2012 and Encryption - Information Management Today

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Security Affairs

FEBRUARY 17, 2020

Tutanota , the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. ” states Tutanota. reported the Associated Press. Pierluigi Paganini.

Encryption

Encryption Communications Government Personal data

Attorney General William Barr on Encryption Policy

Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption

Encryption Communications Risk Access

Attorney General Barr and Encryption

Schneier on Security

AUGUST 14, 2019

Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. After all, we are not talking about protecting the Nation's nuclear launch codes.

Encryption

Encryption Communications Risk Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The website BHProxies[.]com

Passwords

Passwords Blockchain Mining Marketing

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The remaining components are encrypted and stored within a binary registry value.”

Libraries

Libraries Encryption Security IT

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Security Affairs

FEBRUARY 26, 2024

In 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.” In In January 2021, a ThyssenKrupp subsidiary was a victim of a ransomware cyberattack that caused the encryption of its servers and employee workstations.

Ransomware

Ransomware Encryption Access Security

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

The Dropbox and LinkedIn breaches, for example, occurred in 2012 before being broadly distributed in 2016 and just like those incidents, the alleged AT&T data is now in very broad circulation. The above example simply didn't have plain text entries for the encrypted data.

Data breaches

Data breaches Encryption Sales IT

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. Excel attempts to decrypt and open the file and run any macros it contains. .

Passwords

Passwords Encryption Security IT

SideWinder carried out over 1,000 attacks since April 2020

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. The URLs used for C2 communications for these domains are split into two parts: The Installer module contains the first part of the URL which is the C2 server domain name in encrypted form.

Encryption

Encryption Military Phishing Communications

ESET PROTECT Advanced Review: Features & Benefits

eSecurity Planet

OCTOBER 8, 2021

With a multi-layered approach to endpoint protection, the ESET PROTECT Advanced solution fits small to medium-sized businesses and offers advanced EPP capabilities, full disk encryption , and an automated sandbox for dynamic threat analysis. Full Disk Encryption. Read more: 19 Best Encryption Software & Tools of 2021.

Encryption

Encryption Cloud MDM Cybersecurity

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre- authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking. Windows Server 2012: If the command returns false, SMBv1 is not enabled.

Authentication

Authentication Communications Encryption IT

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. FBI spoofs 2012 – 2013. It surfaced in November 2012 and was making thousands of victims a day. File encryption 2013 – 2015. None of these early threats went pro.

Ransomware

Ransomware Encryption Privacy Security awareness

German industrial giant ThyssenKrupp targeted in a new cyberattack

Security Affairs

DECEMBER 21, 2022

. “At the present time, no damage has been done, nor are there any indications that data has been stolen or modified,” This isn’t the first attack suffered by the company, in 2012, the company was targeted by another cyber attack that was classified as “heavy” and of “exceptional quality.”. Pierluigi Paganini.

Ransomware

Ransomware Data breaches Encryption Access

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

SEPTEMBER 26, 2023

After mobilizing to ensure the Internet’s free flow of information and commerce, we realized the ongoing need for an industry voice, founding formally in 2012. Advertising Practices: Given the complexity and different use cases for VPNs, claims must not mislead.

Privacy

Privacy Risk Encryption Authentication

Russians Hack FBI Comms System

Schneier on Security

SEPTEMBER 24, 2019

officials in 2012, gave Russian spies in American cities including Washington, New York and San Francisco key insights into the location of undercover FBI surveillance teams, and likely the actual substance of FBI communications, according to former officials. Its poor design just encourages users to turn off the encryption.

Encryption

Encryption Communications IT Security

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

JANUARY 13, 2016

(“Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.”

Encryption

Encryption Insurance Data breaches Privacy

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Unlike most Mirai variants, the V3G4 variant uses different XOR encryption keys for string encryption.

IoT

IoT Encryption Security IT

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

JULY 28, 2021

The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. Aro.dat is, in fact, an encrypted and compressed PlugX payload.” Aro.exe is likely part of the “ ARO 2012 advanced repair and optimization tool,” which is a freely available tool that claims to fix Windows registry errors.

Encryption

Encryption File names Communications IT

My 7 top security publications from the ICO

Data Protector

OCTOBER 29, 2016

Guidance on data security breach management (Dec 2012). Encryption (Mar 2016) This 35-page guide highlights, through a range of practical scenarios, when different encryption strategies can help provide a greater level of protection. A practical guide to IT security (Jan 2016).

Security

Security Personal data Encryption Cloud

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Security Affairs

JUNE 9, 2022

Between 2012 and 2015, the Aoqin Dragon actors heavily relied on exploits for CVE-2012-0158 and CVE-2010-3333 vulnerabilities. The customized version of the Heyoka backdoor is more powerful and is able to terminate processes, manipulate files, and collect process information on a infected machine.

Encryption

Encryption Education Cybersecurity Security

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

JANUARY 16, 2021

The MD Anderson case stemmed from three breaches suffered by MD Anderson in 2012 and 2013 that resulted in the unauthorized disclosure of the protected health information (“PHI”) of approximately 35,000 patients. OCR investigated and imposed the $4.3

Encryption

Encryption Privacy Insurance Security

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Security

Security Data breaches Archiving Phishing

Eavesdropping on SMS Messages inside Telco Networks

Schneier on Security

NOVEMBER 7, 2019

These operations have spanned from as early as 2012 to the present day. Yet another example that demonstrates why end-to-end message encryption is so important. APT41's operations have included state-sponsored cyber espionage missions as well as financially-motivated intrusions.

Encryption

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. According to the experts, the backdoor might have been active since at least 2012. . “We

Communications

Communications Encryption Military Government

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “ clowwindy “, and multiple implementations of the protocol have been made available since.

Paper

Paper Encryption Government IT

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

doc, which, when opened with a vulnerable application, attempted to deliver a ransomware payload using a known shared Microsoft component vulnerability, CVE-2012-0158.” . “The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” continues the analysis.

Ransomware

Ransomware Phishing File names Encryption

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs

MAY 11, 2020

The vulnerability could result in the leak of sensitive data, including configuration information and encryption keys. . “This can result in sensitive data exposure of configuration information about the server including encryption keys, JVM configuration and other data.” This is due to an incomplete fix for CVE-2012-0516.”

Security

Security Phishing Encryption Authentication

Security Affairs newsletter Round 355

Security Affairs

FEBRUARY 28, 2022

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor Sophos linked Entropy ransomware to Dridex malware. Are both linked to Evil Corp? worth of NFTs from tens of OpenSea users Trickbot operation is now controlled by Conti ransomware.

Security

Security Ransomware Phishing Encryption

FINRA Fines Brokerage Firm $650,000 After Cyber Attack

Hunton Privacy

NOVEMBER 17, 2016

(“LFS”), a subsidiary of Lincoln Financial Group, entered into a settlement (the “Settlement”) with the Financial Industry Regulatory Authority (“FINRA”), requiring LFS to pay a $650,000 fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.

Cloud

Cloud Encryption Cybersecurity Security

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

The Last Watchdog

APRIL 13, 2020

Here are key takeaways: Middle East motivation Somewhat quietly since about 2012 or so, nation states of the Middle East, led by Saudi Arabia and the UAE, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. You now actually have to prove the data is encrypted, both at rest and in transit.

Security

Security Computer and Electronics Encryption MDM

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

“However, instead of sending it in cleartext, the client deploys a symmetric AES encryption for any communication over the WebSocket for the first exchange, as no shared secret is established yet, and the AES encryption will generate a default key for this first exchange. ” continues the analysis.

Communications

Communications Security Encryption IT

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

eSecurity Planet

FEBRUARY 15, 2022

The ransomware encrypts files on compromised Windows host systems, including physical and virtual servers, the advisory noted, and the executable leaves a ransom note in all directories where encryption occurs, including ransom payment instructions for obtaining a decryption key. 7 SP1, 8, 8.1)

Ransomware

Ransomware Encryption Agriculture Cybersecurity

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to the security firm Keepnet Labs that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko.

Data breaches

Data breaches Cybersecurity Phishing Encryption

A PowerShell Script to Mitigate Active Directory Security Risks

eSecurity Planet

OCTOBER 12, 2023

The client uses password hash to encrypt the challenge and sends it back to the domain controller as a “response.” the client takes the “challenge” received from the server as is, adds the client nonce, encrypts it using DES encryption, and sends it back to the server. It is important to note, however, that SMB 1.0

Risk

Risk Security Authentication Encryption

GovPayNow.com Leaks 14M+ Records

Krebs on Security

SEPTEMBER 17, 2018

14, KrebsOnSecurity alerted GovPayNet that its site was exposing at least 14 million customer receipts dating back to 2012. E-commerce sites can mitigate such leaks by using something other than easily-guessed or sequential record numbers, and/or encrypting unique portions of the URL displayed to customers upon payment.

Government

Government Access Encryption Passwords

Best Enterprise VPN Solutions for 2021

eSecurity Planet

JULY 3, 2021

VPNs offer clients an encrypted access channel to remote networks through a tunneling protocol and can obfuscate the client’s IP address. With 3000 servers in 160 locations and 94 countries, ExpressVPN boasts its military-grade encryption and leak-proofing features, including a kill switch and unlimited bandwidth for clients.

Encryption

Encryption Communications Marketing Cloud

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Security Affairs

AUGUST 23, 2019

. “However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883 , which inject code in Word and PDF files respectively.” ” reads the report published by Trend Micro. EBSS section.

File names

File names Phishing Encryption Security

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

The Tropic Trooper APT has been active at least since 2012, it was first spotted by security experts at Trend Micro in 2015, when the threat actors targeted government ministries and heavy industries in Taiwan and the military in the Philippines. The collected information is formatted and sent to the C&C server.

Military

Military Encryption Passwords IT

I'm Partnering with NordVPN as a Strategic Advisor

Troy Hunt

AUGUST 6, 2020

When you use a VPN, you're trusting a third party with your traffic and even in an increasingly "encrypted by default" web, you're taking a leap of faith with who you choose to route your bytes. A few months ago, NordVPN sponsored this blog and we got to chatting.

Privacy

Privacy Marketing Encryption Security

HHS Announces $3.5 Million Settlement with Fresenius Medical Care

Hunton Privacy

FEBRUARY 5, 2018

The breaches, which occurred at Fresenius facilities in Alabama, Arizona, Florida, Georgia and Illinois from February 23 to July 18, 2012, form the basis of OCR’s claims. Fresenius will pay OCR $3.5 According to the settlement, these breaches led to the exposure of 521 patients’ health data.

Insurance

Insurance Risk Encryption Access

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

Security Affairs

SEPTEMBER 9, 2019

Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns. The attacks have been conducted from 2012 until 2106, against Emirati journalists, activists, and dissidents. .”

Systems administration

Systems administration Encryption Communications Security

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

Somewhat quietly since about 2012 or so, nation states in that region, led by Saudi Arabia and the United Arab Emirates, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. Two meaningful steps every person can take, right now, is to begin routinely using a password manager and encrypted browsers.

Computer and Electronics

Computer and Electronics Encryption Cybersecurity Privacy

Utter Zuck-up: 600 million passwords exposed in Facebook data breach

IT Governance

MARCH 22, 2019

This means they weren’t encrypted, making them freely accessible to as many as 20,000 employees, most of whom had no reason to access this information. Krebs went on to reveal that said that some passwords have been exposed since 2012. ‘No No signs of misuse’.

Data breaches

Data breaches Passwords Encryption Authentication

California Attorney General Releases New Report with Findings and Recommendations on 2013 Data Breaches

Hunton Privacy

OCTOBER 28, 2014

The report provides information on data breaches reported to California’s Attorney General in 2012 and 2013. million records compromised in 2012. In addition, the number of reported data breaches increased by 28 percent in 2013, rising from 131 in 2012 to 167 in 2013. According to the report, 18.5

Data breaches

Data breaches Retail Encryption Sales

Russian govn blocked Tutanota service in Russia to stop encrypted communication

Attorney General William Barr on Encryption Policy

Webinars

Trending Sources

Attorney General Barr and Encryption

Webinars

Who’s Behind the Botnet-Based Service BHProxies?

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

Inside the Massive Alleged AT&T Data Breach

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

SideWinder carried out over 1,000 attacks since April 2020

ESET PROTECT Advanced Review: Features & Benefits

Microsoft recommends Exchange admins to disable the SMBv1 protocol

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

German industrial giant ThyssenKrupp targeted in a new cyberattack

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Russians Hack FBI Comms System

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

My 7 top security publications from the ICO

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Security firm accidentally exposed an unprotected database with 5 Billion previously leaked records

Eavesdropping on SMS Messages inside Telco Networks

Platinum APT and leverages steganography to hide C2 communications

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs newsletter Round 355

FINRA Fines Brokerage Firm $650,000 After Cyber Attack

STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records

A PowerShell Script to Mitigate Active Directory Security Risks

GovPayNow.com Leaks 14M+ Records

Best Enterprise VPN Solutions for 2021

A new variant of Asruex Trojan exploits very old Office, Adobe flaws

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

I'm Partnering with NordVPN as a Strategic Advisor

HHS Announces $3.5 Million Settlement with Fresenius Medical Care

Stealth Falcon’s undocumented backdoor uses Windows BITS to exfiltrate data

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

Utter Zuck-up: 600 million passwords exposed in Facebook data breach

California Attorney General Releases New Report with Findings and Recommendations on 2013 Data Breaches

Stay Connected