2012 and Access - Information Management Today

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. NetWire has been sold openly on the same website since 2012: worldwiredlabs[.]com. org , also registered in 2012.

Access

Access Passwords Sales Retail

Horde Webmail Software is affected by a dangerous bug since 2012

Security Affairs

FEBRUARY 23, 2022

Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment. disable' => true.

Access

Access Communications Government Security

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network.

Access

Access Ransomware Sales Passwords

NetWire Remote Access Trojan Maker Arrested

Schneier on Security

MARCH 14, 2023

From Brian Krebs : A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S.

Access

Access Sales Passwords Marketing

Who Stole 3.6M Tax Records from South Carolina?

Krebs on Security

APRIL 16, 2024

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 13, 2012, after a state IT contractor clicked a malicious link in an email.

Sales

Sales Retail Insurance Access

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Data Protection Report

MARCH 28, 2023

In a recent decision (the Decision ), [1] the Personal Data Protection Commission ( PDPC ) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 ( PDPA ) when the consent procured is invalid. 1] [2023] SGPDPC 1. [2] 13] Section 2 of the PDPA. [14]

Personal data

Personal data Risk Access IT

Uintah Basin Healthcare Data Breach Affects Over 100,000

Data Breach Today

MAY 13, 2023

Hackers may have accessed or stolen patient data of 103,974 patients who received care between March 2012 and last November. Hacking Incident Affects Patients Who Received Care Over a 10 Year Period A rural Utah healthcare provider is notifying more than one hundred thousand individuals of a cybersecurity incident.

Data breaches

Data breaches Cybersecurity Access

Stopping Remote Access Trojans (RATs) in their tracks with OpenText MDR

OpenText Information Management

FEBRUARY 2, 2022

In 2012, we saw the first release of the Adwind malware family which were Java-based remote access tools (RATs) called “Frutas”. The OpenTextTM MDR has seen infections from the Adwind RAT family as recently … The post Stopping Remote Access Trojans (RATs) in their tracks with OpenText MDR appeared first on OpenText Blogs.

Access

Access IT Security

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

MARCH 4, 2019

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. Willms’ various previous ventures reportedly extended far beyond selling access to public records.

Access

Access Marketing Passwords Risk

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Threatpost

AUGUST 20, 2020

and Windows Server 2012. The unscheduled security update addresses two "important"-severity flaws in Windows 8.1

Access

Access Security

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 12, 2024

A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.” A local non-privileged attacker can prepare the system’s memory to issue improper GPU memory processing operations to gain access to already freed memory. reads the advisory published by the company.

IT

IT Cybersecurity Access Risk

Predictions From Last Year: How I Did (2012 Edition)

John Battelle's Searchblog

JANUARY 2, 2013

The post Predictions From Last Year: How I Did (2012 Edition) appeared first on John Battelle's Search Blog. As you can see from my 2012 predictions roundup , I took something of a new approach to the prognostication game last year. But the company didn’t do too much to prove my point in 2012. I hope 2013 keeps pace.

Marketing

Marketing IT Government Access

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BHProxies sells access to “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for their Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. The website BHProxies[.]com

Passwords

Passwords Blockchain Mining Marketing

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

eSecurity Planet

OCTOBER 11, 2023

“The impact to customers can be significant, as it can lead to prolonged downtime, loss of access to services, and potential financial losses for businesses relying on the affected web servers,” Silva added. For Server 2012/2012 R2 it is highly recommended to subscribe to ESU or migrate to a newer server edition.”

Authentication

Authentication Phishing Cybersecurity Access

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

DLA Piper Privacy Matters

APRIL 11, 2022

putting in place reasonable security arrangements to prevent unauthorised access, collection, use, disclosure etc. In practice, the Personal Data Protection Commission (“ PDPC “) takes a proactive approach in enforcing the PDPA. Enforcement priorities include ensuring compliance with: the Protection Obligation (i.e.

Personal data

Personal data Compliance Cybersecurity Government

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

AUGUST 20, 2020

and Windows Server 2012 R2 systems. and Windows Server 2012 R2 systems that address two privilege escalation vulnerabilities in Windows Remote Access. and Windows Server 2012 R2. The first elevation of privilege vulnerability, tracked as CVE-2020-1530 , ties the way Windows Remote Access improperly handles memory.

Security

Security Access IT Information Security

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. ” The government alleges the group monetized its illicit access by deploying ransomware and “ cryptojacking ” tools (using compromised systems to mine cryptocurrencies like Bitcoin). Image: FBI.

Government

Government Mining Big data Phishing

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Security Affairs

SEPTEMBER 30, 2020

Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison for hacking LinkedIn, Dropbox, and Formspring in 2012. The Russian national Yevgeniy Aleksandrovich Nikulin was sentenced to 88 months in prison in the United States for hacking LinkedIn, Dropbox, and Formspring in 2012. Source: US Defense Watch.com.

Passwords

Passwords Sales Phishing Access

Russians charged with hacking Mt. Gox exchange and operating BTC-e

Security Affairs

JUNE 9, 2023

According to court documents unsealed in the Southern District of New York (SDNY), in or about September 2011, the two men and their co-conspirators gained access to the server in Japan holding the cryptocurrency wallets for Mt. Then the attackers transferred funds from Mt. Gox’s wallets to bitcoin addresses under their control.

Access

Access Security IT Information Security

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

JUNE 25, 2021

. “The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012,” reads a reply from Western Digital that Wizcase posted to its blog. But these products also make it simple for users to access their files remotely over the Internet using a mobile app.

Access

Access Marketing IT

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

She confirmed that the company discovered an unauthorized access to the IT infrastructure. In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” The hackers managed to access sensitive HR information and documents about the company’s current and former employees.

Ransomware

Ransomware Encryption Access Security

Irish ODPC Publishes 2012 Annual Report

Hunton Privacy

MAY 21, 2013

On May 20, 2013, the Irish Office of the Data Protection Commissioner (“ODPC”) published its annual report for 2012 (the “Report”). The Report summarizes the activities of the ODPC during 2012, including its investigations and audits, policy matters, and European and international activities. audit outcomes. audit outcomes.

e-Delivery

e-Delivery Personal data Privacy Marketing

Access to Research ? a great, free digital resource for public libraries

CILIP

MARCH 6, 2020

Access to Research ? Access to Research ? Do students living locally need to access academic articles in their university holidays? Do students living locally need to access academic articles in their university holidays? The service is only available on terminals in public libraries and cannot be accessed remotely.

Libraries

Libraries Access Communications IT

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Recently, Faceless has shown ambitions beyond just selling access to poorly-secured IoT devices. And in March 2023, Faceless started marketing a service for looking up Social Security Numbers (SSNs) that claims to provide access to “the largest SSN database on the market with a very high hit rate.”

Passwords

Passwords IoT Sales Retail

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Krebs on Security

APRIL 30, 2024

Kivimäki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimäki’s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. Kivimäki was 15 years old at the time.

Passwords

Passwords Access Security IT

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Security Affairs

MARCH 10, 2023

A coordinated #lawenforcement action has taken down the #Netwire Remote Access Trojan infrastructure. The NetWire Remote Access Trojan (RAT) is available for sale on cybercrime forums since 2012, it allows operators to steal sensitive data from the infected systems. Main suspect arrested.

Sales

Sales Data breaches Access IT

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces.

Sales

Sales Passwords Data breaches Phishing

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Security

Security Access Cybersecurity Risk

UK ICO Launches 2012/13 Annual Report

Hunton Privacy

JUNE 20, 2013

On June 20, 2013, the UK Information Commissioner’s Office (“ICO”) launched its Annual Report and Financial Statements for 2012/13 (the “Report”). During the financial year 2012/13, the ICO’s civil enforcement team investigated 1,300 cases, up 45% from the previous year. Enforcement. The ICO also: issued 23 penalties, totaling over £2.6

FOIA

FOIA Education Personal data Compliance

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

The SMBv1 protocol is a network communication protocol for providing shared access to files, printers, and serial ports between nodes on a network. Windows Server 2012: If the command returns false, SMBv1 is not enabled. Windows Server 2012 R2 or higher: If the command returns false, SMBv1 is not enabled.

Authentication

Authentication Communications Encryption IT

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . A threat actor that goes online with the name “integra” has deposited 26.99

Security

Security Access Cybersecurity Information Security

Preservation and public access to the records of over 240 Kentucky state agencies

Preservica

APRIL 26, 2018

I recently caught up with State Archivist Beth Shields and Electronic Records Branch Manager Kari May at KDLA to learn how they are preserving and providing access to their state’s large volumes of important digital assets. Active digital preservation and access in the Cloud. Access for all Kentuckians.

Digital preservation

Digital preservation Access Archiving Libraries

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

They were used to access the internal workplace systems for BMW dealers and could have been useful to attackers for spear-phishing campaigns or malware distribution. If you open the link and enter your credentials, attackers suddenly gain access to deploy ransomware or for other deeds.

Phishing

Phishing Manufacturing Access Information Security

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

SEPTEMBER 26, 2023

As a result of collaborative efforts, the VTI Principles serve as a comprehensive set of best practices for VPN providers that bolster consumer confidence and provider accountability, promoting wider VPN adoption and access to the technology’s benefits.

Privacy

Privacy Risk Encryption Authentication

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Education

Education Authentication Access Security

Confessions of an ID Theft Kingpin, Part I

Krebs on Security

AUGUST 26, 2020

. “I was hacking into their platform and stealing their customer database so I could use their customer logins to access their [consumer] databases,” Ngo said. ” Very soon after gaining access to MicroBilt, Ngo says, he stood up Superget[.]info Info Search , which had access to far more sensitive consumer records.

Computer and Electronics

Computer and Electronics Access IT Data collection

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”.

Ransomware

Ransomware Data breaches Encryption Access

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Security Affairs

JANUARY 18, 2022

Reports also claim that the Windows Resilient File System (ReFS) volumes were no longer accessible after the installation of January 2021 updates. Windows Server 2012 R2: KB5010794 Windows Server 2012: KB5010797. Emergency out-of-band (OOB) updates through Windows Update are optional updates and have to be manually installed.

Security

Security Access Information Security IT

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

FEBRUARY 5, 2023

Kivimaki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimäki’s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. The DDoS-for-hire service allegedly operated by Kivimäki in 2012.

ROT

ROT Security Access IT

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” reads a press release published by DoJ. ’ (aka Dragonfly , Berzerk Bear, Energetic Bear, and Crouching Yeti ). ” states the DoJ.

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

In 2010, Assange gained unauthorized access to a government computer system of a NATO country and years later he contacted s LulzSec leader who was working for the FBI and provided him a list of targets.

Military

Military Government Risk Passwords

2012 IAPP Global Privacy Summit

Hunton Privacy

MARCH 6, 2012

March 7-9, 2012. Join us at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., Hunton & Williams privacy professionals will be featured speakers in the following sessions: Mending Fences after a Breach. Thursday, March 8, 12:15 p.m. Speakers include: Lisa J.

Privacy

Privacy Information governance Government Access

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware

Ransomware Security Cybersecurity Risk

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Security Affairs

DECEMBER 6, 2022

At this point, we identified that it was also possible to access customer information and run vehicle commands on Honda, Infiniti, and Acura vehicles in addition to Nissan. The experts developed a simple python script to fetch the customer details of any VIN number. The experts were also able to find the HTTP request to run vehicle commands.

IT

IT Cybersecurity Security Access

Who’s Behind the NetWire Remote Access Trojan?

Horde Webmail Software is affected by a dangerous bug since 2012

Trending Sources

Who Is the Network Access Broker ‘Babam’?

NetWire Remote Access Trojan Maker Arrested

Who Stole 3.6M Tax Records from South Carolina?

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Uintah Basin Healthcare Data Breach Affects Over 100,000

Stopping Remote Access Trojans (RATs) in their tracks with OpenText MDR

Hackers Sell Access to Bait-and-Switch Empire

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

Predictions From Last Year: How I Did (2012 Edition)

Who’s Behind the Botnet-Based Service BHProxies?

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

Singapore: Higher Fines for Breach of Personal Data Protection Act 2012 (PDPA) – up to 10% of Singapore Turnover

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Russian national Yevgeniy Aleksandrovich Nikulin sentenced to 88 months in prison

Russians charged with hacking Mt. Gox exchange and operating BTC-e

MyBook Users Urged to Unplug Devices from Internet

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Irish ODPC Publishes 2012 Annual Report

Access to Research ? a great, free digital resource for public libraries

Giving a Face to the Malware Proxy Service ‘Faceless’

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Law enforcement seized the website selling the NetWire RAT and arrested a Croatian man

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

A critical flaw in industrial automation systems opens to remote hack

UK ICO Launches 2012/13 Annual Report

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Preservation and public access to the records of over 240 Kentucky state agencies

Don’t trust links with known domains: BMW affected by redirect vulnerability

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Confessions of an ID Theft Kingpin, Part I

German industrial giant ThyssenKrupp targeted in a new cyberattack

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Finland’s Most-Wanted Hacker Nabbed in France

US indicted 4 Russian government employees for attacks on critical infrastructure

British Court rejects the US’s request to extradite Julian Assange

2012 IAPP Global Privacy Summit

Experts warn of a surge in zero-day flaws observed and exploited in 2021

A flaw in the connected vehicle service SiriusXM allows remote car hacking

Stay Connected