2011 and Security - Information Management Today

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

Data Breach Today

JULY 12, 2023

Campaign Targets 22 Embassies; Unit 42 Ties It to Russian Foreign Intelligence Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series.

Phishing

Phishing Security IT

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The post XDSpy APT remained undetected since at least 2011 appeared first on Security Affairs.

Military

Military Phishing Passwords Government

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Security Affairs

APRIL 30, 2019

Bloomberg obtained Vodafone’s security briefing documents from 2009 and 2011 and spoke with people involved in the situation. Bloomberg revealed that once discovered the backdoors in home routers in 2011, Vodafone asked Huawei to address them. ” reported the AFP. ” continues bloomberg. ” continues bloomberg.

IT

IT Access Government Authentication

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

COVID-19 Response: How to Secure a 100% Remote Workforce

Data Breach Today

MARCH 20, 2020

Cybereason CSO Sam Curry on Business Continuity and Reducing Risk Cybereason CSO Sam Curry is no stranger to crisis - he was on the team that responded to the RSA breach in 2011. But the COVID-19 pandemic brings an unprecedented challenge: How do you manage business continuity and reduce risk with a 100 percent remote workforce?

Risk

Risk Security

The Story of the 2011 RSA Hack

Schneier on Security

MAY 27, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Authentication

Authentication Cybersecurity

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011.

Authentication

Authentication Passwords Libraries Security

Happy 10th Birthday, Security Affairs

Security Affairs

NOVEMBER 15, 2021

I launched Security Affairs for passion in 2011 and millions of readers walked with me. Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. SecurityAffairs – hacking, Security Affairs).

Security

Security Cybersecurity IT Data breaches

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Communications

Communications Risk Access Education

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Data Breach Today

JULY 19, 2021

All Aligned With China's Ministry of State Security The U.S.

Government

Government Security

Email accounts of the International Monetary Fund compromised

Security Affairs

MARCH 18, 2024

The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The impacted email accounts were re-secured. ” The agency has already secured the compromised email accounts and added that it is not aware of further compromise beyond them.

Cybersecurity

Cybersecurity Security IT Data breaches

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

The Last Watchdog

FEBRUARY 24, 2022

Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. Now, let me give you a few reasons, why pen testing has emerged as a “must-have” security practice. For example, your website security may prove strong, applications not so much.

Security

Security Compliance Retail IoT

FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads

IG Guru

JUNE 7, 2022

FTC and DOJ Order Twitter to Pay $150 Million Penalty for Violating 2011 FTC Order and Cease Profiting from Deceptively Collected Data. The post FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads appeared first on IG GURU.

Security

Security Information governance Government Privacy

Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security

Dark Reading

JANUARY 10, 2023

Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump. Hacking to kill: Dark Reading's Fahmida Y.

Security

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

The Security Ledger

MARCH 27, 2024

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections. Read the whole entry. »

Security

Security Cybersecurity Risk Government

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more. Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group.

Risk

Risk Archiving Access Privacy

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

Gox in 2011 and money laundering. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. Bilyuchenko is also charged with conspiring with Alexander Vinnik to run the virtual currency exchange BTC-e from 2011 to 2017. Gox exchange and operating BTC-e appeared first on Security Affairs.

Access

Access Security IT Information Security

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 284 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Ransomware Insurance Information Security

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

Security Affairs

FEBRUARY 6, 2024

“According to the indictment, between 2011 and July 2017, Aliaksandr Klimenka, 42, allegedly controlled BTC-e, a digital currency exchange, with Alexander Vinnik and others.” The authorities reported that since 2011, 7 million Bitcoin had gone into the BTC-e exchange and 5.5 ” reads the press release published by DoJ.

IT

IT Information Security Security

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

nuvola is the new open-source cloud security tool to address the privilege escalation in cloud environments. nuvola is the new open source security tool made by the Italian cyber security researcher Edoardo Rosa ( @_notdodo_ ), Security Engineer at Prima Assicurazioni. Cloud Security Context.

Cloud

Cloud Security Metadata Data breaches

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

Security Affairs

JANUARY 2, 2022

According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 SecurityAffairs – hacking, crypto security breaches). The post Crypto security breaches cause $4.25

Security

Security Marketing IT Information Security

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google. AWMproxy, the storefront for renting access to infected PCs, circa 2011. An example of a cracked software download site distributing Glupteba. Image: Google.com.

Passwords

Passwords Analytics Manufacturing Sales

Twitter to Pay $150 Million to Settle Allegations of Data Misuse

Hunton Privacy

MAY 31, 2022

On May 25, 2022, Twitter reached a proposed $150 million settlement with the Department of Justice (“DOJ”) and the Federal Trade Commission to resolve allegations that the company deceptively used nonpublic user contact information obtained for account security purposes to serve targeted ads to Twitter users.

Privacy

Privacy Information Security Data Privacy Compliance

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 SAP Security Note #3040210 , tagged with a CVSS score of 9.9

Security

Security IT Information Security

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

FEBRUARY 22, 2022

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs. In October 2021, St.

Education

Education Access Security Communications

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

Questions about who stole tax and financial data on roughly three quarters of all South Carolina residents came to the fore last week at the confirmation hearing of Mark Keel , who was appointed in 2011 by Gov. Nikki Haley to head the state’s law enforcement division. “At the time, it was one of the largest breaches in U.S.

Sales

Sales Retail Insurance Access

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Security

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Cybersecurity

Cybersecurity Government IT Security

NEW TECH: The march begins to make mobile app security more robust than legacy PC security

The Last Watchdog

SEPTEMBER 26, 2019

Is mobile technology on a course to become more secure than traditional computing? Related: Securing the Internet of Things I’ve been writing about organizations struggling to solve the productivity vs. security dilemma that’s part and parcel of the BYOD craze for some time now. We spoke at Black Hat 2019.

Security

Security Encryption Access Passwords

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

CDHE discovered the ransomware attack on June 19, 2023, it immediately launched an investigation into the security breach with the help of third-party specialists. At the time of this writing, no ransomware group has claimed responsibility for the security breach. ” reads the Notice of Data Incident published by the company.

Education

Education Data breaches Ransomware Access

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 9, 2022

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The post CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IT

IT Passwords Ransomware Cybersecurity

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Security Affairs

SEPTEMBER 5, 2022

It has already happened in the past that the popular antivirus software has identified Chrome as a malicious code, the website The Register reported a similar problem in 2011. The post Windows Defender identified Chromium, Electron apps as Hive Ransomware appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Security IT Information Security

Senator Leahy Introduces the Personal Data Privacy and Security Act of 2011

Hunton Privacy

JUNE 10, 2011

On June 7, 2011, Senator Patrick Leahy (D-VT) introduced the “ Personal Data Privacy and Security Act of 2011 ” (the “Act”), co-sponsored by Senators Charles Schumer (D-NY) and Ben Cardin (D-MD). impacts federal databases or concerns federal employees or contractors engaged in national security or law enforcement services.

Personal data

Personal data Data Privacy Privacy Security

Thunderclap Flaws Shatter Peripheral Security

Threatpost

FEBRUARY 27, 2019

Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals.

Security

Peruvian Privacy Law Expected by July 28, 2011

Hunton Privacy

JUNE 14, 2011

On June 7, 2011, the Congress of the Republic of Peru passed the Personal Data Protection Law ( Ley de Protección de Datos Personales, Proyecto de Ley 4079/2009-PE). View a copy of the Personal Data Protection Law (in Spanish) as passed on June 7, 2011. Require consent for the processing of personal data.

Privacy

Privacy Personal data Communications Government

Three security bugs found in the popular Linux suite systemd

Security Affairs

JANUARY 10, 2019

Security firm Qualys has disclosed three flaws (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 ) in a component of systemd , a software suite that provides fundamental building blocks for a Linux operating system used in most major Linux distributions. ” reads the security advisory. Pierluigi Paganini.

Security

Security Access IT

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. biz ( +7.9235059268 ) was used to secure two other domains — bile[.]ru

e-Delivery

e-Delivery Passwords Cybersecurity Sales

Can Application Security Testing Be Fixed?

ForAllSecure

SEPTEMBER 15, 2021

Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. “We keep applying the same, tired, and often simplistic solutions to this thorny, complex, multi-dimensional problem that we call application security,” he said.

Security

Security Marketing IT

Planning Your Online Lives in 2011

Collaboration 2.0

DECEMBER 16, 2010

A hundred years ago we had virtually no data associated with us beyond possibly owning a passport, a few pieces of legal paperwork and maybe some national security files about us we [.]

Security

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ALAC was developed in 2004 and Apple open-sourced it in 2011, since then many third-party vendors used it.

Access

Access Cybersecurity Security IT

ENISA published “Proactive detection – Measures and information sources” report

Security Affairs

MAY 31, 2020

The EU Agency for Cybersecurity ENISA has published a new report and accompanying repository on measures and information sources that could help security experts and operators of IT and critical infrastructure to proactively detect network security incidents in the EU. ” reads the report. ” reads the report.

Cybersecurity

Cybersecurity Security IT Information Security

The Story of Mayhem: The Next-Generation in Application Security

ForAllSecure

MAY 11, 2021

In 2011, ForAllSecure co-founders, Thanassis Avgerinos and Alex Rebert, then students at Carnegie Mellon University led by Professor David Brumley, were pondering what to name their new technology. They took inspiration from Chaos Engineering, first popularized by Netflix in 2011. The Mayhem Portfolio.

Security

Security Cybersecurity IT

The Story of Mayhem: The Next-Generation in Application Security

ForAllSecure

MAY 11, 2021

In 2011, ForAllSecure co-founders, Thanassis Avgerinos and Alex Rebert, then students at Carnegie Mellon University led by Professor David Brumley, were pondering what to name their new technology. They took inspiration from Chaos Engineering, first popularized by Netflix in 2011. The Mayhem Portfolio.

Security

Security Cybersecurity IT

Kevin Mitnick, Hacker Turned Cybersecurity Leader, Dies at 59

eSecurity Planet

JULY 20, 2023

Once dubbed “the world’s most wanted hacker” after his youthful exploits attacking Digital Equipment Corporation and Pacific Bell, Mitnick completed his decade-long transition to cybersecurity luminary when he joined KnowBe4 as Chief Hacking Officer and part owner in 2011.

Cybersecurity

Cybersecurity Education Military Government

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

He joined the gang in August 2011 and worked for the organization for five-and-a-half years, DoJ states that he was among the most prolific and active members of the gang. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?.

Sales

Sales Personal data Cybersecurity Security

Fake Used-Car Flyer for 2011 BMW Phishes Diplomats in Kyiv

XDSpy APT remained undetected since at least 2011

Webinars

Trending Sources

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Webinars

COVID-19 Response: How to Secure a 100% Remote Workforce

The Story of the 2011 RSA Hack

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Happy 10th Birthday, Security Affairs

Why is ‘Juice Jacking’ Suddenly Back in the News?

US Indicts 4 Chinese Nationals for Lengthy Hacking Campaign

Email accounts of the International Monetary Fund compromised

GUEST ESSAY: Here’s why penetration testing has become a ‘must-have’ security practice

FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads

Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs newsletter Round 284

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

NUVOLA: the new Cloud Security tool

Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021

The Link Between AWM Proxy & the Glupteba Botnet

Twitter to Pay $150 Million to Settle Allegations of Data Misuse

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Who Stole 3.6M Tax Records from South Carolina?

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

The Full Story of the Stunning RSA Hack Can Finally Be Told

NEW TECH: The march begins to make mobile app security more robust than legacy PC security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Windows Defender identified Chromium, Electron apps as Hive Ransomware

Senator Leahy Introduces the Personal Data Privacy and Security Act of 2011

Thunderclap Flaws Shatter Peripheral Security

Peruvian Privacy Law Expected by July 28, 2011

Three security bugs found in the popular Linux suite systemd

Why Malware Crypting Services Deserve More Scrutiny

Can Application Security Testing Be Fixed?

Planning Your Online Lives in 2011

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

ENISA published “Proactive detection – Measures and information sources” report

The Story of Mayhem: The Next-Generation in Application Security

The Story of Mayhem: The Next-Generation in Application Security

Kevin Mitnick, Hacker Turned Cybersecurity Leader, Dies at 59

US man sentenced to 4 years in prison for his role in Infraud scheme

Stay Connected