2004, Access and Information Security - Information Management Today

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Security Affairs

MAY 23, 2021

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. The security researcher Axel Souchet has published over the weekend a proof-of-concept exploit code for the wormable flaw that impacted Windows IIS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Risk

Risk Security Access IT

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Security Affairs

MARCH 3, 2024

A new Linux variant of the remote access trojan (RAT) BIFROSE (aka Bifrost) uses a deceptive domain mimicking VMware. The Bifrost RAT has been active since 2004, it allows its operators to gather sensitive information, including hostname and IP address. com) that mimics the legitimate VMware domain.

Encryption

Encryption Cybersecurity IT Access

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists. The experts determined the threat actors had access to CDHE systems between June 11 and June 19, 2023 and copied data from the company systems during this time.

Education

Education Data breaches Ransomware Access

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reads the report published by Cisco Talos.

CMS

CMS File names Passwords Access

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Security Affairs

MAY 17, 2024

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Communications

Communications Phishing Government Encryption

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. The ALAC is an audio coding format developed by Apple for lossless data compression of digital music.

Access

Access Cybersecurity Security IT

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

Microsoft released this week an out-of-band security update for Windows 8.1 and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. The first elevation of privilege vulnerability, tracked as CVE-2020-1530 , ties the way Windows Remote Access improperly handles memory.

Security

Security Access IT Information Security

US CISA warns of a Samsung vulnerability under active exploitation

Security Affairs

MAY 20, 2023

CISA also addressed the following issue in the latest turn: CVE-2004-1464 – Cisco IOS Denial-of-Service Vulnerability. Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device.

Security

Security Cybersecurity Risk Access

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

OCTOBER 16, 2020

In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. The hackers potentially accessed the personal data of approximately 429,612 customers and staff. Exposed data included names, addresses, payment card numbers and CVV numbers of 244,000 BA customers.

GDPR

GDPR Personal data Data breaches Communications

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

SEPTEMBER 21, 2021

The backdoor allows attacker to maintain access to the infected system and could also be used as a second-stage dropper to deliver additional payloads. During their campaigns, they are often using and re-using compromised servers for their operations, which they access via SSH, often protected by TOR. ” concludes Talos.

Military

Military Government Encryption Access

Italian Garante Publishes Updated Guidelines on Cookies and Other Tracking Technologies

Hunton Privacy

AUGUST 12, 2021

Cookie walls, which force users to express consent to receive cookies and other tracking mechanisms or else be blocked from accessing a site, are not permitted. 4 of January 9, 2004). Reiteration of Consent. Reposting banners to seek consent when a user already has expressed preferences for the relevant website is prohibited.

GDPR

GDPR Analytics Privacy Access

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

The Kazakhstan authorities issued an advisory to local Internet Service Providers (ISPs) asking them to allow their customers to access the Internet only after the installation on their devices of government-issued root certificates. The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015.

IT

IT Encryption Communications Government

Harvard Business Publishing licensee hit by ransomware

Security Affairs

OCTOBER 9, 2022

SHA1 (Secure Hashing Algorithm 1) has been broken since 2004 and can be breached quickly by criminals at relatively little cost. Moreover, the database contained physical addresses – paired with names, email addresses, and phone numbers, this information could be used for identity theft or harassment.

Ransomware

Ransomware Passwords GDPR Encryption

Weekly podcast: Uber, Tether, Bitcoin and Western Union

IT Governance

NOVEMBER 24, 2017

Two attackers managed to access a GitHub site used by Uber, where they found login credentials that they then used to access an Uber Amazon Web Services account, where they found the personal information of 57 million customers and drivers around the world, including names, email addresses, mobile phone numbers and driving licence details.

Data breaches

Data breaches Access Blockchain Cloud

President Obama Nominates Ohlhausen to be FTC Commissioner

Hunton Privacy

JULY 25, 2011

Ohlhausen previously worked in various senior positions at the FTC, most recently as Director of the FTC’s Office of Policy Planning from 2004 to 2008 where she headed the FTC’s Internet Access Task Force. If approved, Ohlhausen will serve a seven-year term beginning on September 26, 2011, replacing Commissioner William E.

Data breaches

Data breaches Privacy Cybersecurity Government

How data breaches are affecting the retail industry

IT Governance

AUGUST 21, 2018

Customers of the Adidas.com website may have been affected by a breach after an unauthorised party gained access to customer data. The data included contact information, usernames and encrypted passwords. Ticketmaster notified users of its UK site that their personal information may have been accessed by an unauthorised third party.

Retail

Retail Data breaches GDPR Compliance

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

SEPTEMBER 2, 2019

That mole then provided much -needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.” In 2004, Mossad and the CIA asked for help from AIVD. The mole visited Natanz a few times to collect configuration information about the systems in the plant. ” wrote the journalists.

Military

Military Manufacturing Access Security

Remote sex toys might spice up your love life – but crooks could also get a kick out of them?

Security Affairs

FEBRUARY 14, 2022

Accessing apps2; c; and apps subdomains gives us this info. However, a couple of addresses seem to be leaking valuable information by confirming what servers they use. Cybernews believes that these access points – or at least the information about the IP addresses – should be shielded completely.

Manufacturing

Manufacturing Access Security IT

The History of Malware: A Primer on the Evolution of Cyber Threats

IBM Big Data Hub

NOVEMBER 6, 2023

Ransomware: One of the most dangerous types of malware, ransomware attacks take control of critical computer systems or sensitive data, locking users out and requiring exorbitant ransoms in cryptocurrency like Bitcoin in exchange for regained access. Ransomware remains one of the most dangerous types of cyber threats today.

Ransomware

Ransomware Phishing Encryption IoT

Information Management Today

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Webinars

Trending Sources

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Webinars

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

US CISA warns of a Samsung vulnerability under active exploitation

Britain’s information commissioner fines British Airways for 2018 Hack

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Italian Garante Publishes Updated Guidelines on Cookies and Other Tracking Technologies

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Harvard Business Publishing licensee hit by ransomware

Weekly podcast: Uber, Tether, Bitcoin and Western Union

President Obama Nominates Ohlhausen to be FTC Commissioner

How data breaches are affecting the retail industry

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Remote sex toys might spice up your love life – but crooks could also get a kick out of them?

The History of Malware: A Primer on the Evolution of Cyber Threats

Stay Connected