2008 - Information Management Today

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Security Affairs

NOVEMBER 26, 2020

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. “If you have ever run this script on Windows 7 or Windows Server 2008 R2 , you probably noticed a weird recurring result and perhaps thought that it was a false positive just as I did.

Security

Security IT Access Information Security

CIA Hacking unit APT-C-39 hit China since 2008

Security Affairs

MARCH 4, 2020

” The US-linked hackers targeted the Chinese organizations between September 2008 and June 2019. The post CIA Hacking unit APT-C-39 hit China since 2008 appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, CIA).

Military

Military Government Security IT

0patch will provide micropatches for Windows 7 and Server 2008 after EoS

Security Affairs

SEPTEMBER 22, 2019

With the end-of-life of Windows 7 and Server 2008, their users will no more receive security patches, the only way to remain protected is to trust in micropatches. On January 14, 2020, support for Window 7, Windows Server 2008 and 2008 R2 will end, this means that users will no longer receive security updates.

Security

Security Risk IT Information Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

File names

File names Archiving Phishing Encryption

Sunset of Windows Server 2008: Migrate with Docker

Data Breach Today

JANUARY 23, 2019

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.

Security

Security IT

Microsoft rolled out emergency updates to fix Windows Server auth failures

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication

Authentication Security IT Information Security

NIST Seeks Input on HIPAA Security Rule Guidance Update

Data Breach Today

MAY 4, 2021

The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But Is It Time to Overhaul the Rule Itself? But is it time to update the security rule itself?

Security

Security IT

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Windows Server 2008 R2: By default, SMBv1 is enabled in Windows Server 2008 R2. Windows Server 2008 R2: Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" -Name SMB1 -Type DWORD -Value 0 –Force. If it returns an SMB1 value of 0, it is disabled. (Get-WindowsFeature Get-WindowsFeature FS-SMB1).Installed

Authentication

Authentication Communications Encryption IT

Congress Renews FISA Warrantless Surveillance Bill For Six More Years

WIRED Threat Level

JANUARY 11, 2018

The House of Representatives Thursday strengthened spying powers authorized under Section 702 of the 2008 FISA Amendments Act.

Security

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

JUNE 5, 2019

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and the threat can also be mitigated by blocking TCP port 3389. According to Z??osum0x0,

Authentication

Authentication Ransomware Security IT

Windows 7: Microsoft Ceases Free Security Updates

Data Breach Today

JANUARY 14, 2020

Security Experts Recommend Holdouts Review Their IT Strategy and Cloud Options Microsoft has ceased offering free security updates for its Windows 7 operating system, as well as Windows Server 2008 and 2008 R2.

Security

Security Cloud IT

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

The security patches developed by 0patch address the issues for Windows 7 and Windows Server 2008 R2 without ESU. The service will also release unofficial patches for Windows 7 and Server 2008 R2 with ESU, Windows 8.1, and Windows Server 2012.

Libraries

Libraries Risk Security IT

An archive with 20 Million Taiwanese? citizens leaked in the dark web

Security Affairs

MAY 29, 2020

The seller claims the database dates back as 2019, but Cyble researchers noted the last DOB record was from 2008. The database size is 3.5 GB, exposed data includes full name, full address, ID, gender, date of birth, and other info. Experts are still investigating the leak and will provide an update as soon as possible.

Archiving

Archiving Data breaches Government Security

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

Security Affairs

JUNE 19, 2020

The exploit used by Turla, referred to as CVE-2008-3431 , abuses two vulnerabilities, but only one was ever fixed in the aforementioned CVE. The other vulnerability was chained by Turla operators with the CVE-2008-3431 flaw in the first version of their exploit.

Security

Security Government IT Information Security

California Prison System Says 236,000 Affected by Hack

Data Breach Today

SEPTEMBER 13, 2022

Mental Health Records Dating Back 14 Years, Plus COVID Test Info Breached The California Department of Corrections and Rehabilitation reported a hacking incident that affected 236,000 individuals, potentially including any current or former inmate who since 2008 received a mental health diagnosis while incarcerated.

NSA urges Windows Users and admins to Patch BlueKeep flaw

Security Affairs

JUNE 5, 2019

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and the threat can also be mitigated by blocking TCP port 3389.

Authentication

Authentication Security Ransomware IT

DHS also issued an alert for the Windows BlueKeep flaw

Security Affairs

JUNE 18, 2019

Enable Network Level Authentication in Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Disable services not being used by the OS. This best practice limits exposure to vulnerabilities. Enable Network Level Authentication.

Authentication

Authentication Cybersecurity Security Marketing

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Security Affairs

DECEMBER 20, 2018

The IE zero-day vulnerability impacts IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, IE 11 from Windows 7 to Windows 10, and IE 11 on Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security IT

Microsoft to Officially End Support for Windows 7, Server 2008

Dark Reading

JANUARY 13, 2020

Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.

Security

3 Tips to Prepare for SQL Server 2008 and Windows Server 2008 End of Support

Daymark

FEBRUARY 1, 2019

Microsoft deadlines for SQL Server 2008 and Windows Server 2008 end of support are quickly approaching with Extended Support for SQL Server 2008 and 2008 R2 ending on July 9, 2019 and Extended Support for Windows Server 2008 and 2008 R2 ending on January 14, 2020. Time is running out.

Compliance

Compliance Risk Cloud Security

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763).

Government

Government IT Security Access

Too many issues in Pentagon networks expose it to cybersecurity risks

Security Affairs

JANUARY 15, 2019

related recommendations, dating as far back as 2008. The report doesn’t surprise the experts, in September another audit conducted by the Inspector General revealed that 266 DoD cybersecurity-related recommendations were still open, 11 of them being classified and 255 unclassified and 11 classified , dating as far back as 2008. .

Risk

Risk Cybersecurity IT Government

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

MAY 14, 2019

The vulnerability ( CVE-2019-0708 ) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7 , Windows Server 2008 R2 , and Windows Server 2008. “This vulnerability is pre-authentication and requires no user interaction,” Pope said.

Ransomware

Ransomware Authentication Security IT

Experts add a BlueKeep exploit module to MetaSploit

Security Affairs

SEPTEMBER 7, 2019

It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.” ” explained Metasploit senior engineering manager Brent Cook.

Libraries

Libraries Security IT Information Security

Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

WIRED Threat Level

AUGUST 10, 2023

In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off.

Security

To Prevent Another WannaCry, Microsoft Patches Old OSs

Data Breach Today

MAY 15, 2019

Vulnerability in XP, Windows 7 and Server 2008 Could Be 'Wormable' Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm.

IT

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. According to German media , one of the two operators was also involved in the operations of the site mega-downloads.net. Movie2k was a platform involved in the unauthorized distribution of copyrighted movies, TV shows, and other media content.

IT

IT Security Information Security

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

Security Affairs

MARCH 31, 2021

was recommended for IETF protocols in 2008 and became obsolete with the introduction of TLS version 1.3 The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC RFC 2246) and 1.1 (RFC Both versions lack support for current and recommended cryptographic algorithms and mechanisms.

Communications

Communications Security Encryption Information Security

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Security Affairs

AUGUST 1, 2019

Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. Cisco is going to pay $8.6 million to settle a legal dispute for selling vulnerable software to the US government. ” reported The New York Times.

Government

Government Sales Access Security

The Application Security Team's Framework For Upgrading Legacy Applications

Data Breach Today

JANUARY 23, 2019

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.

Security

Security IT

Zoom is working on a patch for a zero-day in Windows client

Security Affairs

JULY 9, 2020

The vulnerability affects Windows client running on old versions of Windows OS, including Windows 7 and Windows Server 2008 R2 and earlier. The zero vulnerability was reported to ACROS by a security researcher who wanted to remain anonymous. Clients running on Windows 8 or Windows 10 are not affected.

Security

Security Privacy IT Information Security

Google dorks were the root cause of a catastrophic compromise of CIA’s communications

Security Affairs

NOVEMBER 5, 2018

The report published by Yahoo also cited a defense contractor for the CIA named John Reidy that warned the agency of it was using insecure communications systems in 2008, and again in 2010. Unfortunately, he was fired by the agency, likely in retaliation for not shutting up. ” states the report.

Communications

Communications Government Security IT

Microsoft Patch Tuesday, November 2021 Edition

Krebs on Security

NOVEMBER 9, 2021

Both involve weaknesses in Microsoft’s Remote Desktop Protocol (RDP, Windows’ built-in remote administration tool) running on Windows 7 through Windows 11 systems, and on Windows Server 2008-2019 systems. The flaws let an attacker view the RDP password for the vulnerable system.

Passwords

Passwords Authentication Security Ransomware

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Risk

Risk Security IT

Qakbot is back and targets the Hospitality industry

Security Affairs

DECEMBER 18, 2023

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’ Duck Hunt is one of the largest U.S.-led

Ransomware

Ransomware Phishing IT Information Security

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

From the forum’s inception until around 2008, Djamix was one of its most active and eloquent contributors. ru at DomainTools.com reveals this address has been used to register at least 10 domain names since 2008. Some of those photos date back to 2008. “In order to ESCAPE the law, you need to KNOW the law.

Military

Military IT Communications Risk

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Security Affairs

MAY 15, 2019

Microsoft released security updates for Windows 7, Windows Server 2008 R2, and Windows Server 2008, The tech giant has also separately released patches for out-of-support versions of Windows such as Windows 2003 and Windows XP. 18 vulnerabilities have been rated as critical and rest Important in severity. .

Authentication

Authentication Security Risk IT

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2008 Workspace ONE UEM patch 20.8.0.36 .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13 and above 2105 Workspace ONE UEM patch 21.5.0.37 and above 2102 Workspace ONE UEM patch 21.2.0.27 and above 2101 Workspace ONE UEM patch 21.1.0.27

Access

Access Authentication Cloud Security

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Security Affairs

NOVEMBER 3, 2019

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and the threat can also be mitigated by blocking TCP port 3389.

Honeypots

Honeypots Security Information Security Authentication

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. Experts warn that operators behind the Qakbot malware operation are improving their attack chain in an attempt to avoid detection. The malware spreads via malspam campaigns, it inserts replies in active email threads.

File names

File names Archiving Compliance IT

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Krebs on Security

OCTOBER 26, 2021

Indeed, some of history’s largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target , Home Depot and elsewhere that led to the theft of roughly another 100 million cards.

Sales

Sales Retail Computer and Electronics Risk

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials and other financial information from the victims. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. .

Ransomware

Ransomware Security Cybersecurity IT

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

Security Affairs

JULY 28, 2024

The PlugX malware is a remote access trojan (RAT) that has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 The RAT uses DLL side-loading to load its own malicious payload malicious DLL when a digitally signed software application, such as the x32dbg debugging tool (x32dbg.exe), is executed.

Cybersecurity

Cybersecurity Communications Access IT

Biometric Litigation Risks Endure Even Post BIPA Amendment

Data Matters

NOVEMBER 21, 2024

Enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and possession of biometric data by private entities operating in Illinois. Biometric data includes, for example, fingerprints, voiceprints, eye scans, and face/hand scans.

Risk

Risk Privacy

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

CIA Hacking unit APT-C-39 hit China since 2008

Webinars

Trending Sources

0patch will provide micropatches for Windows 7 and Server 2008 after EoS

Webinars

PLAYFULGHOST backdoor supports multiple information stealing features

Sunset of Windows Server 2008: Migrate with Docker

Microsoft rolled out emergency updates to fix Windows Server auth failures

NIST Seeks Input on HIPAA Security Rule Guidance Update

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Congress Renews FISA Warrantless Surveillance Bill For Six More Years

Expert developed a MetaSploit module for the BlueKeep flaw

Windows 7: Microsoft Ceases Free Security Updates

0patch releases free unofficial patches for Windows 0days exploited in the wild

An archive with 20 Million Taiwanese? citizens leaked in the dark web

AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

California Prison System Says 236,000 Affected by Hack

NSA urges Windows Users and admins to Patch BlueKeep flaw

DHS also issued an alert for the Windows BlueKeep flaw

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Microsoft to Officially End Support for Windows 7, Server 2008

3 Tips to Prepare for SQL Server 2008 and Windows Server 2008 End of Support

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Too many issues in Pentagon networks expose it to cybersecurity risks

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Experts add a BlueKeep exploit module to MetaSploit

Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

To Prevent Another WannaCry, Microsoft Patches Old OSs

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

The Application Security Team's Framework For Upgrading Legacy Applications

Zoom is working on a patch for a zero-day in Windows client

Google dorks were the root cause of a catastrophic compromise of CIA’s communications

Microsoft Patch Tuesday, November 2021 Edition

Microsoft Issues Emergency Fix for IE Zero Day

Qakbot is back and targets the Hospitality industry

From Cybercrime Saul Goodman to the Russian GRU

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild

Qakbot operations continue to evolve to avoid detection

FBI Raids Chinese Point-of-Sale Giant PAX Technology

Black Basta ransomware operators leverage QBot for lateral movements

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts

Biometric Litigation Risks Endure Even Post BIPA Amendment

Stay Connected