2004 - Information Management Today

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Security Affairs

MAY 23, 2021

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. The WinRM service is enabled by default on Windows servers running versions 2004 or 20H2 for this reason it only poses a serious risk to corporate environments, DeVries explained to BleepingComputer. WinRM *IS* vulnerable.

Risk

Risk Security Access IT

Colorado Warns Ransomware Attack Caused Massive Data Breach

Data Breach Today

AUGUST 7, 2023

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020.

Ransomware

Ransomware Data breaches Education Personal data

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec is also a Tier 1 vulnerability supplier for China’s intelligence ministry and has provided cloud and IT security monitoring services nationwide since 2004. The company provided monitoring services to a state-owned enterprise facing a corruption scandal.

Cybersecurity

Cybersecurity Government Cloud Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Expert released PoC exploit code for Windows CVE-2021-31166 bug

Security Affairs

MAY 17, 2021

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. This stack is used by the Windows built-in IIS server, which means that it could be easily exploited if the server is enabled.

Security

Security IT Cybersecurity Information Security

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

CVE-2004-0210 – Microsoft Windows Privilege Escalation Vulnerability: A privilege elevation vulnerability exists in the POSIX subsystem.

Cybersecurity

Cybersecurity Authentication Risk Security

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets.

Access

Access Security Cybersecurity IT

Sophos Sandboxie is now available as an open-source tool

Security Affairs

APRIL 10, 2020

” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level.”

Marketing

Marketing IT Security Information Security

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Security Affairs

MARCH 3, 2024

The Bifrost RAT has been active since 2004, it allows its operators to gather sensitive information, including hostname and IP address. Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) com) that mimics the legitimate VMware domain.

Encryption

Encryption Cybersecurity IT Access

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

NOVEMBER 9, 2020

11 out of 16 targets cracked with 23 successful demos: Chrome, Safari, FireFox Adobe PDF Reader Docker-CE, VMware EXSi, Qemu, CentOS 8 iPhone 11 Pro+iOS 14, GalaxyS20 Windows 10 2004 TP-Link, ASUS Router — TianfuCup (@TianfuCup) November 8, 2020. Many mature and hard targets have been pwned on this year’s contest.

Security

Security Government Information Security IT

States Need Way More Money to Fix Crumbling Voting Machines

WIRED Threat Level

MARCH 5, 2019

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

Security

Mozilla offers bigger rewards for Firefox flaws under its bug bounty program

Security Affairs

APRIL 24, 2020

Mozilla announced some major changes to its bug bounty program that was first launched in 2004. Mozilla announced some changes to its Firefox bug bounty program, it promises bigger rewards for vulnerabilities and will accept duplicate reports if necessary.

IT

IT Cybersecurity Security Information Security

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

JUNE 11, 2024

Only one of the patches released today — CVE-2004-30080 — earned Microsoft’s most urgent “critical” rating, meaning malware or malcontents could exploit the vulnerability to remotely seize control over a user’s system, without any user interaction.

Mining

Mining Security Cybersecurity Access

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

. “The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. ” concludes the ICO.

GDPR

GDPR Personal data Data breaches Communications

SMBleed could allow a remote attacker to leak kernel memory

Security Affairs

JUNE 11, 2020

” The SMBleed flaw impacts Windows 10 and Windows Server, versions 1903, 1909 and 2004, previous versions of the Microsoft OS are not affected. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.”

Authentication

Authentication IT Security

A sad story of pedophilia on how disgusting images fed the web

Security Affairs

FEBRUARY 10, 2020

This is the story of the LS-Studios, by Alexander Chursin , who had to close his business in 2004 after an FBI raid. The drama is that on the dark side of the Internet there are ogres that abuse children.

Archiving

Archiving IT Security Information Security

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

CMS

CMS File names Passwords Access

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

MAY 17, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Communications

Communications Phishing Government Encryption

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

The Last Watchdog

MAY 25, 2021

I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020.

Cybersecurity

Cybersecurity Cloud Privacy Security

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004. and Windows Server 2012 R2.

Security

Security Access IT Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The company added that the incident may have impacted those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, (..)

Education

Education Data breaches Ransomware Access

US will help Baltic states to secure baltic energy grid

Security Affairs

OCTOBER 7, 2019

The three states joined both the European Union and NATO in 2004, but they are still part of a power grid controlled by Russia. The three countries will be integrated into the European energy grid by 2025, without depending on the Russian grid.

Security

Security Military Cybersecurity IT

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

It states that the yearbook for the Amtek class of 2004 is hosted at 41.wmpay[.]com. The yearbook photos for the Amtek class of 2004 are not indexed in the Wayback Machine at archive.org, but the names and nicknames of 16 students remain. However, it appears that the entry for one student — the Wmpay[.]com ru: Andrey Skvortsov.

Computer and Electronics

Computer and Electronics Passwords Government Sales

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

MAY 20, 2023

CISA also addressed the following issue in the latest turn: CVE-2004-1464 – Cisco IOS Denial-of-Service Vulnerability.

Security

Security Cybersecurity Risk Access

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. In 2004, Mossad and the CIA asked for help from AIVD. ” wrote the journalists.

Military

Military Manufacturing Access Security

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

JULY 13, 2021

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom , also with Automox. .” Another concerning critical vulnerability in the July batch is CVE-2021-34494 , a dangerous bug in the Windows DNS Server that earned a CVSS score (severity) of 9.8

Security

Security IT

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015. Recently the Kazakh ISP Tele2 started redirecting all HTTPS connections of its customers to a web page containing the certificate and instructions on how to install the certificate on major OS. ” states Tele2.

IT

IT Encryption Communications Government

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

The Infy malware was first submitted to VirusTotal on August 2007, meanwhile, the C&C domain used by the oldest sample spotted by the experts has been associated with a malicious campaign dated back December 2004. The group used the Tonnerre and Foudre (Thunder & Lightning) tools to spy on Windows-based PCs. .

Phishing

Phishing Security IT Information Security

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

I’ve been paying close attention to privacy and cybersecurity since 2004, first as a technology reporter at USA TODAY, then as Editor-In-Chief of ThirdCertainty.com, a corporate-underwritten news analysis blog.

IoT

IoT Privacy Authentication Communications

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Threatpost

JANUARY 16, 2018

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack.

Authentication

Authentication Security

Up to Georgia 2,000 websites have been hit by cyber attacks

Security Affairs

OCTOBER 28, 2019

” Mikheil was the third President of Georgia for two consecutive terms from 25 January 2004 to 17 November 2013. According to Interpress media, the websites were defaced by the hackers that published a picture of Georgia’s exiled former president Mikheil Saakashvili with the message “I’ll be back!”

Government

Government Security IT Information Security

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

In this paid ad from 2004, Severa lists prices to rent his spam botnet. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million. Severa was a moderator on the Russian spam community Spamdot[.]biz.

Government

Government Phishing Communications IT

US disrupts Russia-linked Snake implant’s network

Security Affairs

MAY 10, 2023

The development of the Snake malware, aka Uroburos , started in late 2003 and was completed in early 2004. The malware uses custom communications protocols designed to avoid detection. The threat is continuously upgraded and the authors re-designed it after the public disclosures.

Government

Government Libraries Cybersecurity Security

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

And in 2004, it emerged that identity thieves masquerading as customers of data broker Choicepoint had stolen the personal and financial records of more than 145,000 Americans.

Insurance

Insurance Communications Authentication Access

Security Vulnerabilities in Covert CIA Websites

Schneier on Security

OCTOBER 1, 2022

The bulk of the websites that we discovered were active at various periods between 2004 and 2013. In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties. […].

Security

Security Communications Archiving IT

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

SHA1 (Secure Hashing Algorithm 1) has been broken since 2004 and can be breached quickly by criminals at relatively little cost. Given a considerable portion of the stored passwords were hashed using weak password-hashing functions (MD5 or SHA1), they could easily be decrypted and used for credential-stuffing attacks.

Ransomware

Ransomware Passwords GDPR Encryption

Facebook: is it time we all deleted our accounts?

The Guardian Data Protection

MARCH 20, 2018

Back in 2004, when a 19-year-old Zuckerberg had just started building Facebook, he sent his Harvard friends a series of instant messages in which he marvelled at the fact that 4,000 people had volunteered their personal information to his nascent social network. This is according to statements by a young Mark Zuckerberg anyway.

IT

IT Big data Privacy

Initial Web 2 Summit Lineup Announced

John Battelle's Searchblog

MAY 11, 2011

This is something I did way back when we started in 2004, it felt right to do it again. We've sold out registration every year since 2004.The One new thing I'll be doing as well is forming an advisory board. More on that soon, but my goal is to gather input on the program from a diverse set of voices. Hope to see you there!

IT

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

I attended my first one in 2004, while covering Microsoft for USA TODAY. The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC.

Authentication

Authentication Cloud Access Cybersecurity

Predictions 2012: The Roundup

John Battelle's Searchblog

JANUARY 9, 2012

2004 Predictions. 2004 How I Did. Predictions 2010. 2010: How I Did. 2009 Predictions. 2009 How I Did. 2008 Predictions. 2008 How I Did. 2007 Predictions. 2007 How I Did. 2006 Predictions. 2006 How I Did. 2005 Predictions. 2005 How I Did.

IT

Security Vulnerability of Switzerland’s E-Voting System

Schneier on Security

OCTOBER 17, 2023

Here I am saying that in 2004.) Of course, Kuster did not employ a botnet virus to distribute his malware to real voters! He keeps it contained on his own system and demonstrates it in a video. Again, the solution is paper. And, no, blockchain does not help—it makes security worse.

Paper

Paper Security Blockchain Cybersecurity

Facebook Files, Initial Thoughts

John Battelle's Searchblog

FEBRUARY 1, 2012

Not since Google’s 2004 filing have so many journalists sped-read one document at the same time, eager to glean any possible insight unique to their particular point of view or publication and rush to post it before anyone else.

IT

On Math, iPhones, Android, and the 100K Phone Gap

John Battelle's Searchblog

JULY 19, 2010

It reminds me of Google in 2004, when the media fell in love with the concept of search. The media really, really, really loves to write about Apple and the iPhone these days.

Sales

Sales IT

Old-School Bagle Worm Spotted in Modern Spam Campaigns

Threatpost

DECEMBER 10, 2018

date back to 2004.

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

That individual — Ernest Byaruhanga — was only the second person hired at AFRINIC back in 2004. Byaruhanga did not respond to requests for comment. who assisted Guilmette in his research.

Marketing

Marketing Access Government Sales

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Colorado Warns Ransomware Attack Caused Massive Data Breach

Webinars

Trending Sources

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Webinars

Expert released PoC exploit code for Windows CVE-2021-31166 bug

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Sophos Sandboxie is now available as an open-source tool

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

States Need Way More Money to Fix Crumbling Voting Machines

Mozilla offers bigger rewards for Firefox flaws under its bug bounty program

Patch Tuesday, June 2024 “Recall” Edition

Britain’s information commissioner fines British Airways for 2018 Hack

SMBleed could allow a remote attacker to leak kernel memory

A sad story of pedophilia on how disgusting images fed the web

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

US will help Baltic states to secure baltic energy grid

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

US CISA warns of a Samsung vulnerability under active exploitation

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Microsoft Patch Tuesday, July 2021 Edition

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Up to Georgia 2,000 websites have been hit by cyber attacks

Spam Kingpin Peter Levashov Gets Time Served

US disrupts Russia-linked Snake implant’s network

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Security Vulnerabilities in Covert CIA Websites

Harvard Business Publishing licensee hit by ransomware

Facebook: is it time we all deleted our accounts?

Initial Web 2 Summit Lineup Announced

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

Predictions 2012: The Roundup

Security Vulnerability of Switzerland’s E-Voting System

Facebook Files, Initial Thoughts

On Math, iPhones, Android, and the 100K Phone Gap

Old-School Bagle Worm Spotted in Modern Spam Campaigns

The Great $50M African IP Address Heist

Stay Connected