Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Threatpost

A bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack. Vulnerabilities Web Security authentication bypass BladeCenter ENOS Enterprise Networking Operating System Lenovo OS Vulnerability RackSwitch

States Need Way More Money to Fix Crumbling Voting Machines

WIRED Threat Level

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers. Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Old-School Bagle Worm Spotted in Modern Spam Campaigns

Threatpost

date back to 2004. Bagle.A and Bagle.B Malware Bagle beagle Comodo Malware analysis Spam campaigns

61

Last Watchdog podcast: Unwrapping ‘resilience’ guidance discussed at RSA Conference 2021

The Last Watchdog

I’ve been covering this cybersecurity gathering since 2004 and each year cybersecurity materially advances. Resilience was the theme of RSA Conference 2021 which took place virtually last week. Related: Web attacks spike 62 percent in 2020. By the same token, the difficulties of defending modern IT systems has redoubled as organizations try to balance security and productivity. The outside pressures are indeed as daunting as ever.

Maps and Visualization

Adam Shostack

I posted this image in 2004. It’s even more relevant now. While we have a country that is clearly divided, the dividing lines are not so neat as the maps showing states going one way or the other. politics visualization voting

IT 52

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Security Affairs

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. The wormable CVE-2021-31166 vulnerability in the HTTP Protocol Stack of the Windows IIS server also affects WinRM on Windows 10 and Server systems.

Risk 111

???????????DXC?????FeliCa?????????“?????”????????

DXC

2004??????FeliCa?????????????????NTT????JR???????????????????????????ICAS?????????????2005????????10???NIST???????????????????????????????????????????????????ICAS??????????????????????????????????????????????????????ICAS?????????????????????????????????????????FeliCa??????????????????????

This is the old ChiefTech blog.: The Search for Application Perfection

ChiefTech

Sunday, 16 December 2007 The Search for Application Perfection Back in 2004 I co-authored an article that asked, does the perfect intranet exist ? This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009. Disclaimer: Information on this blog is of a general nature and represents my own independent opinion. Please seek advice for specific circumstances.

Paper 40

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files.

One year into the Hightail and OpenText collaboration

OpenText Information Management

Founded in 2004 as YouSendIt, Hightail was originally designed to help individuals and businesses easily and securely transfer large files from one person to another. The solution pioneered a new file sharing industry, set to displace the frustrations faced with attempting to email large documents, uploading to a clunky FTP site, or passing off thumb … The post One year into the Hightail and OpenText collaboration appeared first on OpenText Blogs.

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom , also with Automox. Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software.

IT 236

Expert released PoC exploit code for Windows CVE-2021-31166 bug

Security Affairs

The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2. A security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166.

IT 98

Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

The Last Watchdog

The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread). It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised. Related: VPNs vs ZTNA. Now comes hard metrics quantifying the scope of this phenomenon.

B2C 156

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

In this paid ad from 2004, Severa lists prices to rent his spam botnet. Peter Levashov, appearing via Zoom at his sentencing hearing today.

Investigative Satirist Paul Krassner Interviewed by Steve Post

Archives Blogs

In 2004 WNYC host Steve Post spoke with Krassner, whom he described as “a kind of counter-cultural renaissance man.” This program was first broadcast on June 5, 2004 as a No Show special. . Satirist Paul Krassner passed away this past Sunday. ” Writer, publisher editor, activist, psychedelic explorer, and concert violinist, Krassner considered himself an investigative satirist.

GUEST ESSAY: What everyone can — and should — do to mark Cybersecurity Awareness Month

The Last Watchdog

NCSAM launched in 2004, at a time where technology was nowhere near where it is today. With new technological advancements comes a need for heightened security measures. Plenty of criminals are searching for vulnerabilities in networks, so it shouldn’t come as a surprise that cybersecurity issues have become more prevalent. Related: President Biden issues cybersecurity executive order.

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

The PCLOB Needs a Director

Schneier on Security

The PCLOB was established in 2004 (when it didn't do much), disappeared from 2007-2012, and reconstituted in 2012. The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA anti-terrorism surveillance, and FBI counterterrorism activities.

CISA adds 95 flaws to the Known Exploited Vulnerabilities Catalog

Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 95 vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

11 out of 16 targets cracked with 23 successful demos: Chrome, Safari, FireFox Adobe PDF Reader Docker-CE, VMware EXSi, Qemu, CentOS 8 iPhone 11 Pro+iOS 14, GalaxyS20 Windows 10 2004 TP-Link, ASUS Router — TianfuCup (@TianfuCup) November 8, 2020.

Cybersecurity Training and Tech Aren’t Enough; ‘Culture Change’ Needed

eSecurity Planet

In 2004, the global cybersecurity market was worth just $3.5

SHARED INTEL: A foolproof consumer’s guide to creating and managing bulletproof passwords

The Last Watchdog

I’ve had a password manager in place since 2004. It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. However, this isn’t a good idea. In fact, it’s terrible. Related: Kaseya hack exacerbates supply chain exposures. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts.

FireEye, Mandiant to Split in $1.2 Billion Deal

eSecurity Planet

Mandia will become CEO of Mandiant, the company he founded in 2004 and sold to FireEye in late 2013. FireEye is selling its core cybersecurity products to a group led by private equity firm Symphony Technology Group (STG) in order to focus on its Mandiant threat response and services group.

Sales 60

Here’s a Story Where Picking the Right Font Was Never More Important: eDiscovery Trends

eDiscovery Daily

Here’s the problem: the farm declaration, dated 2004, was written in Calibri, while the cottage declaration, dated 1995, was written in Cambria. Per Ars Technica , Cambria was designed no earlier than 2004, while Calibri was designed between 2002 and 2004; both only became widely available in 2007. This is a story that a word geek like me can really appreciate.

Sophos Sandboxie is now available as an open-source tool

Security Affairs

” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. Sophos announced the public release of the source code of the sandbox-based isolation program Sandboxie.

Kaspersky

InfoGovNuggets

Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide. “Russian Firm Was Long Seen as Threat,” The Wall Street Journal , November 18, 2017 A2. Who dropped the ball? Did the Russians have an inside track? IT Security Information Value Governance Communications Duty of Care Controls Oversight Access Duty Government Supervision

If data is the new oil, ISO 20022 is the new gasoline

IBM Big Data Hub

ISO 20022 was first introduced in 2004 to provide more standardization and deliver richer information for Financial Services transactions. The phrase ‘data is the new oil’ has been widely used in the last number of years, but in an unrefined state, it has limited use.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

And in 2004, it emerged that identity thieves masquerading as customers of data broker Choicepoint had stolen the personal and financial records of more than 145,000 Americans.

Google to Acquire Mandiant; EDR Acquisition Next?

eSecurity Planet

“Since our founding in 2004, Mandiant’s mission has been to combat cyber attacks and protect our customers from the latest threats. Google today announced that it has agreed to acquire Mandiant for roughly $5.4 billion to bolster its cloud security.

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

Both vulnerabilities were addressed by Microsoft in August, the August 2020 Patch Tuesday security updates fixed the flaws in Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004.

Eli Manning and the power of AI in ESPN fantasy football

IBM Big Data Hub

When Eli Manning joined the New York Giants back in 2004 as the number one pick in the draft, many Giants fans thought he would be the second coming of Joe Namath: a big star in the big city. Eli Manning was the obvious choice.

International data transfers: an opinion the EDPB (probably) won’t publish

Data Protector

One of the consequences of the Scherms II decision is that EU organisations need to take greater care in determining how best to protect the flows of personal data outside the EU.

Who is Tech Investor John Bernard?

Krebs on Security

Two years before that, Davies was released from prison after being held in custody for 16 months on suspicion of murdering his new bride in 2004 on their honeymoon in India. John Bernard , the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups , appears to be a pseudonym for John Clifton Davies , a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015.

Facebook: is it time we all deleted our accounts?

The Guardian Data Protection

Back in 2004, when a 19-year-old Zuckerberg had just started building Facebook, he sent his Harvard friends a series of instant messages in which he marvelled at the fact that 4,000 people had volunteered their personal information to his nascent social network. The Cambridge Analytica revelations may be the final nudge we need to turn away from the social network.

IT 88

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

“The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

GDPR 108

Steven Sauer to Lead Toshiba Business Solutions

Info Source

to Toshiba in 2004, Sauer became president of TBS New York. . Toshiba Executive & Industry Veteran Becomes. President of the Company’s Direct Sales Operation . . LAKE FOREST, Calif.,

Sales 52

What is ArchiMate?

erwin

Originally based on IEEE 1471 , ArchiMate was developed in the Netherlands as a joint venture between private industry and the Dutch Government between 2002 and 2004.

Different Years, Always New: The New Year in Photos

Unwritten Record

However, consider how different the New Year celebrations looked in 2004, 1952, 1943, and even 1869. 31, 2004. As we move into 2022, celebrations of the New Year take shape in many different forms.

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

The Great $50M African IP Address Heist

Krebs on Security

That individual — Ernest Byaruhanga — was only the second person hired at AFRINIC back in 2004.