2013 - Information Management Today

Target Sues Insurer Over 2013 Data Breach Costs

Data Breach Today

NOVEMBER 21, 2019

in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach. Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., Find out how much money the company is seeking.

Insurance

Insurance Data breaches Retail IT

Hacking Kia cars made after 2013 using just their license plate

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. This will allow us to send arbitrary commands to the vehicle.” ” concludes Curry.

Access

Access Sales Cybersecurity IT

6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Security Affairs

OCTOBER 3, 2019

Below the timeline of the PKPLUG attacks over the years: The first campaign associated with the PKPLUG was observed in November 2013, when the group targeted Mongolian individuals with PlugX RAT. The post 6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group appeared first on Security Affairs.

Archiving

Archiving Cybersecurity Security IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

The project was launched in September 2019 and as of August 2020, the experts collected 680 records of ransomware attacks that took place since November 2013. now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020.” ” reads the project description.

Ransomware

Ransomware Data collection Education Security

New Study: 2018 State of Embedded Analytics Report

Why do some embedded analytics projects succeed while others fail? We surveyed 500+ application teams embedding analytics to find out which analytics features actually move the needle. Read the 6th annual State of Embedded Analytics Report to discover new best practices. Brought to you by Logi Analytics.

Analytics

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Security Affairs

JUNE 20, 2022

The vulnerability, tracked as CVE-2022-22620 , was fixed for the first time in 2013, but in 2016 experts discovered a way to bypass the fix. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022.” Its fix was just regressed in 2016 during refactoring.

Security

Security IT Cybersecurity Data breaches

Medical Center Fined $4.75M in Insider ID Theft Incident

Data Breach Today

FEBRUARY 6, 2024

HHS OCR Says a Malicious Worker Stole and Sold Patient Information in 2013 HHS has fined a New York City medical center $4.75 million to settle potential HIPAA violations discovered during an investigation into a hospital insider who sold patient data to identity thieves in 2013.

Privacy

Privacy Security IT

Voter information for 2 millions of Indonesians leaked online

Security Affairs

MAY 23, 2020

Leaked details include names, addresses, ID numbers, birth dates, and more, they appear to date back to 2013. Appears to date back to 2013. Actor leaks information on 2,300,000 Indonesian citizens. data includes names, addresses, ID numbers, birth dates, and more.

IT

IT Security Data breaches

US DOJ Indicts Foreign Nationals for Defrauding $48 Million

Data Breach Today

NOVEMBER 7, 2023

The alleged reshipping scheme operated between 2013 and 2018 while the three defendants lived in Russia. Alleged Operators of Russian Cyber Fraud Scheme Are Indicted U.S. federal prosecutors unsealed an indictment against three foreign nationals for allegedly participating in a $48 million fraud scheme.

The Truth About Customer Journey Mapping

Speaker: Dave Seaton, CEO of Seaton CX

Is Customer Journey Mapping a tired fad from 2013? Or a critical tool for sparking customer-centric change? 💥 The answer lies not in the map itself, but in the mapping process.

Customer Experience

Ransomware, Vendor Hacks Push Breach Number to Record High

Data Breach Today

DECEMBER 7, 2023

Breaches have more than tripled between 2013 and 2022. Billion Personal Records Exposed in the Last 2 Years The number of data breaches in the U.S. has hit an all-time high, amid mounting attacks against third-party vendors and aggressive ransomware attacks, says a report from Apple and a Massachusetts Institute of Technology researcher.

Ransomware

Ransomware Data breaches

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Security Affairs

JANUARY 31, 2024

It was operating between 2008 and 2013. In 2013, the Motion Picture Association of America (MPAA) shut down the website due to concerns related to copyright infringement. According to German media , one of the two operators was also involved in the operations of the site mega-downloads.net.

IT

IT Security Information Security

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Security Affairs

AUGUST 28, 2024

The indictment alleges that from 2013 to 2022, Kadariya played a key role in distributing the Angler Exploit Kit, which was used to spread various malware, including ransomware, through malvertising and other methods. Kadariya has been indicted for distributing the Angler Exploit Kit and other malware to millions of victims.

Computer and Electronics

Computer and Electronics Access Ransomware Information Security

Hacker who disrupted Sony gaming gets a 27-months jail sentence

Security Affairs

JULY 4, 2019

The hacker who brought offline with massive DDoS attacks online gaming networks between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson (23) from Utah hit the principal gamins networks in 2013 and 2014, including Sony Online Entertainment. ” reads the press release published by DoJ.

Computer and Electronics

Computer and Electronics Access Security IT

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Notorious Finnish Hacker sentenced to more than six years in prison

Security Affairs

APRIL 30, 2024

In 2013, investigators discovered malicious code on devices seized from Kivimäki, which was used by HTP to compromise over 60,000 servers exploiting an Adobe ColdFusion zero-day. This exploit was reported by Brian Krebs in September 2013, after the hackers breached the servers of LexisNexis, Kroll, and Dun & Bradstreet.

Data breaches

Data breaches IT Information Security Security

Using steganography to obfuscate PDF exploits

Security Affairs

JANUARY 26, 2019

The sample was detected as “ exploit CVE-2013-3346 ” by our EdgeLogic engine, same as the previous one.” According to the researchers, the author of the sample exploited CVE-2013-3346 vulnerability, they speculate that the same individual created another document recently spotted by the firm. Pierluigi Paganini.

IT

IT Security

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” ” reads an advisory published by the Microsoft Tech Community.

Authentication

Authentication Communications Encryption IT

Microsoft Patches Zero-Day Bug Exploited by Ransomware Group

Data Breach Today

APRIL 12, 2023

Attackers Drop Nokoyawa Ransomware; Experts See Increasing Criminal Sophistication Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, (..)

Ransomware

Prestige reservation platform exposes millions of hotel guests

Security Affairs

NOVEMBER 10, 2020

Exposed data, some of which go back to 2013, include sensitive information and credit card details. The unsecured cloud repository used by the hotel reservation platform has exposed 10 million files (24.4 GB worth of data) related to guests at various hotels around the world. ” reads a post published by Website Planet.

Cloud

Cloud Phishing Access Privacy

Chinese-Linked APT Spying On Organizations for 10 Years

Data Breach Today

JUNE 12, 2022

Attacker Use DLL hijacking, DNS tunneling to Evade Post-Compromise Detection A recently identified Chinese hacking group dubbed "Aoqin Dragon" has been found to have targeted government, education and telecommunication organizations in Southeast Asia and Australia since 2013 as part of an ongoing cyberespionage campaign, according to research from (..)

Education

Education Government

CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 17, 2022

CVE-2013-6282 : Linux Kernel – The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. CVE-2013-2596 Linux Kernel – Linux kernel fb_mmap function in drivers/video/fbmem.c Code Aurora is used in third-party products such as Qualcomm and Android.

IT

IT Cybersecurity Risk Security

New Cobalt CEO Chris Manton-Jones Pursues Enterprise Clients

Data Breach Today

APRIL 13, 2022

He replaces founder Jacob Hansen, who had served as CEO since Cobalt's inception in 2013 and will remain with the firm as a board member.

CISA urges to fix actively exploited Firefox zero-days by March 21

Security Affairs

MARCH 8, 2022

CVE ID Vulnerability Name Due Date CVE-2022-26486 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2022-26485 Mozilla Firefox Use-After-Free Vulnerability 03/21/22 CVE-2021-21973 VMware vCenter Server, Cloud Foundation Server Side Request Forgery (SSRF) 03/21/22 CVE-2020-8218 Pulse Connect Secure Code Injection Vulnerability 09/07/22 CVE-2019-11581 (..)

Cybersecurity

Cybersecurity Authentication Cloud Security

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

The vulnerability impacts Microsoft Exchange 2010, 2013, 2016, and 2019. ” The researchers working with the peers at BinaryEdge discovered 220,000 Outlook Web Access installs exposed on the Internet, most are 2013, 2016, and 2019. “How many of these are vulnerable? ” continues the report.

Authentication

Authentication Access Security Cybersecurity

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). “Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013.

Sales

Sales Access Systems administration Marketing

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. Somehow, this operation found its way onto the NSA’s radar pre-2013, as far as I can tell, it’s eluded specific coverage from the security industry.

Libraries

Libraries Cybersecurity Access IT

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

Security Affairs

AUGUST 1, 2019

Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. Cisco finally addressed the flaws in 2013 and stopped selling Cisco Video Surveillance Manager (VSM) in 2014. Cisco is going to pay $8.6

Government

Government Sales Access Security

France police arrested Telegram CEO Pavel Durov

Security Affairs

AUGUST 25, 2024

Telegram Messenger is a cloud-based, cross-platform instant messaging service launched in 2013 for iOS and Android. Over the years, Telegram has become the privileged communication channel for cybercriminals and other threat actors. Telegram and the French Interior Ministry have not yet commented on the news.

Encryption

Encryption Communications Cloud IT

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Security Affairs

NOVEMBER 20, 2022

they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell in the context of the system and gain arbitrary or remote code execution on vulnerable servers. It's perhaps just Exchange 2013 that requires a tweak. Can confirm.

Authentication

Authentication Cybersecurity Security IT

ISO 27002:2022: Unpacking the InfoSec Management Standard

Data Breach Today

MARCH 15, 2022

Gary Hibberd, known as "The Professor of Communicating Cyber" at cybersecurity services provider Cyberfort Group, discusses the biggest changes made since 2013 to the ISO 27001 international standard for an information security management system, which helps organizations secure their data assets.

Communications

Communications Information Security Cybersecurity Security

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Security Affairs

NOVEMBER 6, 2020

In October 2013, the FBI has shut down the popular black market Silk Road after many years of investigation, the website was hosted in the Tor Network and was seized by US law enforcement. According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 .” On November 5, the U.S. million USD. .

Sales

Sales Marketing Government IT

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Security Affairs

SEPTEMBER 12, 2022

Mandiant is considered a leading cyber security firm, in 2013 FireEye acquired it, but FireEye separated Mandiant Solutions in 2021 as part of a $1.2 (NASDAQ: MNDT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction valued at approximately $5.4

Cybersecurity

Cybersecurity Cloud Analytics Security

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

Security Affairs

SEPTEMBER 30, 2020

Researchers from Rapid7 reported that 61 percent of Exchange 2010, 2013, 2016 and 2019 servers are still vulnerable to the vulnerability. 21, 2020, it appears that 61% of the target population (Exchange 2010, 2013, 2016, and 2019) is still vulnerable to exploitation.” ” explained Tom Sellers with Rapid7 in a blog post.

Authentication

Authentication Cybersecurity Risk Security

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

MAY 26, 2024

UAC-0006 has been active since at least 2013. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of surge in in cyberattacks linked to the financially-motivated threat actor UAC-0006.

Archiving

Archiving Phishing Access Cybersecurity

Hunting the ICEFOG APT group after years of silence

Security Affairs

JUNE 8, 2019

The activities of the APT group were first uncovered by Kaspersky Lab in September 2013, at the time the researchers defined the crew as an emerging group of cyber-mercenaries that was able to carry out surgical hit and run operations against strategic targets. Feedbacks and questions are welcome!

Agriculture

Agriculture Government Military Communications

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE provides free access to the identify theft monitoring Experian IdentityWorks SM for 24 months.

Education

Education Data breaches Ransomware Access

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

UAC-0006 has been active since at least 2013. .” concludes the CERT-UA. In May, CERT-UA warned of a surge in in cyberattacks linked to the financially-motivated threat actor UAC-0006.

Phishing

Phishing Government File names Access

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 d26m CVE-2013-5223 D-Link DSL-2760U Gateway CVE-2020-8958 Guangzhou 1GE ONU V2801RW 1.9.1-181203 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta,

IoT

IoT Communications IT Security

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The Gamaredon group was first discovered by Symantec and TrendMicro in 2015, but evidence of its activities has been dated back to 2013. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” ua,” the campaign aims at infecting the target systems with malware. The group targeted government and military organizations in Ukraine.

Military

Military Phishing File names Archiving

Exploit broker Zerodium is looking for Pidgin 0day exploits

Security Affairs

JUNE 2, 2021

Researchers from Trend Micro reported the existence of Asrar al-Dardashah, a plugin released in 2013 that was developed for Pidgin to add encryption to the instant messaging functions, securing instant messaging with the press of a single button.

Encryption

Encryption Communications Security IT

Two former NSA Officials appointed by Joe Biden for prominent cyber roles

Security Affairs

APRIL 12, 2021

Inglis retired from NSA in 2014 where he served the US government for 28 years, since 2013 as the agency’s deputy director. The first name was John Chris Inglis, who was nominated as the first-ever National Cyber Director, a role that was introduced by Congress in the Fiscal Year 2021.

Military

Military Government Cybersecurity Security

Data belonging 44 Million Pakistani mobile users leaked online

Security Affairs

MAY 6, 2020

It seems that the huge trove of data was the result of a data breach that took place in 2017, the oldest entries are dated back as 2013. Actor leaks Mobilink's (now @jazzpk ) database – Pakistan's leading telecom service. – Database apparently got hacked in 2017.

Sales

Sales Data breaches Authentication Personal data

Sophos Sandboxie is now available as an open-source tool

Security Affairs

APRIL 10, 2020

” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. The Sandboxie tool has been built on many years of highly-skilled developer work and is an example of how to integrate with Windows at a very low level.”

Marketing

Marketing IT Security Information Security

Target Sues Insurer Over 2013 Data Breach Costs

Hacking Kia cars made after 2013 using just their license plate

Webinars

Trending Sources

6 cyber-espionage campaigns since 2013 attributed to PKPLUG China-linked group

Webinars

CIRWA Project tracks ransomware attacks on critical infrastructure

New Study: 2018 State of Embedded Analytics Report

Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild

Medical Center Fined $4.75M in Insider ID Theft Incident

Voter information for 2 millions of Indonesians leaked online

US DOJ Indicts Foreign Nationals for Defrauding $48 Million

The Truth About Customer Journey Mapping

Ransomware, Vendor Hacks Push Breach Number to Record High

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Hacker who disrupted Sony gaming gets a 27-months jail sentence

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Notorious Finnish Hacker sentenced to more than six years in prison

Using steganography to obfuscate PDF exploits

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Microsoft Patches Zero-Day Bug Exploited by Ransomware Group

Prestige reservation platform exposes millions of hotel guests

Chinese-Linked APT Spying On Organizations for 10 Years

CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog

New Cobalt CEO Chris Manton-Jones Pursues Enterprise Clients

CISA urges to fix actively exploited Firefox zero-days by March 21

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Meet the Administrators of the RSOCKS Proxy Botnet

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov

France police arrested Telegram CEO Pavel Durov

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

ISO 27002:2022: Unpacking the InfoSec Management Standard

US authorities behind $1 billion Bitcoin transaction of Silk Road funds

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Hunting the ICEFOG APT group after years of silence

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

CERT-UA warns of a phishing campaign targeting government entities

BotenaGo botnet targets millions of IoT devices using 33 exploits

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Exploit broker Zerodium is looking for Pidgin 0day exploits

Two former NSA Officials appointed by Joe Biden for prominent cyber roles

Data belonging 44 Million Pakistani mobile users leaked online

Sophos Sandboxie is now available as an open-source tool

Stay Connected