2011 - Information Management Today

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The post XDSpy APT remained undetected since at least 2011 appeared first on Security Affairs.

Military

Military Phishing Passwords Government

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Security Affairs

APRIL 30, 2019

Bloomberg obtained Vodafone’s security briefing documents from 2009 and 2011 and spoke with people involved in the situation. Bloomberg revealed that once discovered the backdoors in home routers in 2011, Vodafone asked Huawei to address them. But it was 2011. ” reported the AFP. ” continues bloomberg.

IT

IT Access Government Security

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Pierluigi Paganini.

Authentication

Authentication Passwords Libraries Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Planning Your Online Lives in 2011

Collaboration 2.0

DECEMBER 16, 2010

Whether you are job hunting or working, the challenges of personal control of your online personalityÂ at work, societally and sociallyÂ have never been more complex.

Security

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Cybersecurity

Cybersecurity Government IT Security

County 911 Service Notifying 180,000 About Breach in July

Data Breach Today

OCTOBER 9, 2024

Compromised Patient Info Dates Back to 2011 at Muskogee City County 911 Service An Oklahoma county provider of medical, fire, police and other 911 emergency services is notifying 180,000 individuals that their health information may have been compromised in a recent ransomware attack.

Ransomware

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

Data Breach Today

JULY 12, 2023

Campaign Targets 22 Embassies; Unit 42 Ties It to Russian Foreign Intelligence Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series.

Phishing

Phishing Security IT

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

JULY 19, 2021

has indicted four Chinese nationals working with the nation's Ministry of State Security in connection with an alleged hacking campaign conducted from 2011 to 2018 that targeted universities and government entities to obtain trade secrets, medical research and other intellectual property.

Government

Government Security

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” The authorities reported that since 2011, 7 million Bitcoin had gone into the BTC-e exchange and 5.5 ” reads the press release published by DoJ.

IT

IT Information Security Security

ENISA published “Proactive detection – Measures and information sources” report

Security Affairs

MAY 31, 2020

This report identifies and analyzes how proactive detection in the EU is evolved between 2011 and 2019. Survey among incident response teams in Europe; Comparison with the 2011 survey. Among the goals of the project there is the exploration of new areas that could help to improve operational cooperation and information sharing.

Cybersecurity

Cybersecurity Security IT Information Security

SolarWinds Breach: 'The Scale, the Scope, the Subtlety'

Data Breach Today

DECEMBER 15, 2020

Cybereason's Sam Curry Shares Insights on the Attack and Response In 2011, Sam Curry headed the response team for RSA's then-landmark breach. Today, as CSO at Cybereason, he looks at the SolarWinds supply chain attack and sees similarities - but also is struck by "the scale, the scope, the subtlety" of the incident.

Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent

Data Breach Today

MAY 15, 2019

CPUs Shipped From 2011 Onward Have Flaws of the Meltdown and Spectre Variety Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments.

Cloud

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Gox in 2011 and money laundering. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. Bilyuchenko is also charged with conspiring with Alexander Vinnik to run the virtual currency exchange BTC-e from 2011 to 2017. Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt.

Access

Access Security IT Information Security

The Story of the 2011 RSA Hack

Schneier on Security

MAY 27, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Authentication

Authentication Cybersecurity

COVID-19 Response: How to Secure a 100% Remote Workforce

Data Breach Today

MARCH 20, 2020

Cybereason CSO Sam Curry on Business Continuity and Reducing Risk Cybereason CSO Sam Curry is no stranger to crisis - he was on the team that responded to the RSA breach in 2011. But the COVID-19 pandemic brings an unprecedented challenge: How do you manage business continuity and reduce risk with a 100 percent remote workforce?

Risk

Risk Security

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

This isn’t the first incident suffered by IMF, the agency suffered a major security breach in 2011. Bleeping computer contacted IMF, which confirmed that that despite it uses the Microsoft 365, the incident does not appear to be part of Microsoft targeting recently disclosed.

Cybersecurity

Cybersecurity Security IT Data breaches

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Communications

Communications Access Risk Education

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 9, 2022

Last week, Google rolled out emergency fixes to address a vulnerability, tracked as CVE-2022-3075 , in the Chrome web browser that is being actively exploited in the wild.

IT

IT Passwords Ransomware Cybersecurity

Happy birthday, Security Affairs celebrates its ninth Anniversary today

Security Affairs

NOVEMBER 17, 2020

I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. Happy BirthDay Security Affairs! Nine years together!

Security

Security IT Cybersecurity Risk

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years together! I’m very excited. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection.

Security

Security Cybersecurity IT Data breaches

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Security Affairs

OCTOBER 16, 2021

FinCEN analyzed a data set composed of 2,184 SARs filed between 1 January 2011 and 30 June 2021 and identified 177 CVC (convertible virtual currency) wallets addresses that were used in ransomware operations associated with the above ransomware variants.

Ransomware

Ransomware Security Information Security IT

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets.

Access

Access Security Cybersecurity IT

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

AWMproxy, the storefront for renting access to infected PCs, circa 2011. In 2011, researchers at Kaspersky Lab showed that virtually all of the hacked systems for rent at AWM Proxy had been compromised by TDSS (a.k.a An example of a cracked software download site distributing Glupteba. Image: Google.com.

Passwords

Passwords Analytics Manufacturing Access

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group. Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

Risk

Risk Archiving Access Privacy

US DoJ indicts four members of China-linked APT40 cyberespionage group

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. Ltd. (????)

Government

Government Cybersecurity Security Access

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

The vendor also fixed a high-severity vulnerability, tracked as CVE-2020-2011 , that could be exploited by a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition to all Panorama services by sending specially crafted registration requests.

Authentication

Authentication Access Communications Security

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

He joined the gang in August 2011 and worked for the organization for five-and-a-half years, DoJ states that he was among the most prolific and active members of the gang. The fraudulent activities conducted by the gang cost victims more than $568 million dollars. .

Sales

Sales Personal data Cybersecurity Security

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

It has already happened in the past that the popular antivirus software has identified Chrome as a malicious code, the website The Register reported a similar problem in 2011. Microsoft addressed the issue with the release of Version: 1.373.1537.0 on September 4, 2022. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Security IT Information Security

Command injection flaw in PHP Composer allowed supply-chain attacks

Security Affairs

APRIL 29, 2021

According to the researchers who discovered the issue, the flaw was introduced in November 2011. The vulnerability stems from improper sanitization of URLs for repositories in root composer.json files and package source download URLs that could be interpreted as options for system commands executed by Composer.

Metadata

Metadata Security Access IT

LiveJournal Blog Platform Credential Leak: What Happened?

Data Breach Today

MAY 28, 2020

Millions of Older Credentials Apparently Used in Credential-Stuffing Attacks The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.

Sales

Sales Passwords IT

New Zealand freezes assets of Russian cyber criminal Alexander Vinnik

Security Affairs

JUNE 22, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In September, Greek Police have arrested the Russian national Alexander Vinnik (38) and they accuse the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Security

Air India suffered a data breach, 4.5 million customers impacted

Security Affairs

MAY 22, 2021

26, 2011 and February. Air India has disclosed a data breach that impacted 4.5 million of its customers, exposed data includes the personal information of customers registered between August.

Data breaches

Data breaches Passwords Personal data Cybersecurity

PyMICROPSIA Windows malware includes checks for Linux and macOS

Security Affairs

DECEMBER 15, 2020

AridViper is an Arabic speaking APT group that is active in the Middle East since at least 2011. Experts spotted the PyMICROPSIA info stealer while investigating attacks of the AridViper group (also tracked as Desert Falcon and APT-C-23 ).

Communications

Communications Libraries IT Security

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Security Affairs

NOVEMBER 22, 2021

The US had sanctioned Mahan Air in 2011 for providing financial, material, or technological support to Iran’s Islamic Revolutionary Guard Corps. . #????? #??_??_??????_?????? #IranProtests #MahanAir pic.twitter.com/bBkfBKJ4uK — Hooshyarane Vatan (@Hooshyaran1) November 21, 2021.

IT

IT Security Cybersecurity Government

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. FinSpy can spy on most popular desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux.

Encryption

Encryption Communications IT Government

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

and above 2011 Workspace ONE UEM patch 20.11.0.40 .” Below is the list of impacted versions: I mpacted Versions Fixed Version 2109 Workspace ONE UEM patch 21.9.0.13 and above 2105 Workspace ONE UEM patch 21.5.0.37 and above 2102 Workspace ONE UEM patch 21.2.0.27 and above 2101 Workspace ONE UEM patch 21.1.0.27 and above.

Access

Access Authentication Cloud Security

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

The authorities reported that since 2011, 7 million Bitcoin went into the BTC-e exchange and 5.5 In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. million withdrawn.

Ransomware

Ransomware Security Information Security IT

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Security

Security Ransomware Insurance Information Security

Three Italian universities hacked by LulzSec_ITA collective

Security Affairs

FEBRUARY 13, 2020

We spent searching holes in Italian universities (and not only, we remember that dozens of universities were hacked in 2011), to try to show you that security in the academic environment must be taken seriously since the university is the den of the excellent minds of our future. Below the translation of message published by the group.

Data breaches

Data breaches GDPR Education Passwords

CEO to CEO: Breach Response Advice for Capital One

Data Breach Today

JULY 30, 2019

Art Coviello, former chair of RSA, which was breached in 2011, shares first-hand insight on steps the breached institution and its CEO should be taking now. The Capital One data breach is in early stages of remediation.

Data breaches

Data breaches IT

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 The countries where cryptocurrencies were most popular suffered major losses, including Japan, South Korea, the United States, the United Kingdom, and China. ” reads the report published by Invezz. .

Security

Security Marketing IT Information Security

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S. Russian state-sponsored APT actors’ campaign against Ukrainian critical infrastructure, 2015 and 2016. . Pierluigi Paganini.

Cybersecurity

Cybersecurity Risk Government Phishing

Irish Silk Road admin sentenced to 78 months in federal prison

Security Affairs

JULY 26, 2019

According to FBI, between February of 2011 and July 2013, Silk Road managed $1.2 Silk Road was seized by law enforcement in 2013 and his founder Ross William Ulbricht (aka Dread Pirate Roberts) was arrested, later it was sentenced to life in prison after being convicted on multiple counts related to the Silk Road activity.

Marketing

Marketing IT Security Information Security

XDSpy APT remained undetected since at least 2011

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Webinars

Trending Sources

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Webinars

Planning Your Online Lives in 2011

The Full Story of the Stunning RSA Hack Can Finally Be Told

County 911 Service Notifying 180,000 About Breach in July

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

ENISA published “Proactive detection – Measures and information sources” report

SolarWinds Breach: 'The Scale, the Scope, the Subtlety'

Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent

Russians charged with hacking Mt. Gox exchange and operating BTC-e

The Story of the 2011 RSA Hack

COVID-19 Response: How to Secure a 100% Remote Workforce

Email accounts of the International Monetary Fund compromised

Why is ‘Juice Jacking’ Suddenly Back in the News?

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Happy birthday, Security Affairs celebrates its ninth Anniversary today

Happy 10th Birthday, Security Affairs

US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

The Link Between AWM Proxy & the Glupteba Botnet

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

US DoJ indicts four members of China-linked APT40 cyberespionage group

Palo Alto Networks addresses tens of serious issues in PAN-OS

US man sentenced to 4 years in prison for his role in Infraud scheme

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Command injection flaw in PHP Composer allowed supply-chain attacks

LiveJournal Blog Platform Credential Leak: What Happened?

New Zealand freezes assets of Russian cyber criminal Alexander Vinnik

Air India suffered a data breach, 4.5 million customers impacted

PyMICROPSIA Windows malware includes checks for Linux and macOS

Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Unknown FinSpy Mac and Linux versions found in Egypt

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs newsletter Round 284

Three Italian universities hacked by LulzSec_ITA collective

CEO to CEO: Breach Response Advice for Capital One

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Russia-linked threat actors targets critical infrastructure, US authorities warn

Irish Silk Road admin sentenced to 78 months in federal prison

Stay Connected