2004 - Information Management Today

Colorado Warns Ransomware Attack Caused Massive Data Breach

Data Breach Today

AUGUST 7, 2023

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020.

Ransomware

Ransomware Data breaches Education Personal data

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

JUNE 11, 2024

Only one of the patches released today — CVE-2004-30080 — earned Microsoft’s most urgent “critical” rating, meaning malware or malcontents could exploit the vulnerability to remotely seize control over a user’s system, without any user interaction.

Mining

Mining Security Cybersecurity Access

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

The Last Watchdog

MAY 25, 2021

I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020.

Cybersecurity

Cybersecurity Cloud Privacy Security

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

It states that the yearbook for the Amtek class of 2004 is hosted at 41.wmpay[.]com. The yearbook photos for the Amtek class of 2004 are not indexed in the Wayback Machine at archive.org, but the names and nicknames of 16 students remain. However, it appears that the entry for one student — the Wmpay[.]com ru: Andrey Skvortsov.

Computer and Electronics

Computer and Electronics Passwords Government Sales

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Security Affairs

MAY 23, 2021

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. The WinRM service is enabled by default on Windows servers running versions 2004 or 20H2 for this reason it only poses a serious risk to corporate environments, DeVries explained to BleepingComputer. WinRM *IS* vulnerable.

Risk

Risk Security Access IT

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

I’ve been paying close attention to privacy and cybersecurity since 2004, first as a technology reporter at USA TODAY, then as Editor-In-Chief of ThirdCertainty.com, a corporate-underwritten news analysis blog.

IoT

IoT Privacy Authentication Communications

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

JULY 13, 2021

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom , also with Automox. .” Another concerning critical vulnerability in the July batch is CVE-2021-34494 , a dangerous bug in the Windows DNS Server that earned a CVSS score (severity) of 9.8

Security

Security IT

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Threatpost

JANUARY 16, 2018

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack.

Authentication

Authentication Security

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

In this paid ad from 2004, Severa lists prices to rent his spam botnet. Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million. Severa was a moderator on the Russian spam community Spamdot[.]biz.

Government

Government Phishing Communications IT

Expert released PoC exploit code for Windows CVE-2021-31166 bug

Security Affairs

MAY 17, 2021

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. This stack is used by the Windows built-in IIS server, which means that it could be easily exploited if the server is enabled.

Security

Security IT Cybersecurity Information Security

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Security Affairs

MARCH 3, 2024

The Bifrost RAT has been active since 2004, it allows its operators to gather sensitive information, including hostname and IP address. Palo Alto Networks Unit 42 researchers discovered a new Linux variant of Bifrost (aka Bifrose) RAT that uses a deceptive domain (download.vmfare[.]com) com) that mimics the legitimate VMware domain.

Encryption

Encryption Cybersecurity IT Access

States Need Way More Money to Fix Crumbling Voting Machines

WIRED Threat Level

MARCH 5, 2019

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

Security

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

CVE-2004-0210 – Microsoft Windows Privilege Escalation Vulnerability: A privilege elevation vulnerability exists in the POSIX subsystem.

Cybersecurity

Cybersecurity Authentication Risk Security

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

And in 2004, it emerged that identity thieves masquerading as customers of data broker Choicepoint had stolen the personal and financial records of more than 145,000 Americans.

Insurance

Insurance Communications Authentication Access

Security Vulnerabilities in Covert CIA Websites

Schneier on Security

OCTOBER 1, 2022

The bulk of the websites that we discovered were active at various periods between 2004 and 2013. In addition, blocks of sequential IP addresses registered to apparently fictitious US companies were used to host some of the websites. All of these flaws would have facilitated discovery by hostile parties. […].

Security

Security Communications Archiving IT

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets.

Access

Access Security Cybersecurity IT

Facebook: is it time we all deleted our accounts?

The Guardian Data Protection

MARCH 20, 2018

Back in 2004, when a 19-year-old Zuckerberg had just started building Facebook, he sent his Harvard friends a series of instant messages in which he marvelled at the fact that 4,000 people had volunteered their personal information to his nascent social network. This is according to statements by a young Mark Zuckerberg anyway.

IT

IT Big data Privacy

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

I attended my first one in 2004, while covering Microsoft for USA TODAY. The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC.

Authentication

Authentication Cloud Access Cybersecurity

Initial Web 2 Summit Lineup Announced

John Battelle's Searchblog

MAY 11, 2011

This is something I did way back when we started in 2004, it felt right to do it again. We've sold out registration every year since 2004.The One new thing I'll be doing as well is forming an advisory board. More on that soon, but my goal is to gather input on the program from a diverse set of voices. Hope to see you there!

IT

Sophos Sandboxie is now available as an open-source tool

Security Affairs

APRIL 10, 2020

” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level.”

Marketing

Marketing IT Security Information Security

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

NOVEMBER 9, 2020

11 out of 16 targets cracked with 23 successful demos: Chrome, Safari, FireFox Adobe PDF Reader Docker-CE, VMware EXSi, Qemu, CentOS 8 iPhone 11 Pro+iOS 14, GalaxyS20 Windows 10 2004 TP-Link, ASUS Router — TianfuCup (@TianfuCup) November 8, 2020. Many mature and hard targets have been pwned on this year’s contest.

Security

Security Government Information Security IT

Predictions 2012: The Roundup

John Battelle's Searchblog

JANUARY 9, 2012

2004 Predictions. 2004 How I Did. Predictions 2010. 2010: How I Did. 2009 Predictions. 2009 How I Did. 2008 Predictions. 2008 How I Did. 2007 Predictions. 2007 How I Did. 2006 Predictions. 2006 How I Did. 2005 Predictions. 2005 How I Did.

IT

Security Vulnerability of Switzerland’s E-Voting System

Schneier on Security

OCTOBER 17, 2023

Here I am saying that in 2004.) Of course, Kuster did not employ a botnet virus to distribute his malware to real voters! He keeps it contained on his own system and demonstrates it in a video. Again, the solution is paper. And, no, blockchain does not help—it makes security worse.

Paper

Paper Security Blockchain Cybersecurity

Facebook Files, Initial Thoughts

John Battelle's Searchblog

FEBRUARY 1, 2012

Not since Google’s 2004 filing have so many journalists sped-read one document at the same time, eager to glean any possible insight unique to their particular point of view or publication and rush to post it before anyone else.

IT

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

CMS

CMS File names Passwords Access

On Math, iPhones, Android, and the 100K Phone Gap

John Battelle's Searchblog

JULY 19, 2010

It reminds me of Google in 2004, when the media fell in love with the concept of search. The media really, really, really loves to write about Apple and the iPhone these days.

Sales

Sales IT

Mozilla offers bigger rewards for Firefox flaws under its bug bounty program

Security Affairs

APRIL 24, 2020

Mozilla announced some major changes to its bug bounty program that was first launched in 2004. Mozilla announced some changes to its Firefox bug bounty program, it promises bigger rewards for vulnerabilities and will accept duplicate reports if necessary.

IT

IT Cybersecurity Security Information Security

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

. “The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. ” concludes the ICO.

GDPR

GDPR Personal data Data breaches Communications

Old-School Bagle Worm Spotted in Modern Spam Campaigns

Threatpost

DECEMBER 10, 2018

date back to 2004.

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. Researchers from SEKOIA.IO

Government

Government Communications Security Cybersecurity

A sad story of pedophilia on how disgusting images fed the web

Security Affairs

FEBRUARY 10, 2020

This is the story of the LS-Studios, by Alexander Chursin , who had to close his business in 2004 after an FBI raid. The drama is that on the dark side of the Internet there are ogres that abuse children.

Archiving

Archiving IT Security Information Security

Who is Tech Investor John Bernard?

Krebs on Security

SEPTEMBER 25, 2020

Two years before that, Davies was released from prison after being held in custody for 16 months on suspicion of murdering his new bride in 2004 on their honeymoon in India. .” Davies disappeared before he was convicted of fraud in 2015.

Insurance

Insurance IT

SMBleed could allow a remote attacker to leak kernel memory

Security Affairs

JUNE 11, 2020

” The SMBleed flaw impacts Windows 10 and Windows Server, versions 1903, 1909 and 2004, previous versions of the Microsoft OS are not affected. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.”

Authentication

Authentication IT Security

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

MAY 17, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Communications

Communications Phishing Government Encryption

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004. and Windows Server 2012 R2.

Security

Security Access IT Information Security

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The Last Watchdog

JULY 11, 2022

The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread). The data analytics show: •A total 2.3 billion U.S. accounts have been breached so far.

Security

Security Data breaches B2C Privacy

The PCLOB Needs a Director

Schneier on Security

NOVEMBER 20, 2018

The PCLOB was established in 2004 (when it didn't do much), disappeared from 2007-2012, and reconstituted in 2012. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA anti-terrorism surveillance, and FBI counterterrorism activities.

Privacy

Privacy IT

The Great $50M African IP Address Heist

Krebs on Security

DECEMBER 11, 2019

That individual — Ernest Byaruhanga — was only the second person hired at AFRINIC back in 2004. Byaruhanga did not respond to requests for comment. who assisted Guilmette in his research.

Marketing

Marketing Access Government Sales

Mary’s Annual Internet Trends

John Battelle's Searchblog

JUNE 2, 2013

I went on to launch the Web 2 Summit in 2004, and it was at that event that Mary started presenting her annual Internet Trends deck. The Internet Summit had its last event in July of 2001, and the space was taken over by Kara Swisher and Walt Mossberg, who went on to launch All Things Digital , which has thrived to this day.

IT

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident.

Cybersecurity

Cybersecurity IT Authentication Phishing

Predictions 2011

John Battelle's Searchblog

JANUARY 3, 2011

2004 Predictions. 2004 How I Did. Related: Predictions 2010. 2010 How I Did. 2009 Predictions. 2009 How I Did. 2008 Predictions. 2008 How I Did. 2007 Predictions. 2007 How I Did. 2006 Predictions. 2006 How I Did. 2005 Predictions. 2005 How I Did.

Marketing

Marketing Sales IT Privacy

Predictions 2012 #6: “The Corporation” Becomes A Central Societal Question Mark

John Battelle's Searchblog

JANUARY 9, 2012

2004 Predictions. 2004 How I Did. Predictions 2010. 2010: How I Did. 2009 Predictions. 2009 How I Did. 2008 Predictions. 2008 How I Did. 2007 Predictions. 2007 How I Did. 2006 Predictions. 2006 How I Did. 2005 Predictions. 2005 How I Did.

IT

IT Government

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The company added that the incident may have impacted those that attended a public institution of higher education in Colorado between 2007-2020, attended a Colorado public high school between 2004-2020, individuals with a Colorado K-12 public school educator license between 2010-2014, participated in the Dependent Tuition Assistance Program from 2009-2013, (..)

Education

Education Data breaches Ransomware Access

Agile intranet strategies

ChiefTech

JANUARY 31, 2013

I co-wrote this piece for Image & Data Magazine in 2004 (PDF), but its still relevant to the question posted by Andrew Wright on LinkedIn : How should great intranets be developed? As a project or as a series of rapid incremental improvements? For more see his blog post ).

IT

Colorado Warns Ransomware Attack Caused Massive Data Breach

Patch Tuesday, June 2024 “Recall” Edition

Trending Sources

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

Microsoft Patch Tuesday, July 2021 Edition

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Spam Kingpin Peter Levashov Gets Time Served

Expert released PoC exploit code for Windows CVE-2021-31166 bug

New Linux variant of BIFROSE RAT uses deceptive domain strategies

States Need Way More Money to Fix Crumbling Voting Machines

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Security Vulnerabilities in Covert CIA Websites

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Facebook: is it time we all deleted our accounts?

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

Initial Web 2 Summit Lineup Announced

Sophos Sandboxie is now available as an open-source tool

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Predictions 2012: The Roundup

Security Vulnerability of Switzerland’s E-Voting System

Facebook Files, Initial Thoughts

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

On Math, iPhones, Android, and the 100K Phone Gap

Mozilla offers bigger rewards for Firefox flaws under its bug bounty program

Britain’s information commissioner fines British Airways for 2018 Hack

Old-School Bagle Worm Spotted in Modern Spam Campaigns

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

A sad story of pedophilia on how disgusting images fed the web

Who is Tech Investor John Bernard?

SMBleed could allow a remote attacker to leak kernel memory

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The PCLOB Needs a Director

The Great $50M African IP Address Heist

Mary’s Annual Internet Trends

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Predictions 2011

Predictions 2012 #6: “The Corporation” Becomes A Central Societal Question Mark

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Agile intranet strategies

Stay Connected