Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Risk 237

Risk Security IT 237

Krebs on Security

MAY 14, 2019

CVE-2019-0708 does not affect Microsoft’s latest operating systems — Windows 10 , Windows 8.1 , Windows 8 , Windows Server 2019 , Windows Server 2016 , Windows Server 2012 R2 , or Windows Server 2012. More information on how to download and deploy the update for CVE-2019-0708 is here.

Ransomware 271

Ransomware Authentication Security IT 271

DLA Piper Privacy Matters

SEPTEMBER 27, 2022

The Singapore Court of Appeal has recently clarified that ‘emotional distress’ is an actionable loss and damage under the existing right of private action of Personal Data Protection Act 2012 (“ PDPA “).

Personal data 98

Personal data Communications 98

Data Breach Today

SEPTEMBER 24, 2019

financial services firms and others from 2012 to mid-2015. Andrei Tyurin Stole Details of 83 Million Customers During Cybercrime Campaign Russian national Andrei Tyurin pleaded guilty to perpetrating massive hack attacks against leading U.S. Victims included JPMorgan Chase, from which he stole details of 83 million customer accounts.

Financial Services 213

Financial Services 213

Krebs on Security

FEBRUARY 4, 2020

Investigators say Bukoski’s booter service was among the longest running services targeted by the FBI, operating since at least 2012. The landing page for the Quantum Stresser attack-for-hire service. When an online pizza delivery order brings FBI agents to raid your home.

Government 295

Government IT Security 295

Krebs on Security

JULY 7, 2021

.” In a blog post , Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016 , Windows 10 version 1607 , and Windows Server 2012. “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers.

Security 356

Security IT 356

Data Breach Today

MAY 28, 2020

Millions of Older Credentials Apparently Used in Credential-Stuffing Attacks The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.

Sales 191

Sales Passwords IT 191

Krebs on Security

FEBRUARY 24, 2023

BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. BHProxies initially was fairly active on Black Hat World between May and November 2012, after which it suddenly ceased all activity. The website BHProxies[.]com

Passwords 269

Passwords Blockchain Mining Marketing 269

Krebs on Security

MARCH 21, 2019

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Passwords 56

Passwords Access Archiving Authentication 56

Data Breach Today

MAY 1, 2019

embassy in 2012. British Judge Sentences WikiLeaks Founder to 50 Weeks in Prison for Violating Bail Conditions On Wednesday, a British judge sentenced WikiLeaks founder Julian Assange to 50 weeks in prison for violating the terms of his bail after he sought political asylum in Ecuador's U.K. Now he faces possible extradition to the U.S.

187

187

Krebs on Security

FEBRUARY 11, 2020

lnk) files ( CVE-2020-0729 ) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. In addition, Redmond addressed a critical issue ( CVE-2020-0618 ) in the way Microsoft SQL Server versions 2012-2016 handle page requests. Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk)

Security 58

Security IT 58

Data Breach Today

JANUARY 21, 2019

million fine the FTC in 2012 slammed on Google. Federal Trade Commission is close to concluding its investigation into Facebook over the Cambridge Analytica scandal, the Washington Post reports, noting that the social network may face a record-setting fine, exceeding the $22.5

IT 178

IT 178

Data Protection Report

MARCH 28, 2023

In a recent decision (the Decision ), [1] the Personal Data Protection Commission ( PDPC ) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 ( PDPA ) when the consent procured is invalid.

Personal data 98

Personal data Risk Access IT 98

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication 141

Authentication Security IT Information Security 141

Data Breach Today

MAY 13, 2023

Hackers may have accessed or stolen patient data of 103,974 patients who received care between March 2012 and last November. Hacking Incident Affects Patients Who Received Care Over a 10 Year Period A rural Utah healthcare provider is notifying more than one hundred thousand individuals of a cybersecurity incident.

Data breaches 162

Data breaches Cybersecurity Access 162

Krebs on Security

DECEMBER 23, 2018

On June 25, 2012, Islam and nearly two-dozen others were caught up in an FBI dragnet dubbed Operation Card Shop. JoshTheGod’s (Mir Islam’s ) Twitter feed, in April 2012 warning fellow carding forum carderprofit members that the forum was being run by the FBI.

Personal data 249

Personal data Government IT 249

Krebs on Security

NOVEMBER 26, 2021

And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab , a network engineer and security researcher based in Houston. “LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity.

Authentication 72

Authentication Passwords Paper Communications 72

Krebs on Security

JUNE 25, 2019

com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., 2333youxi[.]com blazefire[.]com blazefire[.]net

Cloud 257

Cloud Manufacturing Marketing Data breaches 257

Data Breach Today

APRIL 5, 2023

blacklist known as the Entity List since 2012. Andrey Shevlyakov Has History of Flouting Export Controls U.S. federal prosecutors say an Estonian man was prepared violate U.S. export regulations by selling a license for penetration testing software to a Russian individual. Andrey Shevlyakov has been on a U.S.

147

147

Data Breach Today

JULY 8, 2019

billion fine for money laundering violations in 2012. Everett Stern Reflects on Fallout From Money Laundering Case HSBC paid a record $1.92 But no one ever went to jail for the crimes. Whistleblower Everett Stern discusses lessons learned from the case and the concept of "too big to jail."

147

147

Krebs on Security

APRIL 18, 2023

According to cyber intelligence firm Flashpoint , MrMurza has been active in the Russian underground since at least September 2012. 2012, from an Internet address in Magnitogorsk, RU. MrMurza also told the admin that his account number at the now-defunct virtual currency Liberty Reserve was U1018928.

Passwords 274

Passwords IoT Sales Retail 274

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Sales 124

Sales Passwords Data breaches Phishing 124

The Last Watchdog

SEPTEMBER 13, 2023

Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs.

Security 228

Security Risk Marketing IT 228

Krebs on Security

JUNE 25, 2021

“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012,” reads a reply from Western Digital that Wizcase posted to its blog. That response also suggested this bug has been present in its devices for at least a decade.

Access 339

Access Marketing IT 339

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. .” Microsoft also patched five critical bugs — flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.

Security 338

Security Ransomware Phishing Cloud 338

Krebs on Security

JULY 9, 2019

” The DHCP weakness ( CVE-2019-0785 ) exists in most supported versions of Windows server, from Windows Server 2012 through Server 2019. The other — CVE-2019-0880 — is present in Windows 8.1 , Server 2012 and later operating systems.

Libraries 206

Libraries IT Access Security 206

Security Affairs

FEBRUARY 13, 2020

Windows Server 2012: If the command returns false, SMBv1 is not enabled. Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled. Windows Server 2012: Set-SmbServerConfiguration -EnableSMB1Protocol $false -force. Get-SmbServerConfiguration | Select EnableSMB1Protocol. Get-WindowsFeature FS-SMB1).Installed

Authentication 145

Authentication Communications Encryption IT 145

Data Breach Today

OCTOBER 21, 2019

Proposed Data Breach Settlement Follows Supreme Court's Refusal to Hear Appeal Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase.

Data breaches 140

Data breaches Retail 140

Security Affairs

JULY 24, 2024

Remote attackers can exploit the flaw to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. is a use-after-free issue in Microsoft Internet Explorer 6 through 8.

IT 117

IT Cybersecurity Access Risk 117

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. Source: US Defense Watch.com.

Passwords 117

Passwords Sales Phishing Access 117

Security Affairs

MAY 15, 2020

Data appears to come from past data breaches, the oldest one dates back as 2012 while the latest one dates April 2020. million April 2018 Netlog.com (Twoo.com) 57 million November 2012 Dubsmash.com Phone numbers 47.1 million September 2012 Bukalapak.com 13 million February 2018 Bookmate.com 8 million July 2018 ReverbNation.com 7.9

Sales 139

Sales Data breaches Archiving Passwords 139

Krebs on Security

OCTOBER 22, 2020

.” It appears that Centauri hasn’t filed any business records with the state since 2009, and the state subsequently suspended the company’s license to do business in Aug. Separately, the California State Franchise Tax Board (FTB) suspended this company as of April 1, 2014.

Communications 305

Communications IT Access Security 305

Security Affairs

FEBRUARY 14, 2020

According to the media, these are the largest penalties imposed by the Kremlin on Western IT firms under internet use laws since 2012. ” reported the Associated Press.

Personal data 145

Personal data Government Security IT 145

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Security 143

Security Access Cybersecurity Risk 143

Krebs on Security

FEBRUARY 5, 2023

Kivimaki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimäki’s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. The DDoS-for-hire service allegedly operated by Kivimäki in 2012. Kivimäki was 15 years old at the time.

ROT 259

ROT Security Access IT 259

DLA Piper Privacy Matters

APRIL 11, 2022

Authors: Carolyn Bigg , Yue Lin Lee , Gwyneth To. Increased financial penalties. From 1 October 2022, companies that breach the PDPA may face fines of up to: SGD 1 million; or. where the organisation’s annual turnover in Singapore exceeds SGD 10 million, 10% of the organisation’s Singapore turnover.

Personal data 97

Personal data Compliance Cybersecurity Government 97

Krebs on Security

OCTOBER 11, 2018

10 and Server 2008, 2012, 2016 and 2019. Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Security 207

Security Access IT 207