article thumbnail

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site — portal.kaseya.net — was vulnerable to CVE-2015-2862 , a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

IT 287
article thumbnail

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] The CEO’s leaked emails show Eric Malek resigned from his developer position at Ashley Madison on June 19, 2015 — just four days before Bloom would announce his departure.

Passwords 194
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lawmakers Demand Details on 2015 Juniper Data Incident

Data Breach Today

Bipartisan Group Wants Company Findings on NetScreen Backdoor Investigation A bipartisan group of lawmakers sent a letter to Juniper Networks seeking a more detailed explanation into a 2015 incident when an NSA-created algorithm - that may have included a backdoor - appeared in a company product that would have allowed VPN traffic to be decrypted.

209
209
article thumbnail

UK Man Sentenced for 2015 TalkTalk Hack

Data Breach Today

22-Year-Old Also Attacked His Former School The fallout from the 2015 TalkTalk hack continues as a 22-year-old U.K. man was sentenced to jail Monday for his role in the attack and other cybercrimes, including an attack against his former school.

164
164
article thumbnail

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Security Affairs

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. “In September 2015, Apple managers had a dilemma on their hands: should, or should they not notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Pierluigi Paganini.

Passwords 110
article thumbnail

Naikon APT is flying under the radar since 2015

Security Affairs

” The activity of the group was detailed in a report published by Kaspersky in 2015, but in the last five years, the group drastically changed its modus operandi to go silent. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

article thumbnail

A Retrospective on the 2015 Ashley Madison Breach

Krebs on Security

As first reported by KrebsOnSecurity on July 19, 2015 , a group calling itself the “ Impact Team ” released data sampled from millions of users, as well as maps of internal company servers, employee network account information, company bank details and salary information. 18, 2015, the Impact Team posted a “Time’s up!”

Sales 50