozi Virus

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. The Gozi banking Trojan is not a new threat, it was first spotted by security researchers in 2007. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Security

Security IT Cybersecurity Information Security

Who’s Behind the ‘Web Listings’ Mail Scam?

Krebs on Security

MARCH 23, 2020

Since at least 2007, Web Listings Inc. The mailer references the domain name web-listings.net , one of several similarly-named domains registered sometime in 2007 or later to a “ James Madison ,” who lists his address variously as a university in New Britain, Connecticut or a UPS Store mailbox in Niagara Falls, New York.

Marketing

Marketing Sales Financial Services IT

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Security Affairs

DECEMBER 6, 2020

Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April 2020. The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files.

Ransomware

Ransomware Encryption Passwords Authentication

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Security Affairs

SEPTEMBER 5, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Cybersecurity Government Security

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

.” Now the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Authentication

Authentication Data breaches Communications Access

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs

MARCH 9, 2020

A couple of weeks ago, the popular security researcher Kevin Beaumont reported mass scanning for the CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability). That was quick, since 2 hours ago seeing likely mass scanning for CVE-2020-0688 (Microsoft Exchange 2007+ RCE vulnerability).

Authentication

Authentication Communications Cybersecurity Security

Grief ransomware gang hit US National Rifle Association (NRA)

Security Affairs

OCTOBER 27, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. Evil Corp has recently launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments.

Ransomware

Ransomware Government IT Security

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

“As reflected in court documents, from 2007 through 2019, Brovko worked closely with other cybercriminals to monetize vast troves of data that had been stolen by “botnets,” or networks of infected computers. Brovko was involved in the illegal practice between 2007 and 2019. ” reads the press release published by the DoJ.

Data collection

Data collection Access Security IT

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Evil Corp cybercrime group (aka the Dridex gang Indrik Spider , the Dridex gang, and TA505 ) has been active in cybercrime activities since 2007. The malware drops ransom notes ( macaw_recover.txt ) in each folder, the ransom note includes the link to a unique victim negotiation page.

Ransomware

Ransomware File names Encryption Government

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

.” Once the investigation will be completed, CDHE will notify impacted by mail or email. CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months. At the time of this writing, no ransomware group has claimed responsibility for the security breach.

Education

Education Data breaches Ransomware Access

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. “A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Data breaches

Data breaches Access Passwords Authentication

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Prior to that, akafitis@gmail.com was used as the email address for the account “ Fitis ,” which was active on Exploit between September 2006 and May 2007. ru in its early years, but for a brief period in 2007 it appears this website was inadvertently exposing all of its file directories to the Internet. ru in 2008.

Healthcare

Healthcare Passwords Sales Ransomware

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

Security Affairs

OCTOBER 25, 2018

Facebook has been fined £500,000 by the UK’s Information Commissioner’s Office ( ICO ) for the Cambridge Analytica privacy scandal that exposed data of 87 million users. The announcement was made by the UK’s data protection regulator, Information Commissioner Elizabeth Denham. ” she said.

GDPR

GDPR Access Privacy Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Microsoft reports include instructions for detecting, hunting, and responding to GooseEgg.

Military

Military File names Education Phishing

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users.

Phishing

Phishing Communications Archiving Passwords

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

Security Affairs

SEPTEMBER 26, 2018

The flaw tracked as CVE-2018-14634 affects the kernel versions released between July 2007 and July 2017, Linux Kernel versions 2.6.x, The flaw was discovered by researchers at security firm Qualys that shared technical details of the Mutagen Astronomy vulnerabilities, including proof-of-concept (PoC) exploits ( Exploit 1 , Exploit 2 ).

Access

Access Security IT

US Cyber Command details implants used in attacks on parliaments and embassies

Security Affairs

OCTOBER 29, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Cybersecurity

Cybersecurity Government Security IT

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Insikt Group speculates the operation is aimed at influencing regional and military dynamics.

Military

Military Phishing Government Authentication

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. As we dug into the issue, we realized this was in fact CVE-2007-4559.” Initially we thought we had found a new zero-day vulnerability.

Archiving

Archiving File names Metadata Security

Russian hacker Andrei Tyurin sentenced to 12 years in prison

Security Affairs

JANUARY 11, 2021

From 2007 to 2015 TYURIN also conducted cyberattacks against multiple foreign companies. financial sector hacks, from approximately 2007 to mid-2015 TYURIN also conducted cyberattacks against numerous U.S. “In addition to the U.S.

Marketing

Marketing Security Risk Information Security

French court indicted Nexa Technologies for complicity in acts of torture

Security Affairs

NOVEMBER 28, 2021

The software also allow dragnet surveillance, according to the brochures presented at Milipol it is an updated copy of Eagle, the program ceded to Gaddafi in 2007. . .” continues Télérama. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, IKEA).

Sales

Sales Government Encryption Communications

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2007 Workspace ONE UEM patch 20.7.0.17 .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13 and above 2105 Workspace ONE UEM patch 21.5.0.37 and above 2102 Workspace ONE UEM patch 21.2.0.27 and above 2101 Workspace ONE UEM patch 21.1.0.27

Access

Access Authentication Cloud Security

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cybersecurity

Cybersecurity Ransomware Security IT

Regulator Eyes Revamped Data Breach Reporting Requirements

Data Breach Today

JANUARY 9, 2023

Update Would Be First Revision of Rules for Telecommunications Sector Since 2007 Modernizing data breach notification requirements for the telecommunications sector is the focus of a newly announced Federal Communications Commission proceeding.

Data breaches

Data breaches Communications

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network.

Manufacturing

Manufacturing Risk Communications Security

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

Security Affairs

OCTOBER 24, 2020

This group has been active since at least 2007, in December 2019, the U.S. Researchers from the NCC Group’s report and later Symantec confirmed that malware was developed by the Russian cybercrime crew known as Evil Corp , which was behind the Dridex Trojan , and multiple ransomware like Locky , Bart, Jaff , and BitPaymer.

Ransomware

Ransomware Retail Manufacturing Encryption

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. , which translates to “to fell”, or “to chop.”

Military

Military IoT Government Phishing

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The BeagleBoyz APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Access

Access Government Ransomware Cybersecurity

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Security Affairs

SEPTEMBER 10, 2022

Since at least 2007, the MOIS coordinated a series of cyber operation against government entities and private organizations around the world. MOIS is the primary intelligence agency of the Islamic Republic of Iran and a member of the Iran Intelligence Community. “Today, the U.S.

Government

Government Security IT Information Security

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Trend Micro researchers speculate the group operates under the China-linked Winnti umbrella.

Healthcare

Healthcare Phishing Archiving Education

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May.

File names

File names Encryption Manufacturing Libraries

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Archiving

Archiving Government Communications IT

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

DECEMBER 2, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Archiving

Archiving Communications Government Access

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Security

Security Government IT Information Security

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity.

Healthcare

Healthcare Communications IT Security

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The NextGEN Gallery is one of the most popular WordPress gallery plugins that is available since 2007. The plugin receives over 1.5 million new downloads per year, it easily allows to create highly responsive photo galleries.

Phishing

Phishing Security IT Information Security

Russian APT groups target European governments ahead of May Elections

Security Affairs

MARCH 22, 2019

The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The activity of the Russia-linked groups is focused on NATO member states. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Military Phishing Access

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Security Affairs

JUNE 30, 2024

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers, the nation-state actor has been active since at least 2007. According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company.

Access

Access Security IT Information Security

Connecting the dots between SolarWinds and Russia-linked Turla APT

Security Affairs

JANUARY 11, 2021

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Security

Security Government IT Information Security

The Mask APT is back after 10 years of silence

How 30 Lines of Code Blew Up a 27-Ton Generator

Webinars

Trending Sources

Microsoft Exchange: 355,000 Servers Lack Critical Patch

Webinars

Meta Delays Data Harvesting for AI Plans in Europe

Estonia blocked cyberattacks claimed by Pro-Russia Killnet group

Colombian authorities arrested hacker behind the Gozi Virus

Who’s Behind the ‘Web Listings’ Mail Scam?

LockBit Ransomware operators hit Swiss helicopter maker Kopter

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Grief ransomware gang hit US National Rifle Association (NRA)

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Reddit discloses a data breach, a hacker accessed user data

Ask Fitis, the Bear: Real Crooks Sign Their Malware

UK ICO fines Facebook with maximum for Cambridge Analytica scandal

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Long-existing Bandook RAT targets Windows machines

Mutagen Astronomy Linux Kernel vulnerability affects Red Hat, CentOS, and Debian distros

US Cyber Command details implants used in attacks on parliaments and embassies

APT28 targets key networks in Europe with HeadLace malware

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Russian hacker Andrei Tyurin sentenced to 12 years in prison

French court indicted Nexa Technologies for complicity in acts of torture

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Regulator Eyes Revamped Data Breach Reporting Requirements

Belgium telecom operators Proximus and Orange drop Huawei

Boyne Resorts ski and golf resort operator hit with WastedLocker ransomware

FBI and NSA joint report details APT28’s Linux malware Drovorub

North Korea-linked APT group BeagleBoyz targets banks

US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack

Financially motivated Earth Lusca threat actors targets organizations worldwide

China-linked APT41 group targets Hong Kong with Spyder Loader

Russia-Linked Turla APT uses new malware in watering hole attacks

Russia-linked APT Turla used a new malware toolset named Crutch

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

China-linked Winnti APT targets South Korean Gaming firm

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Russian APT groups target European governments ahead of May Elections

Russia-linked group APT29 likely breached TeamViewer’s corporate network

Connecting the dots between SolarWinds and Russia-linked Turla APT

Stay Connected