2009 and IT - Information Management Today

'Open Enterprise 2009' Winners One Year On

Collaboration 2.0

JULY 6, 2010

Stowe Boyd and I awarded the ‘Open Enterprise 2009‘ award to Booz Allan Hamilton for their ‘Hello’ environment at the Boston Enterprise 2.0 Conference a year ago, and I caught up with Megan Murray of the BAH team one year on to see how their environment was progressing at this year’s Boston event.

IT

Federal Tally Reaches 5,000 Health Data Breaches Since 2009

Data Breach Today

OCTOBER 26, 2022

More People Affected by Breaches Than Total US Population The federal tally of health data breaches reached a new milestone this week: Since its inception in September 2009, more than 5,000 major incidents have been posted to the Department of Health and Human Services' HIPAA breach "wall of shame."

Data breaches

Data breaches IT

Cisco 2009 3rd Party External Social Media Research Findings

Collaboration 2.0

JANUARY 13, 2010

Based on extensive interviews with 105 participants representing 97 organizations in 20 countries around the globe and conducted between April and September 2009, it’s the first of a two-part series that Cisco [.]

IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. “We’ve identified in excess of a thousand of his victims.

IT

IT Ransomware Mining Government

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets.

IT

IT Systems administration Military Cybersecurity

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

JULY 8, 2024

The compilation has been named ‘RockYou2021’ by the forum user, presumably in reference to the RockYou data breach that occurred in 2009, when threat actors hacked their way into the social app website’s servers and got their hands on more than 32 million user passwords stored in plain text. RockYou2021 had 8.4

Passwords

Passwords Data breaches Risk IT

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

WIRED Threat Level

JANUARY 15, 2019

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Data collection

Data collection IT Security

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. The list of victims is long and includes tech giants like HPE, IBM, DXC, Fujitsu, and Tata.

Cloud

Cloud IT Systems administration Phishing

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

JUNE 23, 2019

Unfortunately, this was not the first time hackers broke into JPL , it has already happened back in 2009, 2011, 2014, 2016 and 2017. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California. ” reads the report. ” the NASA OIG said.

IT

IT Data breaches Archiving Education

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Security Affairs

APRIL 30, 2019

Bloomberg obtained Vodafone’s security briefing documents from 2009 and 2011 and spoke with people involved in the situation. According to Bloomberg, Vodafone identified hidden backdoors in software that could have handed Huawei unauthorized access to the carrier’s fixed-line network in Italy used to connect to the internet.

IT

IT Access Government Security

10-year-old vulnerability in Avaya VoIP Phones finally fixed

Security Affairs

AUGUST 10, 2019

The vulnerability, tracked as CVE-2009-0692 , could be exploited by an attacker to crash the ISC DHCP client and execute arbitrary code with the permissions of the client. Avaya did not address the vulnerability issue in some of its VoIP devices by applying the necessary patches that were released after the discovery of the flaw in 2009.

IoT

IoT Communications Privacy Risk

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

Weibo is a popular Chinese micro-blogging ( weibo ) website, it was launched by Sina Corporation on 14 August 2009, it claimed over 445 million monthly active users as of Q3 2018. . The presence in the dump of not public users’ details, including gender and location, suggests the hackers had access to the company database.

Personal data

Personal data Sales Passwords Information Security

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Risk

Risk Phishing Access Security

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Orange Belgium is using Huawei equipment since 2007 for its mobile network in Belgium and Luxembourg, while the collaboration between Proximus and the Shenzhen-based company started in 2009 for the progressive upgrading of its network. There’s also a growing concern about Huawei’s capacity to produce its equipment,” the source added.

Manufacturing

Manufacturing Risk Communications Security

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

JUNE 8, 2020

IBM invented FHE in 2009, but only recently it is becoming practical thanks to algorithmic progresses. . “In IBM has released open-source toolkits implementing fully homomorphic encryption (FHE), which allows researchers to process encrypted data without having access to the actual data.

Encryption

Encryption Cloud Analytics Data Privacy

Administrators of bulletproof hosting sentenced to prison in the US

Security Affairs

OCTOBER 21, 2021

The two individuals, Aleksandr Skorodumov (33) of Lithuania, and Pavel Stassi (30) of Estonia, administrated the bulletproof hosting service between 2009 and 2015. Every time a content was flagged as malicious, the defendants moved it to new infrastructure and used false or stolen identities to register it.

Systems administration

Systems administration Marketing Risk IT

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

The group, also known as Cicada, Stone Panda , and Cloud Hopper , has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” Pierluigi Paganini.

Healthcare

Healthcare Archiving Cloud Manufacturing

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Security Affairs

APRIL 6, 2024

Most of the vulnerable systems are in the US (4686 at the time of this writing), followed by Japan (2009), and UK (1032). Shadowserver researchers have scanned the Internet for instances vulnerable to CVE-2024-21894 and reported that about 16,500 are still vulnerable.

Security

Security Information Security IT

PwnKit: Local Privilege Escalation bug affects major Linux distros

Security Affairs

JANUARY 26, 2022

The flaw, dubbed PwnKit, was introduced more than 12 years ago (May 2009) since the initial commit of pkexec, this means that all the versions are affected. The good news is that this issue is not remotely exploitable, but if an attacker can log in as any unprivileged user, it can allow to gain root privileges. What's not to love?

Communications

Communications IT Security Information Security

North Korea-linked APT group BeagleBoyz targets banks

Security Affairs

AUGUST 29, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Cyber Command (USCYBERCOM) North Korea-linked APT group BeagleBoyz was very active since February 2020 targeting banks across the world.

Access

Access Government Ransomware Cybersecurity

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Security Affairs

AUGUST 8, 2022

“It’s worth pointing out that the wallet address is the miner reward receiving address of the Bitcoin Genesis Block , which occurred on January 3, 2009, and is believed to be held by Nakamoto.” ” reads the analysis published by the researchers. Version 3 supports features to launch an XMRig Monero mining software.

Mining

Mining IT Security Information Security

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The targets of the two groups show significant overlap, Billbug also targeted organizations many military and government organizations in South Asia since at least January 2009. Billbug is a long-established espionage group, active since at least January 2009. Hannotog ) and another backdoor known as Sagerunex ( Backdoor.

Military

Military Communications Government Education

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

The popular investigator Brian Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Ransomware

Ransomware IT Information Security Security

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Qbot , aka Qakbot , is a data stealer worm with backdoor capabilities that was first detected by Symantec back in 2009. The threat was used in recent attacks aimed at JP Morgan, Citibank, Bank of America, Citizens, Capital One, Wells Fargo, and FirstMerit Bank. The campaign targets 36 different U.S. ” continues the report.

Phishing

Phishing Financial Services Personal data Security

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. IoCs : win_fw.dll A8EF73CC67C794D5AA860538D66898868EE0BEC0 idahelper.dll DE0E23DB04A7A780A640C656293336F80040F387 : Win32/NukeSped.KZ

Cybersecurity

Cybersecurity Ransomware Security IT

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The app, which was s tored in Google Drive, was a tainted version of the legitimate PDF reader PDFTron.

Security

Security Phishing Information Security Communications

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

Security Affairs

JULY 13, 2024

The popular investigator Brian Krebs reported that Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, noted in 2014 that Tank told co-conspirators in a JabberZeus chat on July 22, 2009 that his daughter, Miloslava, was and told him Miloslava birth weight.

Information Security

Information Security IT Security

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020.

Encryption

Encryption Access Phishing Passwords

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Dacls was first spotted by researchers at Qihoo 360 Netlab in December 2019 when it was used to target both Windows and Linux devices.

Libraries

Libraries Communications Encryption Authentication

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

Security Affairs

JANUARY 16, 2019

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Security experts at Flashpoint linked the recently disclosed attack on the Chilean interbank network to the dreaded Lazarus APT group.

Communications

Communications Ransomware Security IT

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Security Affairs

OCTOBER 23, 2023

billion Aadhaars issued by the UIDAI since this ID service launched in 2009, this system represents one of the largest biometric ID programs on the planet, according to a report published by think tank Brookings Institution. With roughly 1.4 The PIB also said that “no breach has been reported from Aadhaar database” to date.

Sales

Sales e-Discovery Data breaches Risk

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

NOVEMBER 9, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast. ” continues the analys i s.

IT

IT Archiving Encryption Passwords

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

British telecommunications company Cable & Wireless played a crucial role in the tapping of the undersea cables, in February 2009 a GCHQ employee was assigned to work within the company in a “full-time project management” role to follow the operation from the inside. ” reported The Sunday Times. Source [link].

Military

Military Communications Data collection Access

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Phishing

Phishing Cybersecurity IT Security

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

FEBRUARY 14, 2024

For example, the timestamp for Mr. Carter’s inbox reads August 2009, but clicking that inbox revealed messages as recent as Feb. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide.

Education

Education Data breaches Government Security

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Retail

Retail Phishing Marketing IT

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Zinc APT group, aka Lazarus, surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Security

Security Encryption Passwords Communications

CISA urges to fix actively exploited Firefox zero-days by March 21

Security Affairs

MARCH 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog. The US agency has ordered federal civilian agencies to address both issues by March 21, 2022. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity

Cybersecurity Authentication Cloud Security

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

She stated in 2009, policy was changed to move all information technology services to the Office of Administration.” Missouri Gov. Mike Parson (R), vowing to prosecute the St. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.

Education

Education Access Security Communications

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. aka Li Jiadong, were charged with money laundering conspiracy and operating an unlicensed money transmitting business.”

Ransomware

Ransomware IT Security Information Security

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. The group is also accused of cyber-attacks against the Bangladesh Bank.

Military

Military Cloud Government Phishing

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” reads the alert issued by DHS. APT actors have targeted victims in several U.S.

Communications

Communications Manufacturing Cybersecurity Phishing

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

According to cyber intelligence firm Intel 471 , Megatraffer has been active on more than a half-dozen crime forums from September 2009 to the present day. In November 2009, Fitis wrote, “I am the perfect criminal. WHO IS MEGATRAFFER? And on most of these identities, Megatraffer has used the email address 774748@gmail.com.

Healthcare

Healthcare Passwords Sales Ransomware

Maryland Department of Labor discloses a data breach

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. The Maryland Department of Labor announced it has suffered a data breach announced that exposed personally identifiable information. . ” continues the Department. .

Data breaches

Data breaches Insurance Access Security

'Open Enterprise 2009' Winners One Year On

Federal Tally Reaches 5,000 Health Data Breaches Since 2009

Webinars

Trending Sources

Cisco 2009 3rd Party External Social Media Research Findings

Webinars

Canada Charges Its “Most Prolific Cybercriminal”

North Korea-linked Lazarus APT targets the IT supply chain

RockYou2024 compilation containing 10 billion passwords was leaked online

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

10-year-old vulnerability in Avaya VoIP Phones finally fixed

538 Million Weibo users’ records being sold on Dark Web

Experts found 20 Million tax records for Russian citizens exposed online

Belgium telecom operators Proximus and Orange drop Huawei

IBM releases open-source toolkits implementing FHE to process data while encrypted

Administrators of bulletproof hosting sentenced to prison in the US

China-linked APT10 leverages ZeroLogon exploits in recent attacks

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

PwnKit: Local Privilege Escalation bug affects major Linux distros

North Korea-linked APT group BeagleBoyz targets banks

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

An ongoing Qbot campaign targeted customers of tens of US banks

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Vyacheslav Igorevich Penchukov was sentenced to prison for his role in Zeus and IcedID operations

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Experts link attack on Chilean interbank network Redbanc NK Lazarus APT

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

The Platinum APT group adds the Titanium backdoor to its arsenal

Russian spies are attempting to tap transatlantic undersea cables

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

U.S. Internet Leaked Years of Internal, Customer Emails

North Korean Lazarus APT stole credit card data from US and EU stores

Microsoft: North Korea-linked Zinc APT targets security experts

CISA urges to fix actively exploited Firefox zero-days by March 21

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

US officials charge two Chinese men for laundering cryptocurrency for North Korea

EU has imposed sanctions on foreign actors for the first time ever

DHS issued an alert on attacks aimed at Managed Service Providers

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Maryland Department of Labor discloses a data breach

Stay Connected