Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. Image: Securityinbits.com.

Security 358

Security IT 358

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks.

Security 219

Security Risk Insurance Cybersecurity 219

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

Passwords 360

Passwords Access Insurance Government 360

Data Breach Today

MARCH 12, 2021

Audit Stresses Need for Better Communication With Companies Although CISA has made significant strides since it was established in 2018, the agency still has important work to do to fulfill its cybersecurity and national security obligations, the GAO finds.

Communications 317

Communications Cybersecurity Security IT 317

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. banks) would have this role in their executive leadership team.

Security 249

Security Marketing Cybersecurity Data breaches 249

Data Breach Today

JULY 19, 2021

All Aligned With China's Ministry of State Security The U.S.

Government 299

Government Security 299

Data Breach Today

JUNE 19, 2023

HHS says the group was discovered by security researchers in 2018. HHS Says 'Obscure' Group Has Resurfaced, Hitting a Cancer Center Federal authorities are warning healthcare and public health sector entities of an apparent resurgence of TimisoaraHackerTeam after an attack in recent weeks by the obscure ransomware group on a U.S.

Ransomware 312

Ransomware Security 312

Krebs on Security

JUNE 25, 2021

” Western Digital’s brief advisory includes a link to an entry in the National Vulnerability Database for CVE-2018-18472. Examine the CVE attached to this flaw and you’ll notice it was issued in 2018. We are actively investigating the issue and will provide an updated advisory when we have more information.”

Access 336

Access Marketing IT 336

Data Breach Today

MAY 25, 2020

Researchers Observe Over 100 Campaigns Since Start of 2020 Two years after it was last seen in February 2018, a new version of the ZLoader banking malware has resurfaced, with cybercriminals distributing the malware through email campaigns, according to security firm Proofpoint.

Security 292

Security IT 292

Data Breach Today

OCTOBER 3, 2023

APT 41 Used Android, iOS Surveillance Malware to Target APAC Victims Since 2018 Security researchers linked a surveillance toolkit called LightSpy to Chinese threat group APT41, which has a history of using surveillance malware on iOS and Android devices.

Security 297

Security 297

Data Breach Today

JULY 12, 2022

Home Affairs Minister Seeks to Tackle Financial Fraud, Boost Security Stance Indian Home Affairs Minister Amit Shah called for stricter action against cybercriminals, vowing that the central and state governments will collaborate on a strategy to tamp down financial fraud.

Government 295

Government Security 295

The Last Watchdog

DECEMBER 8, 2020

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner. Connectivity was relatively uncomplicated.

Access 213

Access Security Cloud Cybersecurity 213

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. In the days that followed, the DFS and U.S.

Insurance 328

Insurance Financial Services Mining Access 328

The Last Watchdog

JUNE 9, 2022

According to the Federal Trade Commission (FTC), seniors lost $500 each on computer tech assistance scams in 2018. Phishing emails may ask for personal information like a log-in or Social Security number to authenticate your account, or they may urge you to share your credit card payment details. Internet and email fraud. Romance Scam.

Privacy 274

Privacy Security Phishing Insurance 274

The Last Watchdog

APRIL 16, 2020

NotPetya wrought $10 billion in damages , according to Tom Bossert a senior Department of Homeland Security official at the time. In 2018 and 2019, ransomware-triggered business disruptions came not in global-spanning worms, ala WannaCry and NotPetya, but in unrelenting one-off attacks. “We I’ll keep watch.

Ransomware 276

Ransomware Security Authentication Access 276

Krebs on Security

JANUARY 2, 2019

29, 2018, the attackers broke in through a compromised login account on Christmas Eve and quickly began infecting servers with the Ryuk ransomware strain. 2, 2018 shows the company is still struggling to restore services more than a week after the attack began. A status update shared by Data Resolution with affected customers on Jan.

Ransomware 247

Ransomware Cloud Access Security 247

Data Breach Today

OCTOBER 14, 2022

million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.

Retail 270

Retail Passwords Data breaches Personal data 270

Data Breach Today

MARCH 2, 2023

Judge Rejects Recommendations to Drop Case in Medical Center Incident A Georgia man who is the chief operating officer of a network security firm can't escape criminal charges related to a 2018 cyberattack against a local medical center.

Security 162

Security 162

Data Breach Today

MARCH 12, 2021

AMCA, Which Had Filed for Bankruptcy, Agrees to Bolster Its Security A coalition of 41 state attorneys general has reached a settlement with American Medical Collection Agency in the wake of a 2018 data breach that compromised the data of 21 million individuals and pushed the company to file for bankruptcy.

Data breaches 264

Data breaches Security IT 264

Krebs on Security

DECEMBER 29, 2018

Speaking of generous contributions, more than 100 readers have expressed their support in 2018 via PayPal donations to this site. For more secure and discreet communications, please consider reaching out via Keybase , Wicker (krebswickr), or Signal (by request). A Chief Security Concern for Executive Teams. Happy New Year!

Phishing 252

Phishing Data breaches Communications Security 252

Data Breach Today

MAY 26, 2020

Researchers Tracking More Than 100 Campaigns Since Start of 2020 Two years after it was last seen in February 2018, ZLoader banking malware has resurfaced, with cybercriminals wielding a new version that gets distributed via email campaigns, security firm Proofpoint warns.

Security 252

Security IT 252

Krebs on Security

SEPTEMBER 14, 2020

In February 2020, Secure Swiss Data was purchased in an “undisclosed multimillion buyout” by SafeSwiss Secure Communication AG. SafeSwiss co-CEO and Secure Swiss Data founder David Bruno said he couldn’t imagine that Mr. Bernard would be involved in anything improper. ” DUE DILIGENCE.

Communications 344

Communications Encryption Security Risk 344

Krebs on Security

APRIL 10, 2020

The IRS says the Economic Impact Payment will be $1,200 for individual or head of household filers, and $2,400 for married filing jointly if they are not a dependent of another taxpayer and have a work eligible Social Security number with adjusted gross income up to: $75,000 for individuals. 112,500 for head of household filers and.

Computer and Electronics 355

Computer and Electronics IT Government Access 355

Krebs on Security

MAY 24, 2019

The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser. billion in 2018. In August 2018, financial industry giant Fiserv Inc.

Insurance 279

Insurance Authentication Mining Sales 279

Data Breach Today

OCTOBER 14, 2022

million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.

Retail 248

Retail Passwords Data breaches Personal data 248

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. But others correspond to companies that do not appear to have disclosed a security incident.

Sales 355

Sales Marketing e-Discovery Passwords 355

The Last Watchdog

FEBRUARY 8, 2022

While each of them has its distinguishing features, Apple’s privacy and security are what makes it the typical enterprise’s pick. All this happens while promising cloud backup, prioritized support, and secure data storage. Related: Co ok vs. Zuckerberg on privacy. Apple eyes SMBs.

MDM 245

MDM Security Marketing Privacy 245

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. .”

Passwords 359

Passwords Authentication Access Paper 359

Krebs on Security

OCTOBER 9, 2020

Cyber Command , a branch of the Department of Defense headed by the director of the National Security Agency (NSA). ” Alex Holden , chief information security officer and president of Milwaukee-based Hold Security , has been monitoring Trickbot activity before and after the 10-day operation. The Post said U.S.

Ransomware 343

Ransomware Military Passwords Access 343

Krebs on Security

APRIL 15, 2019

The security experts said Wipro’s customers traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network. “Wipro has a multilayer security system,” the company wrote. On Friday, Apr.

IT 271

IT Insurance Communications Phishing 271

Krebs on Security

DECEMBER 16, 2021

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Passwords 355

Passwords Blockchain Phishing Authentication 355

Krebs on Security

JULY 12, 2024

AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent. c) of the SEC Rule, due to potential risks to national security and/or public safety.

Data breaches 342

Data breaches Passwords Authentication Cloud 342

Krebs on Security

SEPTEMBER 22, 2023

LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords.

Passwords 302

Passwords Encryption Mining Security 302

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches 106

Data breaches GDPR Personal data Access 106

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. In November 2018, a GandCrab affiliate posted a screenshot on the Exploit[.]in The GandCrab identity on Exploit[.]in

Ransomware 265

Ransomware Passwords Marketing Manufacturing 265

The Last Watchdog

OCTOBER 28, 2021

However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves. In 2018, a 51% attack on Bitcoin Gold absconded with over $18M, and the attack was estimated to cost less than $200k to execute.

Blockchain 203

Blockchain Mining Security IT 203

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. With a commitment to maintaining the highest ethical standards, SRA offers a range of services including security testing, security program development, 24×7 monitoring and response.

Risk 130

Risk Security Cybersecurity Marketing 130