Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. The second one, tracked as CVE-2019.0880, affects Windows 7 and Server 2008. The issue resides in the way splwow64 (Thunking Spooler APIs) handles certain calls. Pierluigi Paganini.

Government 108

Government Passwords IT Security 108

Schneier on Security

MARCH 31, 2024

Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. He was a cryptographer and security engineer, but also very much a generalist. I can’t remember when I first met Ross.

Paper 123

Paper Encryption Information Security Cybersecurity 123

Security Affairs

OCTOBER 13, 2021

The vulnerability is a use-after-free issue in the Win32k kernel driver, tracked as CVE-2021-40449 , that was addressed by Microsoft with the release of October Patch Tuesday security updates. The post Chinese APT IronHusky use Win zero-day in recent wave of attacks appeared first on Security Affairs. Pierluigi Paganini.

Government 116

Government IT Security Access 116

Security Affairs

MAY 29, 2020

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. According to the experts, the leak includes government data of an entire country, it was leaked online by a reputable actor that goes online with moniker ‘Toogod.”. ” reads a post published by Cyble.

Archiving 145

Archiving Data breaches Government Security 145

Security Affairs

JANUARY 15, 2019

A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity?related

Risk 109

Risk Cybersecurity IT Government 109

Security Affairs

AUGUST 1, 2019

million to settle a legal dispute for selling vulnerable software to the US government. Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. SecurityAffairs – Cisco, US Government). Pierluigi Paganini.

Sales 110

Sales Government Access Security 110

Krebs on Security

JUNE 10, 2022

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive. .'”

Marketing 285

Marketing Government Systems administration Sales 285

Krebs on Security

JUNE 3, 2019

For almost the past month, key computer systems serving the government of Baltimore, Md. National Security Agency (NSA) and leaked online in 2017. “At this point, Eternal Blue is probably going to be detected by internal [security systems] systems, or the target might already be patched for it.”

Ransomware 210

Ransomware Government Security Encryption 210

Security Affairs

JUNE 19, 2020

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. ” reads the analysis published by Palo Alto Networks.

Security 144

Security Government IT Information Security 144

John Battelle's Searchblog

OCTOBER 28, 2011

Not to mention retirement (from Social Security to 401ks, etc.). Of course, were such a hypothesis true, one might imagine that the over percentage of GDP represented by government workers would have gone *down* over the past few decades. Now let’s compare Government as a percent of GDP to private Industry.

Government 111

Government Education Military Financial Services 111

Krebs on Security

DECEMBER 8, 2021

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Federal Bureau of Investigation (FBI) contacted them regarding ransomware attacks that were based in Canada.

IT 299

IT Ransomware Mining Government 299

Security Affairs

MAY 23, 2023

In October 2022, Kaspersky researchers uncovered a malware campaign aimed at infecting government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions with a previously undetected framework dubbed CommonMagic. This means that the threat actor was able to avoid detection for more than 15 years.

Communications 98

Communications Agriculture Cloud Archiving 98

Security Affairs

AUGUST 30, 2023

’ Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. “The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”

Ransomware 98

Ransomware Manufacturing Data breaches Government 98

Security Affairs

APRIL 29, 2021

” The Lambert APT (aka Longhorn APT ) has been active since at least 2008, but its first samples were spotted in 2014. In March 2020, Chinese security firm Qihoo 360 accused the US Central Intelligence Agency (CIA) of having hacked Chinese organizations for the last 11 years. Follow me on Twitter: @securityaffairs and Facebook.

Government 127

Government Cybersecurity Education Security 127

Security Affairs

NOVEMBER 5, 2018

Google queries allowed Iran Government to dismantle the CIA communication network used by its agents and kill dozens of tens of spies. News the security breach has happened in 2009, the Iranian intelligence infiltrated a series of websites used by the CIA to communicate with agents worldwide, including Iran and China.

Communications 111

Communications Government Security IT 111

The Security Ledger

DECEMBER 29, 2021

As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. Back in 2008, the late, great security researcher Dan Kaminsky discovered a serious security flaw in a ubiquitous Internet technology: the domain name system, or DNS. Mark Stanislav is a VP of Information Security at Gemini.

Libraries 98

Libraries Agriculture Risk Authentication 98

Schneier on Security

JUNE 13, 2024

Bhartiya Janta Party (BJP) workers like Shakti Singh Rathore have been frequenting AI startups to send personalized videos to specific voters about the government benefits they received and asking for their vote over WhatsApp. The government is already using these platforms to provide government services to citizens in their native languages.

Artificial Intelligence 107

Artificial Intelligence Communications Government Access 107

Collibra

NOVEMBER 9, 2021

We started Collibra in 2008 based on years of academic research on semantic technology. In our first act, we pioneered data governance and continue to lead this category. Today, every organization understands that data governance is a necessity to truly derive value from data. Governance, lineage and catalog .

IT 83

IT Metadata Digital transformation Government 83

Schneier on Security

FEBRUARY 13, 2021

It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. ”) Here’s me in 2018: Supply-chain security is an incredibly complex problem.

Cybersecurity 145

Cybersecurity Manufacturing Government Communications 145

Krebs on Security

JANUARY 8, 2024

For years, security experts — and indeed, many top cybercriminals in the Spamit affiliate program — have expressed the belief that Sal and Icamis were likely the same person using two different identities. 2008, wherein he addresses forum members with the salutation, “Hello Gentlemen Scammers.”

Computer and Electronics 231

Computer and Electronics Passwords Sales Government 231

Security Affairs

OCTOBER 6, 2020

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory. Microsoft 365 Defender customers can also refer to these detections: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020.

Authentication 139

Authentication Passwords Access Security 139

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Military 127

Military Manufacturing Access Security 127

Adam Levin

APRIL 15, 2019

A technical glitch took down a wireless network used by New York City’s municipal government, raising serious questions about security and reliability of operational technology used by the city. The New York City Wireless Network, or NYCWiN, was initially deployed in 2008 at a cost of $500 million.

Government 56

Government Communications Security IT 56

Thales Cloud Protection & Licensing

OCTOBER 10, 2022

We live in a digital world in which we engage with significant social, government, retail, business and entertainment services now delivered without any direct human service management. The report provides novel and important insights for businesses, governments, academics and citizens. Governments need to take action.

Personal data 71

Personal data Data breaches Government Authentication 71

Security Affairs

JUNE 28, 2019

The Regin malware has been around since at least 2008, most Regin infections were observed in Russia (28%) and Saudi Arabia (24%), but other attacks were spotted in Iran, Ireland, India, Afghanistan, Austria, Belgium, Mexico, and Pakistan. Yandex acknowledged the security breach but did not provide further details on the attack.

Authentication 108

Authentication Security Government Access 108

Security Affairs

NOVEMBER 14, 2018

Kaspersky reported the flaw to Microsoft on October 17, the security firm observed attacks against systems protected by its solution and attempting to exploit the zero-day flaw affecting the Win32k component in Windows. The CVE-2018-8589 vulnerability only affects Windows 7 and Windows Server 2008. Pierluigi Paganini.

Authentication 111

Authentication Government Security IT 111

CILIP

JUNE 30, 2021

The purpose of this review is to identify the opportunities and risks inherent in the current model for the resourcing and funding of public libraries, to identify under-exploited opportunities to secure a more diverse and sustainable funding base for the future and to set out a roadmap or recommendations for how this might be achieved.

Libraries 52

Libraries Risk Government Security 52

IG Guru

SEPTEMBER 2, 2018

AUGUST 27, 2018 08:48 PM ET The late senator pushed relentlessly for the government to develop a comprehensive cyber deterrence strategy. During the 2008 […]. By Joseph Marks, Senior Correspondent Shortly before Gen. Keith Alexander’s April 2010 hearing to be the first chief of U.S. Cyber Command, Sen. John McCain, R-Ariz.,

Government 40

Government Information governance Information Security Security 40

Security Affairs

AUGUST 31, 2020

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by malware for collecting browsing data and banking credentials and other financial information from the victims. The post Qbot uses a new email collector module in the latest campaign appeared first on Security Affairs. Pierluigi Paganini.

Passwords 120

Passwords Military Manufacturing Encryption 120

Security Affairs

MAY 26, 2020

Earlier versions of Agent.BTZ were used to compromise US military networks in the Middle East in 2008. Thus, it is able to bypass some security controls because it doesn’t rely on any malicious domain.” The post New Turla ComRAT backdoor uses Gmail for Command and Control appeared first on Security Affairs.

Communications 137

Communications Military Encryption Authentication 137

Hunton Privacy

JANUARY 29, 2013

On January 11, 2013, the UK Government published its response (the “Response”) to the UK Justice Select Committee’s opinion on the European Commission’s proposed revised data protection framework. The Response highlights a number of concerns expressed by the UK Government regarding the Commission’s legislative proposals.

Government 40

Government Compliance Privacy IT 40

Security Affairs

OCTOBER 5, 2019

But this new directorate seems to signal a pivot towards a more public approach to security than the Agency has taken in the past. The directorate also reflects a change in the importance of national cybersecurity and provides a hint as to how government agencies are rethinking how cybersecurity divisions should be organized.

Cybersecurity 110

Cybersecurity Military Security Access 110

eSecurity Planet

FEBRUARY 15, 2022

Secret Service issued a detailed advisory on the BlackByte Ransomware as a Service (RaaS) group, which has attacked critical infrastructure industries in recent months, among them government, financial and food and agriculture targets. A Top Priority for Security Teams. cybersecurity advisories in recent weeks. 7 SP1, 8, 8.1)

Ransomware 128

Ransomware Encryption Agriculture Cybersecurity 128

Adam Levin

MARCH 21, 2019

Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. Today, less than 20% of DNS traffic is secured by DNSSEC, and only three percent of Fortune 1,000 companies have implemented it.

Cybersecurity 56

Cybersecurity Government Compliance Communications 56

IT Governance

MARCH 27, 2018

Almost 3,000 of NHS Lothian’s 19,251 computers still run on Windows XP (almost 15 %); Microsoft hasn’t provided support for this system since 2014 and its last significant security update took place in 2008, in addition to a one-off patch that was released last year to prevent the spread of ransomware material.

Compliance 47

Compliance Risk Government Paper 47

Security Affairs

MARCH 19, 2020

Security researcher Marco Ramilli analyzed a new Coronavirus (COVID-19)-themed attack gathering evidence of the alleged involvement of an APT group. Governments are doing their best to mitigate such a virus while people are stuck home working remotely using their own equipment. About the author: Marco Ramilli, Founder of Yoroi.

Computer and Electronics 137

Computer and Electronics IT Security Encryption 137

Krebs on Security

DECEMBER 16, 2019

Yakubets , who the government says went by the nicknames “ aqua ,” and “ aquamo ,” among others. KrebsOnSecurity first encountered Aqua’s work in 2008 as a reporter for The Washington Post. What follows is an insider’s look at the back-end operations of this gang. Image: FBI. HITCHED TO A MULE.

Government 240

Government IT Communications Education 240