2002 and Security - Information Management Today

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server. VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications.

IT

IT Security Encryption Passwords

Congressional Movement on Cybersecurity in a Bill to Reauthorize the Homeland Security Act of 2002

Data Matters

MARCH 7, 2018

Senate’s Homeland Security and Governmental Affairs Committee approved a bill ( SB 2825 ) reauthorizing the Homeland Security Act of 2002 and including key cybersecurity provisions affecting the Department of Homeland Security (DHS). On March 7, 2018, the U.S. to incentivize more cybersecurity training activities.

Cybersecurity

Cybersecurity Security Risk Privacy

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

The Last Watchdog

MAY 3, 2024

Screenshot In a huge development, Microsoft announced today that it is revising its security practices, organizational structure, and, most importantly, its executive compensation in an attempt to shore up major security issues with its flagship product, not to mention quell rising pressure from regulators and customers.

Security

Security Cloud Privacy Information Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

RSAC Fireside Chat: AT&T, WillJam Ventures partner to launch new MSSP — LevelBlue

The Last Watchdog

MAY 7, 2024

Related: The transformative power of GenAI/LLM This week at RSA Conference 2024 , AT&T announced the launch of LevelBlue – a top-tier managed security services business formed by an alliance with AT&T and WillJam Ventures. SAN FRANCISCO – The already simmering MSSP global market just got hotter. I’ll keep watch and keep reporting.

Compliance

Compliance Cybersecurity Risk Marketing

New Attack on VPNs

Schneier on Security

MAY 7, 2024

They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then. […] The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network.

Encryption

Encryption IT

Women in Security: Assessing the Progress

Data Breach Today

MAY 30, 2018

Cybersecurity challenges and solutions have evolved greatly since 2002. And so has the Executive Women's Forum, which was founded that year to advance female leaders in the profession. Founder Joyce Brocaglia reflects on the forum's accomplishments and challenges.

Security

Security Cybersecurity

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

The Last Watchdog

MAY 13, 2021

In this heady environment, the idea of attempting to infuse a dollop of security into new software products — from inception — seems almost quaint. History of product security. As a nod to security, nominal static analysis and maybe a bit of penetration testing gets done just prior to meeting a tight deployment deadline.

Security

Security Digital transformation Cybersecurity Compliance

NIST proposes Secure Software Development Framework

DXC Technology

JULY 16, 2019

Ever since Bill Gates fired off his famous Trustworthy Computing memo in January 2002, developing secure software has been a hot topic of discussion. It was important before then, for sure, but it was often overlooked. It took a series of high-profile worms such as Code Red and Nimda and a series of breaches to […].

Security

Security IT

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

MAY 8, 2024

Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. ” reads the report from Leviathan Security. The researchers speculate that the vulnerability existed in DHCP since 2002, when option 121 was implemented.

Encryption

Encryption Authentication Marketing Security

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 4, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Pierluigi Paganini.

Cybersecurity

Cybersecurity Authentication Risk Security

International Criminal Court hit with a cyber attack

Security Affairs

SEPTEMBER 20, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. Immediate measures were adopted to respond to this cyber security incident and to mitigate its impact. Additional response and security measures are now ongoing, with the assistance of the Host Country authorities.

Cybersecurity

Cybersecurity Cloud Security IT

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The Last Watchdog

FEBRUARY 24, 2020

Related: The role of PKI is securing digital transformation That was in 2002. I recently had a chance to have a rich discussion about the state of cybersecurity with Stiennon, the occasion being him sending me a copy of his new book: Security Yearbook 2020: A History and Directory of the IT Security Industry.

Cybersecurity

Cybersecurity Artificial Intelligence Security Digital transformation

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The group’s operators use several techniques to breach the targets’ networks, such as exploiting SonicWall flaws (e.g.,

Ransomware

Ransomware Archiving Encryption Cybersecurity

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs

OCTOBER 22, 2023

It was established by the Rome Statute, which entered into force on July 1, 2002. The Dutch law enforcement authorities are still investigating the security breach. “The Court is also accelerating a number of existing initiatives aimed at enhancing digital security.” ” concludes the press release.

Cybersecurity

Cybersecurity Security IT Information Security

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

National Security Agency (NSA) warned on Dec. ” VMware released a software update to plug the security hole ( CVE-2020-4006 ) on Dec. ” VMware released a software update to plug the security hole ( CVE-2020-4006 ) on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.

Authentication

Authentication Access Security Government

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

eSecurity Planet

DECEMBER 14, 2022

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Also read: Cybersecurity Agencies Release Guidance for PowerShell Security. Prioritizing Fixes.

Risk

Risk Authentication Ransomware Cybersecurity

SEC Fines Alternative Data Provider for Securities Fraud

Data Matters

SEPTEMBER 30, 2021

Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., This type of nonfinancial data, when used in connection with securities trades, is often referred to as “alternative data.”. 6 There, a broker stole proceeds of sales of securities in his client’s account. Similarly, in SEC v.

Security

Security Sales Compliance Analytics

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The post HelloKitty ransomware gang also targets victims with DDoS attacks appeared first on Security Affairs. ” continues the alert. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Security IT

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Hunton Privacy

JULY 5, 2022

The Cybersecurity Act amends certain provisions of the Homeland Security Act of 2002. Department of Homeland Security (“DHS”) and state, local, tribal and territorial governments, as well as corporations, associations and the general public.

Cybersecurity

Cybersecurity Government Education Communications

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

Security Affairs

SEPTEMBER 30, 2018

Estonian sues Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017. Estonian authorities sue the security firm Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

Manufacturing

Manufacturing Government Security Risk

SOX 404 Compliance: A Guide and Business Checklist

Docuware

NOVEMBER 9, 2023

Resources The Sarbanes-Oxley Act (SOX) of 2002 was passed to prevent accounting fraud and help shore up investor confidence in securities markets. Why document management provides a foundation for meeting SOX 404 requirements 4. Compliance checklist for SOX 404 5.

Compliance

Compliance Marketing Risk Security

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

The post Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting appeared first on The Security Ledger with Paul F. Programs like iDefense Labs Vulnerability Contributor Program (VCP) (launched in 2002) and TippingPoint’s Zero Day Initiative (2005) were accused -at the time- of incentivizing the work of criminals and bad actors. .

IoT

IoT Manufacturing Ransomware Marketing

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

Security Affairs

DECEMBER 15, 2021

CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. The post FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, HelloKitty ransomware).

Ransomware

Ransomware Data breaches Encryption IT

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

LiveAuctioneers is one of the world’s largest art, antiques & collectibles online marketplace that was founded in 2002. The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. million LiveAuctioneers users. The post 3.4

Sales

Sales Data breaches Passwords Encryption

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

Authentication

Authentication Passwords Retail Access

Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study

Hunton Privacy

JULY 16, 2019

Department of Justice and the Securities and Exchange Commission; The Sarbanes-Oxley Act of 2002 and Chapter Eight of the U.S. Specifically, the White Paper examines the elements of accountability as they relate to: The Foreign Corrupt Practices Act and the accompanying 2012 resource guide produced by the U.S.

Data Privacy

Data Privacy Privacy Paper Compliance

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Hunton Privacy

NOVEMBER 1, 2018

In 2002, Congress enacted the Supporting Anti-Terrorism by Fostering Effective Technologies Act (“the SAFETY Act”) to limit the liabilities that energy, financial, manufacturing and other critical infrastructure companies face in the event of a serious cyber or physical security attack.

Energy and Utilities

Energy and Utilities Cybersecurity Risk Manufacturing

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

The name “Silent Night” Zbot is likely a reference to a weapon mentioned in the 2002 movie xXx, it was first spotted in November 2019 when a seller named “Axe” started offering it on the Russian underground forum forum.exploit[.]in. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Sales

Sales Data collection Passwords IT

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

Hunton Privacy

FEBRUARY 27, 2020

These revisions follow from meeting discussions of the Working Party on Telecommunications and Information Society (the “WP Tele”), the Permanent Representatives Committee, and the Transport, Telecommunications and Energy Council.

Metadata

Metadata Personal data Communications GDPR

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

Data Protection Report

FEBRUARY 23, 2024

They include (i) an Executive Order, (ii) a Notice of Proposed Rulemaking on Cybersecurity in the MTS issued by the Coast Guard, and (iii) a Maritime Security Directive on cyber risk management. facilities subject to the Maritime Transportation Security Act of 2002 regulations. Coast Guard. Coast Guard.

Cybersecurity

Cybersecurity Risk Manufacturing Security

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million. The post US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns appeared first on Security Affairs.

Authentication

Authentication Passwords Retail Education

Microsoft announces the launch of a bug bounty program for Xbox

Security Affairs

FEBRUARY 2, 2020

“The Xbox Bounty Program invites gamers, security researchers, and others around the world to help identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team. The post Microsoft announces the launch of a bug bounty program for Xbox appeared first on Security Affairs.

Security

Security Information Security

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

Security Affairs

JULY 22, 2020

This vulnerability affects the following supported versions of Citrix Workspace app for Windows: Citrix Workspace app for Windows 1912 LTSR Citrix Workspace app for Windows 2002. The post Citrix Workspace flaw can allow remote hack of devices running vulnerable app appeared first on Security Affairs. to address the vulnerability.

Honeypots

Honeypots IT Access Security

EU Council Agrees on Proposed ePrivacy Regulation

Data Matters

MARCH 10, 2021

The ePrivacy Regulation is meant to replace the existing ePrivacy Directive 2002/58 (ePrivacy Directive), which dates to 2002 and was meant to address the requirements of new digital technologies and facilitate the advance of electronic communication services.

GDPR

GDPR Metadata Communications Privacy

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

I often see a sizable gap between perceptions and reality among many SMB leaders,” Troy Gill a senior security analyst at AppRiver told me. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill. They don’t know what they don’t know, and this lack of preparedness often aids and abets cybercriminals.”

Risk

Risk Cybersecurity Passwords Ransomware

Guest Post - How important is digital document consistency?

AIIM

OCTOBER 30, 2017

Prior to working with Y Soft, Mr. Koelewijn founded X-Solutions in late 2002 which was later acquired by Nuance in 2009. Prior to X-Solutions, Wouter was the CTO and co-founder of a Xerox concessionaire in the Netherlands from 1994-2002. Mr. Koelewijn is married and has two children. He enjoys skiing, swimming and sailing.

e-Delivery

e-Delivery File names Compliance ECM

The Updates Must Go Through

Adam Shostack

APRIL 14, 2021

Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. For example, see our Timing the Application of Security Patches for Optimal Uptime , Usenix Lisa 2002). The two stories are intimately related to people not wanting to roll patches.

Government

Government Security IT

The history of ESG: A journey towards sustainable investing

IBM Big Data Hub

FEBRUARY 8, 2024

This helped normalize the practice of ESG reporting and by 2002, 245 companies had responded to the 35 investors who asked for climate disclosures. In North America, the Securities and Exchange Commission (SEC) is considering mandatory ESG reporting for public companies, as is the case in Canada, Brazil, India , Australia and Japan.

Government

Government IT Risk Security

New EU Breach Regulation in Force

Hunton Privacy

AUGUST 23, 2013

The Regulation on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC (the “Regulation”) specifies the technical measures of how Internet service providers, telecommunications providers and other public electronic communications service (“ECS”) providers must notify of data breaches.

Data breaches

Data breaches Personal data Communications Privacy

HHS updates online tracker guidance

Data Protection Report

MARCH 21, 2024

Our readers may recall that HHS had originally issued the Bulletin in December of 2002, which we summarized here. HHS also added a paragraph on its enforcement priorities, including the following: OCR is prioritizing compliance with the HIPAA Security Rule in investigations into the use of online tracking technologies.

Analytics

Analytics Privacy Compliance Marketing

Sarbanes-Oxley Act and Record Retention Best Practices

Armstrong Archives

JULY 20, 2020

The Sarbanes-Oxley Act (SOX) is a law passed in 2002 that sets forth standards for the recording and reporting of financial activities. This massively reduces the physical space needed to store them, and it also facilitates security and retrieval. A key part of that law involves record retention. Digitizing Documents.

Archiving

Archiving Compliance Records Management Sales

California Bulks Up Security Breach Notification Requirements

Hunton Privacy

SEPTEMBER 2, 2011

On August 31, 2011, California Governor Jerry Brown signed into law amendments to that state’s security breach notification statute. Senate Bill 24 was the third effort by State Senator Joe Simitian to build on the landmark California breach notification law he authored in 2002.

Security

Security Consumer Services Compliance Privacy

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

The Last Watchdog

JUNE 7, 2023

Back in 2002, when I was a reporter at USA Today , I had to reach for a keychain fob to retrieve a single-use passcode to connect remotely to the paper’s publishing system. Fast forward to today; much of the MFA concept is being reimagined by startup Circle Security to protect data circulating in cloud collaboration scenarios.

Cloud

Cloud Security Authentication Encryption

Jeff Moss on the Evolution of Hacking at SecTor 2021

ForAllSecure

NOVEMBER 3, 2021

In the dot.com era, 1994-2002, this was the time of the commercial internet, the rise of search engines, and internet browsers. Moss noted that security people he'd known for years were started getting salaried jobs … and started using their legal names. He said security work is that like that. It will have social impact.

Risk

Risk Access Government Information Security

Why Your VPN May Not Be As Secure As It Claims

Congressional Movement on Cybersecurity in a Bill to Reauthorize the Homeland Security Act of 2002

Webinars

Trending Sources

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

Webinars

RSAC Fireside Chat: AT&T, WillJam Ventures partner to launch new MSSP — LevelBlue

New Attack on VPNs

Women in Security: Assessing the Progress

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

NIST proposes Secure Software Development Framework

New TunnelVision technique can bypass the VPN encapsulation

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

International Criminal Court hit with a cyber attack

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

The attack on the International Criminal Court was targeted and sophisticated

VMware Flaw a Vector in SolarWinds Breach?

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

SEC Fines Alternative Data Provider for Securities Fraud

HelloKitty ransomware gang also targets victims with DDoS attacks

President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

SOX 404 Compliance: A Guide and Business Checklist

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine

3.4 Million user records from LiveAuctioneers hack available for sale

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Organizational Accountability in U.S. Law and Its Relevance to a Federal Data Privacy Law: A CIPL Study

Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

Silent Night Zeus botnet available for sale in underground forums

EU Council Presidency Releases Proposed Amendments to Draft ePrivacy Regulation

Biden administration issues Executive Order and takes action to enhance maritime cybersecurity

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Microsoft announces the launch of a bug bounty program for Xbox

Citrix Workspace flaw can allow remote hack of devices running vulnerable app

EU Council Agrees on Proposed ePrivacy Regulation

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

Guest Post - How important is digital document consistency?

The Updates Must Go Through

The history of ESG: A journey towards sustainable investing

New EU Breach Regulation in Force

HHS updates online tracker guidance

Sarbanes-Oxley Act and Record Retention Best Practices

California Bulks Up Security Breach Notification Requirements

RSAC Fireside Chat: A breakthrough in securing cloud collaboration — decentralized key storage

Jeff Moss on the Evolution of Hacking at SecTor 2021

Stay Connected