2011 and Security - Information Management Today

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The post XDSpy APT remained undetected since at least 2011 appeared first on Security Affairs.

Military

Military Phishing Passwords Government

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Security Affairs

APRIL 30, 2019

Bloomberg obtained Vodafone’s security briefing documents from 2009 and 2011 and spoke with people involved in the situation. Bloomberg revealed that once discovered the backdoors in home routers in 2011, Vodafone asked Huawei to address them. ” reported the AFP. ” continues bloomberg. ” continues bloomberg.

IT

IT Access Government Security

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011.

Authentication

Authentication Passwords Libraries Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Planning Your Online Lives in 2011

Collaboration 2.0

DECEMBER 16, 2010

A hundred years ago we had virtually no data associated with us beyond possibly owning a passport, a few pieces of legal paperwork and maybe some national security files about us we [.]

Security

Happy birthday, Security Affairs celebrates its ninth Anniversary today

Security Affairs

NOVEMBER 17, 2020

Happy BirthDay Security Affairs! I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. I started with a single post per day, nine years later I’m still the only contributor and I do all my best to cover the most important news in the cyber security landscape.

Security

Security IT Cybersecurity Risk

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. SecurityAffairs – hacking, Security Affairs).

Security

Security Cybersecurity IT Data breaches

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 284 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Ransomware Insurance Information Security

Happy birthday Security Affairs … 11 years together!

Security Affairs

NOVEMBER 15, 2022

Happy BirthDay Security Affairs! I launched Security Affairs for passion in November 2011 and since then the blog was visited by tens of millions of readers. Eleven years ago I decided to launch Security Affairs, a blog that is considered today one of the most valuable sources of the cybersecurity industry.

Security

Security Cybersecurity Government IT

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 SecurityAffairs – hacking, crypto security breaches). The post Crypto security breaches cause $4.25

Security

Security Marketing IT Information Security

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 SAP Security Note #3040210 , tagged with a CVSS score of 9.9

Security

Security IT Information Security

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

JULY 19, 2021

All Aligned With China's Ministry of State Security The U.S.

Government

Government Security

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

Data Breach Today

JULY 12, 2023

Campaign Targets 22 Embassies; Unit 42 Ties It to Russian Foreign Intelligence Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series.

Phishing

Phishing Security IT

Three security bugs found in the popular Linux suite systemd

Security Affairs

JANUARY 10, 2019

Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 ) in a component of systemd , a software suite that provides fundamental building blocks for a Linux operating system used in most major Linux distributions. ” reads the security advisory. Pierluigi Paganini.

Security

Security Access IT

COVID-19 Response: How to Secure a 100% Remote Workforce

Data Breach Today

MARCH 20, 2020

Cybereason CSO Sam Curry on Business Continuity and Reducing Risk Cybereason CSO Sam Curry is no stranger to crisis - he was on the team that responded to the RSA breach in 2011. But the COVID-19 pandemic brings an unprecedented challenge: How do you manage business continuity and reduce risk with a 100 percent remote workforce?

Risk

Risk Security

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Cybersecurity

Cybersecurity Government IT Security

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa ( @_notdodo_ ), Security Engineer at Prima Assicurazioni. Cloud Security Context.

Cloud

Cloud Security Metadata Data breaches

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The impacted email accounts were re-secured. ” The agency has already secured the compromised email accounts and added that it is not aware of further compromise beyond them.

Cybersecurity

Cybersecurity Security IT Data breaches

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Access

Access Security Cybersecurity IT

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 9, 2022

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The post CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IT

IT Passwords Ransomware Cybersecurity

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” The authorities reported that since 2011, 7 million Bitcoin had gone into the BTC-e exchange and 5.5 ” reads the press release published by DoJ.

IT

IT Information Security Security

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

He joined the gang in August 2011 and worked for the organization for five-and-a-half years, DoJ states that he was among the most prolific and active members of the gang. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?.

Sales

Sales Personal data Cybersecurity Security

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Gox in 2011 and money laundering. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. Bilyuchenko is also charged with conspiring with Alexander Vinnik to run the virtual currency exchange BTC-e from 2011 to 2017. Gox exchange and operating BTC-e appeared first on Security Affairs.

Access

Access Security IT Information Security

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

The new releases include fixes for a command injection security vulnerability ( CVE-2021-29472 ) reported by Thomas Chauchefoin from SonarSource.” “During our security research, we discovered a critical vulnerability in the source code of Composer which is used by Packagist. billion download requests each month.

Metadata

Metadata Security Access IT

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more. Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group.

Risk

Risk Archiving Access Privacy

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Communications

Communications Access Risk Education

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Security Affairs

NOVEMBER 22, 2021

According to Iran’s Fars News Agency, Mahan Air was hit by similar attacks “many times,” for this reason Mahan’s Cyber Security Team rapidly neutralized these attacks. The US had sanctioned Mahan Air in 2011 for providing financial, material, or technological support to Iran’s Islamic Revolutionary Guard Corps. Pierluigi Paganini.

IT

IT Security Cybersecurity Government

Security Affairs newsletter Round 212 – News of the week

Security Affairs

MAY 5, 2019

The best news of the week with Security Affairs. Microsoft removes Password-Expiration Policy in security baseline for Windows 10. But it was 2011. The post Security Affairs newsletter Round 212 – News of the week appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Security

Security Passwords Ransomware Data breaches

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. ” CISA and the FBI published a report related to Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security. Ltd. (????) .

Government

Government Cybersecurity Security Access

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. The post Palo Alto Networks addresses tens of serious issues in PAN-OS appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – PaloAlto Networks, hacking).

Authentication

Authentication Access Communications Security

Air India suffered a data breach, 4.5 million customers impacted

Security Affairs

MAY 22, 2021

26, 2011 and February. Customers’ details involved in the security breach include names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. The total number of travelers impacted in the security breach is still unknown.

Data breaches

Data breaches Passwords Personal data Cybersecurity

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. ” reads the joint alert. Pierluigi Paganini. Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Phishing Government

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

We spent searching holes in Italian universities (and not only, we remember that dozens of universities were hacked in 2011), to try to show you that security in the academic environment must be taken seriously since the university is the den of the excellent minds of our future. Pierluigi Paganini.

Data breaches

Data breaches GDPR Education Passwords

John McAfee found dead in prison cell ahead of extradition to US

Security Affairs

JUNE 23, 2021

The company was purchased by Intel in 2011 for more than $7.6bn. The DoJ announced the charges after the US Securities and Exchange Commission (SEC) also charged McAfee with fraudulently touting ICOs. The post John McAfee found dead in prison cell ahead of extradition to US appeared first on Security Affairs.

Cybersecurity

Cybersecurity Security IT Information Security

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants. billion in BTC transactions to ransomware payments appeared first on Security Affairs.

Ransomware

Ransomware Security Information Security IT

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. “Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.”

Security

Security Authentication Phishing Government

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

The Last Watchdog

FEBRUARY 24, 2022

Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. Now, let me give you a few reasons, why pen testing has emerged as a “must-have” security practice. For example, your website security may prove strong, applications not so much.

Security

Security Compliance Retail Risk

The Story of the 2011 RSA Hack

Schneier on Security

MAY 27, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Authentication

Authentication Cybersecurity

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. and above 2011 Workspace ONE UEM patch 20.11.0.40 The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds.

Access

Access Authentication Cloud Security

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google. AWMproxy, the storefront for renting access to infected PCs, circa 2011. An example of a cracked software download site distributing Glupteba. Image: Google.com.

Passwords

Passwords Analytics Manufacturing Access

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. ” The malware leverages the Microsoft implementation of SSL/TLS, Secure Channel, for C2 communication. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications

Communications Encryption Education Authentication

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Security Affairs

AUGUST 28, 2020

Clearsky security researchers revealed that Iran-linked Charming Kitten APT group is using WhatsApp and LinkedIn to conduct spear-phishing attacks. This message will contain a promise that the webinar is secured by Google, as they sent to the victim on the tenth day,” Clearsky concludes. Israel, Iraq, and Saudi Arabia.

Phishing

Phishing Security Government IT

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

It has already happened in the past that the popular antivirus software has identified Chrome as a malicious code, the website The Register reported a similar problem in 2011. The post Windows Defender identified Chromium, Electron apps as Hive Ransomware appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Security IT Information Security

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. Mitsubishi Electric disclosed the security incident only after two local newspapers, the Asahi Shimbun and Nikkei , reported the security breach.

Manufacturing

Manufacturing Data breaches Access Sales

XDSpy APT remained undetected since at least 2011

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Webinars

Trending Sources

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Webinars

Planning Your Online Lives in 2011

Happy birthday, Security Affairs celebrates its ninth Anniversary today

Happy 10th Birthday, Security Affairs

Security Affairs newsletter Round 284

Happy birthday Security Affairs … 11 years together!

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

Three security bugs found in the popular Linux suite systemd

COVID-19 Response: How to Secure a 100% Remote Workforce

The Full Story of the Stunning RSA Hack Can Finally Be Told

NUVOLA: the new Cloud Security tool

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

Email accounts of the International Monetary Fund compromised

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

US man sentenced to 4 years in prison for his role in Infraud scheme

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Command injection flaw in PHP Composer allowed supply-chain attacks

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Why is ‘Juice Jacking’ Suddenly Back in the News?

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Security Affairs newsletter Round 212 – News of the week

US DoJ indicts four members of China-linked APT40 cyberespionage group

Palo Alto Networks addresses tens of serious issues in PAN-OS

Air India suffered a data breach, 4.5 million customers impacted

Russia-linked threat actors targets critical infrastructure, US authorities warn

Three Italian universities hacked by LulzSec_ITA collective

John McAfee found dead in prison cell ahead of extradition to US

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Iran-linked Phosphorous APT hacked emails of security conference attendees

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

The Story of the 2011 RSA Hack

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

The Link Between AWM Proxy & the Glupteba Botnet

DePriMon downloader uses a never seen installation technique

Iran-linked Charming Kitten APT contacts targets via WhatsApp, LinkedIn

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Stay Connected