Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

Passwords 360

Passwords Access Insurance Government 360

Data Breach Today

APRIL 4, 2021

Facebook Says Data Comes from Previously Reported 2019 Incident A security researcher found more than 500 million Facebook records made available for free on the darknet, exposing basic user information including any phone numbers associated with accounts. Facebook says this is “old data” previously reported.

Security 362

Security 362

Data Breach Today

MARCH 10, 2020

Ransomware Debuted in Late 2019; Gang's Ransom Demands Have Hit $660,000 in Bitcoins Security firm Emsisoft is offering free, customized decryptors to victims of PwndLocker ransomware, which first surfaced in late 2019 and has been tied to attacks against Lasalle County in Illinois and the Serbian city of Novi Sad, with the gang demanding up to $660,000 (..)

Ransomware 321

Ransomware Security IT 321

Data Breach Today

MARCH 29, 2024

Probe Finds 'Largest and Most Hazardous Nuclear Site' Violated Security Laws Britain's nuclear power watchdog said it plans to prosecute the country's "largest and most hazardous nuclear site," Sellafield, for violating nuclear industry cybersecurity regulations from 2019 to 2023.

Cleanup 320

Cleanup Cybersecurity Security IT 320

Krebs on Security

JANUARY 31, 2020

11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan.

Security 330

Security Education Access IT 330

The Last Watchdog

APRIL 16, 2020

organizations between January 2013 and July 2019. NotPetya wrought $10 billion in damages , according to Tom Bossert a senior Department of Homeland Security official at the time. In 2018 and 2019, ransomware-triggered business disruptions came not in global-spanning worms, ala WannaCry and NotPetya, but in unrelenting one-off attacks.

Ransomware 276

Ransomware Security Authentication Access 276

Krebs on Security

NOVEMBER 26, 2019

The other three restaurants are all part of the same parent company and disclosed breaches in August 2019. Focus Brands (which owns Moe’s, McAlister’s, and Schlotzsky’s) was breached between April and July 2019, and publicly disclosed this on August 23. Krystal announced a card breach last month. percent worldwide.

Sales 347

Sales Marketing Retail Security 347

The Last Watchdog

NOVEMBER 8, 2021

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. Healthcare data security and privacy is a problem that continues to grow. The largest privacy incident was reported in 2019 at American Medical Collection Agency (AMCA), a third-party billing and collections company.

Privacy 268

Privacy Access Security IoT 268

Data Breach Today

JUNE 3, 2021

Security experts say the operation, which dates from 2019, appears to be run from Russia, and has been hitting increasingly large targets.

Ransomware 331

Ransomware Security 331

Data Breach Today

JUNE 30, 2021

Paige Thompson Now Faces Up to 20 Years in Federal Prison, Documents Show The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, which compromised the personal data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers.

Personal data 331

Personal data Security 331

Krebs on Security

JANUARY 13, 2021

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Some of the more memorable computer worms of the last decade spread automatically by exploiting RPC vulnerabilities.

Marketing 290

Marketing Security IT Access 290

Data Breach Today

JANUARY 27, 2021

million in 2019, according to NetScout's Atlas Security Engineering and Response Team. Researchers Say Pandemic Triggered Surge in Activity The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5

Security 306

Security 306

Krebs on Security

DECEMBER 8, 2020

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019.

Security 312

Security Risk IT 312

Data Breach Today

JULY 7, 2020

Researchers: Cosmic Lynx Group Has Hit Businesses in Over 40 Countries A newly uncovered Russia-based business email compromise gang has been targeting hundreds of large, multinational corporations in over 40 countries since 2019, according to the security firm Agari.

Security 295

Security 295

Data Breach Today

JUNE 30, 2021

Report: Pen Testing Tool a Favorite Among Lower-Level Threat Groups The legitimate security penetration testing tool Cobalt Strike is increasingly being used by threat groups, especially those that are less technically proficient, according to a Proofpoint report.

Security 286

Security 286

Krebs on Security

SEPTEMBER 8, 2020

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. Among the chief concerns for enterprises this month is CVE-2020-16875 , which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019.

Authentication 285

Authentication Security Ransomware IT 285

Krebs on Security

JANUARY 28, 2020

In late December 2019, fuel and convenience store chain Wawa Inc. The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019. Representatives from MasterCard did not respond to requests for comment.

Sales 341

Sales Retail Security Encryption 341

Data Breach Today

MAY 13, 2020

Top 10 Vulnerabilities Exploited by Sophisticated Foreign Hackers Detailed by CISA From 2016 to 2019, sophisticated nation-state attackers preferred to target 10 vulnerabilities more than all others, the U.S. Cybersecurity and Infrastructure Security Agency and FBI warn in a new alert.

Cybersecurity 290

Cybersecurity Security 290

Data Breach Today

APRIL 8, 2021

Kaspersky: Cring Group Targeting European Organizations The gang behind ransomware dubbed "Cring," which has waged a series of attacks this year, is exploiting a Fortinet VPN server vulnerability that the company patched in 2019, according to a report from the security firm Kaspersky that analyzes one attack in Europe.

Ransomware 282

Ransomware Security 282

Data Breach Today

JANUARY 12, 2021

Software Vendor's Infrastructure Penetrated by September 2019 Investigators probing the supply-chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network-monitoring security software builds.

Security 282

Security 282

The Last Watchdog

AUGUST 30, 2021

One of the most commonly repeated phrases in the security industry is, “Security teams hate their SIEM!”. Security Information and Event Management (SIEM) is not what it was 20 years ago. Here are five misconceptions, or myths, related to the SIEM, now security analytics platforms: • SIEMs are only good for compliance.

Analytics 230

Analytics Security Marketing Compliance 230

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. In August 2019, the company said a third-party investigation into the exposure identified just 32 consumers whose non-public personal information likely was accessed without authorization.

Insurance 327

Insurance Financial Services Mining Access 327

The Last Watchdog

APRIL 20, 2023

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.

Security 201

Security IT 201

Krebs on Security

AUGUST 10, 2021

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. Microsoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.

Risk 335

Risk Ransomware Security IT 335

Data Breach Today

MARCH 17, 2022

22 Million Accounts Breached Owing to Multiple Security Failures, Regulator Says The current and former owners of CafePress, a site for selling customizable merchandise, have agreed to a draft Federal Trade Commission settlement tied to multiple security shortcomings that failed to prevent or detect a 2019 data breach that exposed 22 million users' (..)

Data breaches 260

Data breaches Security 260

Krebs on Security

OCTOBER 15, 2020

Today, the company shared a statement saying it was aware of a possible payment card security incident at some of its eateries: “We received a report indicating that a payment card security incident may have occurred. Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020.

Sales 362

Sales Data breaches Retail Ransomware 362

Krebs on Security

FEBRUARY 11, 2020

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Another flaw fixed this month in Microsoft Exchange 2010 through 2019 may merit special attention.

Security 58

Security IT 58

Krebs on Security

MAY 18, 2020

But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. biz , which frequently blogs about security weaknesses in popular malware tools. is cybercrime forum.

Ransomware 322

Ransomware Marketing Security IT 322

Data Breach Today

JULY 4, 2020

billion on IT, networking and security technology in 2019. IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3

Cybersecurity 260

Cybersecurity Security IT 260

Data Breach Today

JUNE 28, 2021

Manufacturer Stopped Supporting Targeted Network-Attached Storage Devices in 2015 Owners of Western Digital My Book Live devices have seen their data remotely wiped by attackers targeting a flaw first detailed in 2019.

Manufacturing 264

Manufacturing Security 264

Data Breach Today

JUNE 30, 2022

The latest edition of the ISMG Security Report describes why firewalls and VPNs don't belong in Zero Trust design. It also discusses cybercriminals' evolving ransomware tactics and the devastating price of responding to a ransomware attack, as experienced by Travelex in 2019.

Ransomware 246

Ransomware Security IT 246

Krebs on Security

APRIL 10, 2020

The IRS says the Economic Impact Payment will be $1,200 for individual or head of household filers, and $2,400 for married filing jointly if they are not a dependent of another taxpayer and have a work eligible Social Security number with adjusted gross income up to: $75,000 for individuals. 112,500 for head of household filers and.

Computer and Electronics 355

Computer and Electronics IT Government Access 355

Data Breach Today

JUNE 20, 2022

Ransomware struck global currency exchange and remittance company Travelex on New Year's Eve 2019. Don Gibson was a security architect at Travelex. His name became publicly linked with the Travelex incident, and the attention was completely undesired. It contributed to a health situation that nearly led to a tragic outcome.

Ransomware 243

Ransomware Security IT 243

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. This week, the U.S.

Insurance 320

Insurance Risk Financial Services Mining 320

Krebs on Security

AUGUST 16, 2020

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem. One of the 120 security holes Microsoft fixed on Aug. Image: Securityinbits.com.

Security 358

Security IT 358

Krebs on Security

SEPTEMBER 8, 2021

According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. On June’s Patch Tuesday, Microsoft addressed six zero-day security holes. Microsoft Corp.

Security 355

Security IT 355

Krebs on Security

AUGUST 14, 2020

billion in 2019. The company has access to a wealth of personal, financial and medical information on tens of millions of patients, including names, dates of birth, Social Security numbers, billing information and medical diagnostic data. R1 RCM Inc. Formerly known as Accretive Health Inc.

Ransomware 363

Ransomware Insurance Phishing IT 363