2012 - Information Management Today

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

Nikita Kislitsin , formerly the head of network security for one of Russia’s top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Nikita Kislitsin, at a security conference in Russia. Nikulin is currently serving a seven-year sentence in the U.S.

Cybersecurity

Cybersecurity Passwords Government Security

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 13, 2012, after a state IT contractor clicked a malicious link in an email.

Sales

Sales Retail Insurance Access

Zappos' Offer to Breach Victims: A 10 Percent Discount

Data Breach Today

OCTOBER 21, 2019

Proposed Data Breach Settlement Follows Supreme Court's Refusal to Hear Appeal Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase.

Retail

Retail Data breaches

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

DLA Piper Privacy Matters

APRIL 11, 2022

where the organisation’s annual turnover in Singapore exceeds SGD 10 million, 10% of the organisation’s Singapore turnover. Increased financial penalties. From 1 October 2022, companies that breach the PDPA may face fines of up to: SGD 1 million; or.

Personal data

Personal data Compliance Cybersecurity Government

Uintah Basin Healthcare Data Breach Affects Over 100,000

Data Breach Today

MAY 13, 2023

Hacking Incident Affects Patients Who Received Care Over a 10 Year Period A rural Utah healthcare provider is notifying more than one hundred thousand individuals of a cybersecurity incident. Hackers may have accessed or stolen patient data of 103,974 patients who received care between March 2012 and last November.

Data breaches

Data breaches Cybersecurity Access

End of Mainstream Support for Dynamics AX 2009 and AX 2012

Ascent Innovations

OCTOBER 2, 2018

End of Mainstream Support for Dynamics AX 2009 and AX 2012. Microsoft is ending the mainstream support for Dynamics AX 2009, AX 2012 FP and R2 on October 9th, 2018. Dynamics AX products are normally supported for 10 years from the release. Dynamics AX 2012. –. Dynamics AX 2012 R2. –. Dynamics AX 2012 R3. –.

Cloud

Cloud Sales Education Security

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Data Protection Report

MARCH 28, 2023

In a recent decision (the Decision ), [1] the Personal Data Protection Commission ( PDPC ) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 ( PDPA ) when the consent procured is invalid. 10] The Decision at paragraph 16. [11]

Personal data

Personal data Risk Access IT

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. NetWire has been sold openly on the same website since 2012: worldwiredlabs[.]com. org , also registered in 2012.

Access

Access Passwords Sales Retail

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Risk

Risk Security IT

Microsoft Issues Emergency Patch for Windows Flaw

Krebs on Security

JULY 7, 2021

.” In a blog post , Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016 , Windows 10 version 1607 , and Windows Server 2012. Windows 10 users can check for the patch by opening Windows Update. A reboot will be required after installation.

Security

Security IT

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Security Affairs

MAY 5, 2022

which dates back to June 2012. “SentinelLabs has discovered two high severity flaws in Avast and AVG (acquired by Avast in 2016) that went undiscovered for 10 years affecting dozens of millions of users.” The post A couple of 10-Year-Old flaws affect Avast and AVG antivirus? To nominate, please visit:?

Security

Security Cybersecurity Information Security IT

What are the 10 steps to cyber security?

IT Governance

JUNE 21, 2019

Anyone looking for advice on how to achieve effective cyber security should consider the NCSC’s (National Cyber Security Centre) 10-step guide. Originally published in 2012, it is now used by the majority of FTSE 350 organisations. Enlist in Operation Cyber Secure >> The post What are the 10 steps to cyber security?

Security

Security Data breaches Risk Access

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Some administrators and users reported problems with L2TP VPN connections on Windows 10 after installing the recent Windows 10 and Windows 11 cumulative updates. Windows Server 2012 R2: KB5010794 Windows Server 2012: KB5010797. Below are the updates can only be downloaded through the Microsoft Update Catalog: Windows 8.1,

Security

Security Access Information Security IT

Zappos Offers Users 10% Discount in 2012 Breach Settlement

Threatpost

OCTOBER 18, 2019

Lawyers will get $1.6 million in a settlement that stems from a breach that affected more than 24 million customers.

Retail

Retail Data breaches Data Privacy Privacy

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

MAY 14, 2019

CVE-2019-0708 does not affect Microsoft’s latest operating systems — Windows 10 , Windows 8.1 , Windows 8 , Windows Server 2019 , Windows Server 2016 , Windows Server 2012 R2 , or Windows Server 2012. Europol estimated at the time that WannaCry spread to some 200,000 computers across 150 countries.

Ransomware

Ransomware Authentication Security IT

Microsoft Patch Tuesday, January 2021 Edition

Krebs on Security

JANUARY 13, 2021

10 is the most dangerous). Case in point: CVE-2021-1709 , which is an “elevation of privilege” flaw in Windows 8 through 10 and Windows Server 2008 through 2019. “They classify this vulnerability as ‘low’ in complexity, meaning an attack could be easy to reproduce,” Breen said.

Marketing

Marketing Security IT Access

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

Security

Security Ransomware Phishing Cloud

31st January Weekly Podcast: Facebook VPN, FaceTime bug, and Internet Explorer 10

IT Governance

JANUARY 31, 2019

In this week’s podcast we discuss Facebook’s VPN, an Apple FaceTime bug being discovered and the end of Internet Explorer 10. Microsoft has announced that Internet Explorer 10 will be meeting its certain demise in 2020, alongside the OS Windows 7. Windows Embedded 8 Standard and Windows Server 2012 will remain supported until 2023.

Government

Government Information Security Access Compliance

Singapore: Imminent Changes to the Personal Data Protection Act 2012 (PDPA)

DLA Piper Privacy Matters

OCTOBER 15, 2020

For more details of these changes, please refer to our previous alert.

Personal data

Personal data Data breaches Compliance IT

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

and Windows Server 2012 R2 systems. and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. and Windows Server 2012 R2. and Windows Server 2012 R2,” reads Microsoft’s advisory. Microsoft released this week an out-of-band security update for Windows 8.1

Security

Security Access IT Information Security

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2013-10-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., 2333youxi[.]com blazefire[.]com blazefire[.]net

Cloud

Cloud Manufacturing Marketing Data breaches

Chinese APT IronHusky use Win zero-day in recent wave of attacks

Security Affairs

OCTOBER 13, 2021

Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 10 (build 14393) Microsoft Windows Server 2016 (build 14393) Microsoft Windows 10 (build 17763) Microsoft Windows Server 2019 (build 17763).

Government

Government IT Access Security

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. out of 10, it impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28.

Security

Security Access Cybersecurity Risk

Sotto Discusses Cybersecurity as Top Legal Issue in 2012

Hunton Privacy

DECEMBER 18, 2012

On December 10, 2012, Tom Field of HealthcareInfoSecurity interviewed Lisa J. Discussing the top legal issues in 2012, Lisa said that data breaches remain at the top of the list, with an increase in malicious cyberattacks. Sotto , partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP.

Cybersecurity

Cybersecurity Data breaches Privacy Security

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Security Affairs

JULY 10, 2022

According to the experts, the issue affects all Honda vehicles on the market (From the Year 2012 up to the Year 2022). The researchers tested a remote keyless entry system (RKE) that allows to remotely unlock or start a vehicle and discovered the Rolling-PWN attack issue. Therefore, those commands can be used later to unlock the car at will.”

Marketing

Marketing IT Security Information Security

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . A threat actor that goes online with the name “integra” has deposited 26.99

Security

Security Access Cybersecurity Information Security

DocuWare Celebrates 10 Years in the Cloud

Docuware

MAY 13, 2022

DocuWare Online was launched in 2012 which. Computerworld magazine identified as. The year cloud computing took a bite out of IT. DocuWare began to explore the cloud’s potential along with a handful of forward-thinking customers.

Cloud

Cloud IT

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

SMBv1 is no longer installed by default since Windows 10 version 1709 and Windows Server version 1709, while latest versions of the operating systems are using SMBv3. Windows Server 2012: If the command returns false, SMBv1 is not enabled. Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled.

Authentication

Authentication Communications Encryption IT

Patch Tuesday, October 2018 Edition

Krebs on Security

OCTOBER 11, 2018

10 and Server 2008, 2012, 2016 and 2019. This month, Microsoft briefly paused updates for Windows 10 users after many users reported losing all of the files in their “My Documents” folder. The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, The worst part?

Security

Security Access IT

UK ICO Launches 2012/13 Annual Report

Hunton Privacy

JUNE 20, 2013

On June 20, 2013, the UK Information Commissioner’s Office (“ICO”) launched its Annual Report and Financial Statements for 2012/13 (the “Report”). During the financial year 2012/13, the ICO’s civil enforcement team investigated 1,300 cases, up 45% from the previous year. In 2012/13, the ICO raised £16.06 Enforcement.

FOIA

FOIA Education Personal data Compliance

SINGAPORE: Increased financial penalties under the PDPA now in effect

DLA Piper Privacy Matters

OCTOBER 5, 2022

The provision setting out significantly higher financial penalties for Singapore’s Personal Data Protection Act 2012 (“ PDPA ”) is now in force. There is now an increased risk for organisations contravening the PDPA in Singapore.

Personal data

Personal data Compliance Risk Access

TD Bank Agrees to Settlement to Resolve Multistate Investigation into 2012 Data Breach

Hunton Privacy

OCTOBER 22, 2014

On October 10, 2014, TD Bank, N.A. entered into an assurance of voluntary compliance (“Assurance”) with a multistate group of nine attorneys general to settle allegations that the company violated state consumer protection and personal information safeguards laws in connection with a 2012 data breach.

Data breaches

Data breaches Compliance Privacy Security

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Security Affairs

FEBRUARY 17, 2024

The man was extradited to the United States in 2023, he was included in the FBI’s “Most Wanted” list and has been sought for 10 years. In 2012, the Ukrainian national Vyacheslav Igorevich Penchukov was accused of being a member of a cybercrime gang known as JabberZeus crew.

Ransomware

Ransomware IT Information Security Security

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-12-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2013-10-09 ALIBABA CLOUD COMPUTING (BEIJING) CO., com 2012-11-26 ALIBABA CLOUD COMPUTING (BEIJING) CO., 2333youxi[.]com blazefire[.]com blazefire[.]net

Cloud

Cloud Manufacturing Marketing Data breaches

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

— EC3 (@EC3Europol) March 10, 2023 Law enforcement seized the website www.worldwiredlabs[.]com The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. com and its alleged administrator, a Croatian national.

Sales

Sales Data breaches Access IT

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Threatpost

AUGUST 20, 2020

and Windows Server 2012. The unscheduled security update addresses two "important"-severity flaws in Windows 8.1

Access

Access Security

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware

Ransomware Security Cybersecurity Risk

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11. The product has been originally emerged at XSS underground forum, and later received positive feedback on other well-established communities including Exploit.

Passwords

Passwords Authentication Data collection Privacy

ProxyNotShell Finally Gets Patched by Microsoft

eSecurity Planet

NOVEMBER 10, 2022

. “It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters, vice president of vulnerability and threat research at Action1, said by email.

Phishing

Phishing IT Security Cybersecurity

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Security

Security Data breaches Archiving Phishing

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Security Affairs

DECEMBER 20, 2018

The IE zero-day vulnerability impacts IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, IE 11 from Windows 7 to Windows 10, and IE 11 on Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security IT

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

The fix: Apply the emergency fixes issued by Microsoft for: Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Attackers Actively Exploit Fortinet Enterprise Management Server SQLi Flaw Type of vulnerability: SQL injection (SQLi) flaw. out of 10), and calls it Shadow Ray.

Libraries

Libraries Authentication Artificial Intelligence Cloud

Google provides rules to detect tens of cracked versions of Cobalt Strike

Security Affairs

NOVEMBER 21, 2022

The researchers noticed that each Cobalt Strike version contains approximately 10 to 100 attack template binaries. The experts were able to locate versions of the Cobalt Strike JAR file starting with version 1.44 (which was released in 2012) up to the latest version at the time of publishing the analysis, Cobalt Strike 4.7.

Cloud

Cloud Cybersecurity Security IT

My 7 top security publications from the ICO

Data Protector

OCTOBER 29, 2016

Guidance on data security breach management (Dec 2012). This natty 18-page guide reports on 10 practical ways to secure IT systems. In terms of the top 7 ICO publications, (virtual) copies of the following guides really ought to be at every DPO’s fingertips: 7. A practical guide to IT security (Jan 2016).

Security

Security Personal data Encryption Cloud

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Who Stole 3.6M Tax Records from South Carolina?

Trending Sources

Zappos' Offer to Breach Victims: A 10 Percent Discount

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

Uintah Basin Healthcare Data Breach Affects Over 100,000

End of Mainstream Support for Dynamics AX 2009 and AX 2012

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Who’s Behind the NetWire Remote Access Trojan?

Microsoft Issues Emergency Fix for IE Zero Day

Microsoft Issues Emergency Patch for Windows Flaw

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

What are the 10 steps to cyber security?

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Zappos Offers Users 10% Discount in 2012 Breach Settlement

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Microsoft Patch Tuesday, January 2021 Edition

Microsoft Patches Six Zero-Day Security Holes

31st January Weekly Podcast: Facebook VPN, FaceTime bug, and Internet Explorer 10

Singapore: Imminent Changes to the Personal Data Protection Act 2012 (PDPA)

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Tracing the Supply Chain Attack on Android

Chinese APT IronHusky use Win zero-day in recent wave of attacks

A critical flaw in industrial automation systems opens to remote hack

Sotto Discusses Cybersecurity as Top Legal Issue in 2012

Experts demonstrate how to unlock several Honda models via Rolling-PWN attack

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

DocuWare Celebrates 10 Years in the Cloud

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Patch Tuesday, October 2018 Edition

UK ICO Launches 2012/13 Annual Report

SINGAPORE: Increased financial penalties under the PDPA now in effect

TD Bank Agrees to Settlement to Resolve Multistate Investigation into 2012 Data Breach

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

Tracing the Supply Chain Attack on Android

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Experts warn of a surge in zero-day flaws observed and exploited in 2021

New Version of Meduza Stealer Released in Dark Web

ProxyNotShell Finally Gets Patched by Microsoft

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Microsoft issues emergency patch for IE Zero Day exploited in the wild

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

Google provides rules to detect tens of cracked versions of Cobalt Strike

My 7 top security publications from the ICO

Stay Connected