2013 and Encryption - Information Management Today

Neiman Marcus Settles Lawsuit Over Payment Card Breach

Data Breach Today

JANUARY 10, 2019

Agreement With 43 States Requires Retailer to Use Encryption, Tokenization Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. million and must use encryption and tokenization to protect card data.

Retail

Retail Encryption Data breaches IT

Attorney General William Barr on Encryption Policy

Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. I wrote about all this, and more, in 2013.).

Encryption

Encryption Communications Risk Access

Attorney General Barr and Encryption

Schneier on Security

AUGUST 14, 2019

Last month, Attorney General William Barr gave a major speech on encryption policywhat is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. I wrote about all this, and more, in 2013.).

Encryption

Encryption Communications Risk Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. FBI spoofs 2012 – 2013. File encryption 2013 – 2015.

Ransomware

Ransomware Encryption Privacy Security awareness

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization.

Encryption

Encryption Military Archiving Government

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack. The attack is a good reminder of how critical strong encryption is in protecting your website users. Third-party risk management.

Data breaches

Data breaches Passwords Encryption Cybersecurity

California Attorney General Releases New Report with Findings and Recommendations on 2013 Data Breaches

Hunton Privacy

OCTOBER 28, 2014

The report provides information on data breaches reported to California’s Attorney General in 2012 and 2013. Overall, 167 breaches were reported by 136 different entities to California’s Attorney General in 2013. In addition, the number of reported data breaches increased by 28 percent in 2013, rising from 131 in 2012 to 167 in 2013.

Data breaches

Data breaches Retail Encryption Sales

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

Hunton Privacy

JANUARY 16, 2021

The MD Anderson case stemmed from three breaches suffered by MD Anderson in 2012 and 2013 that resulted in the unauthorized disclosure of the protected health information (“PHI”) of approximately 35,000 patients. OCR investigated and imposed the $4.3

Encryption

Encryption Privacy Insurance Security

ICO Stresses Importance of Encryption for Data Security

Hunton Privacy

AUGUST 28, 2013

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. Selecting the Correct Encryption Method. Selecting the Correct Encryption Method. Safeguarding the Encryption Key.

Encryption

Encryption Security Passwords Education

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

Hunton Privacy

JANUARY 13, 2016

(“Schein”), agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data. The FTC asserted that, in 2012, the Dentrix G5 software incorporated a third party database engine that included a form of data protection that Schein advertised as “encryption.”

Encryption

Encryption Insurance Data breaches Privacy

My 7 top security publications from the ICO

Data Protector

OCTOBER 29, 2016

Bring your own device (May 2013). Privacy in mobile apps – guidance for app developers (Dec 2013). Encryption (Mar 2016) This 35-page guide highlights, through a range of practical scenarios, when different encryption strategies can help provide a greater level of protection.

Security

Security Personal data Encryption Cloud

Two NSA Algorithms Rejected by the ISO

Schneier on Security

APRIL 25, 2018

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors.

IoT

IoT Encryption Risk IT

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Security Affairs

JUNE 9, 2022

The group has been active since at least 2013, the Aoqin Dragon was observed seeking initial access primarily through document exploits and the use of fake removable devices. The APT primary focus on cyberespionage against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.

Encryption

Encryption Education Cybersecurity Security

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” ” reads an advisory published by the Microsoft Tech Community.

Authentication

Authentication Communications Encryption IT

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Probably not.

Computer and Electronics

Computer and Electronics Encryption Government Privacy

NIST Announced Four Quantum-Resistant Cryptographic Algorithms

Thales Cloud Protection & Licensing

JULY 18, 2022

The National Institute of Standards and Technology (NIST) has selected the first collection of encryption tools designed to withstand the assault of a future quantum computer, which might compromise the security employed to preserve privacy in the digital systems we rely on. Thales innovates in crypto-research.

Encryption

Encryption Risk Security Cloud

The Rise of the Bad Bots

Thales Cloud Protection & Licensing

APRIL 22, 2024

In 2013, when Imperva first launched the Bad Bot Report, bad bots comprised 23.6% Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.", and human traffic for 57%.

Digital transformation

Digital transformation Retail Access Encryption

How 5G Operators Can Prepare for The Quantum Era

Thales Cloud Protection & Licensing

JANUARY 29, 2024

Hybrid cryptography can secure data in motion by combining symmetric encryption with public key ciphers. How Thales Can Help Thales, a leading provider of PQC solutions, has been actively involved in R&D and standardization efforts since 2013. Find Thales in Hall 2, Stand 2J30.

Risk

Risk Encryption Cybersecurity Paper

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. “This is an effort to conceal the execution.”

File names

File names Encryption Libraries IT

North Korea-linked APT breached the Seoul National University Hospital

Security Affairs

MAY 11, 2023

Kimsuky cyberespiona group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. .” reported the YonHap News agency. The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.

Encryption

Encryption Communications Security Access

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running.

Ransomware

Ransomware Data breaches Encryption Systems administration

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”. Trotter further argued that encryption of Anthem’s data at rest would have offered only minimal security benefits and would not have prevented the hack.

Data Privacy

Data Privacy Compliance Privacy Security

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year. “ Attor’s espionage operation is highly targeted – we were able to trace Attor’s operation back to at least 2013, yet, we only identified a few dozen victims.” ” reads the analysis published by ESET.

Communications

Communications Encryption Metadata Libraries

GDPR: Data transfers outside the EU – what are the rules?

IT Governance

JULY 29, 2019

Pseudonymisation and encryption. The GDPR advises organisations to pseudonymise and/or encrypt all personal data. According to Gemalto’s Breach Level Index , only 4% of data breaches since 2013 have involved encrypted data. Encryption also obscures information by replacing identifiers with something else.

GDPR

GDPR Personal data Encryption Data breaches

Transferring personal data under the GDPR

IT Governance

JANUARY 3, 2018

Pseudonymisation and encryption. The GDPR advises organisations to pseudonymise and/or encrypt all personal data. According to Gemalto’s Breach Level Index , only 4% of data breaches since 2013 have involved encrypted data. Encryption also obscures information by replacing identifiers with something else.

Personal data

Personal data GDPR Encryption Data breaches

Adobe Settles Multistate Data Breach Enforcement Action

Hunton Privacy

NOVEMBER 14, 2016

(“Adobe”) entered into an assurance of voluntary compliance (“AVC”) with 15 state attorneys general to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. Adobe notified more than 3.1

Data breaches

Data breaches Passwords Encryption Compliance

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

SEPTEMBER 23, 2019

The experts were able to analyze only dropped samples, as the real payload was encrypted with various droppers. ” Once decrypted the final payload, Kaspersky researchers noticed similarities with the Dark Seoul campaign uncovered in 2013 and attributed to the Lazarus APT group. ” concludes Kaspersky.

Archiving

Archiving Encryption Passwords Access

Yahoo proposes $117.5 million for the settlement of data breach

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. Unluckily, Yahoo faced three massive data breaches in the year between 2013 to 2016. The leaked personal information included passwords that were encrypted but could be cracked by the hackers.

Data breaches

Data breaches Sales Encryption Passwords

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: The company found that data on its network had been encrypted without its knowledge. Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV Date of breach: 19 September 2013 (AlphV uploaded first part of data to its website on 19 October 2023). The attackers demanded $1.9

Data Privacy

Data Privacy Privacy Security Data breaches

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group. “ Threat actors used a custom steganography algorithm to hide the encrypted payload within PNG images to to avoid detection. ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

2018 is the Year for POPI in South Africa

Thales Cloud Protection & Licensing

FEBRUARY 13, 2018

Continuing the trend in many regions toward introducing new data protection legislation, the POPI Act was signed into law in 2013 by South African President Jacob Zuma, although it is not yet fully effective. Encrypt Everything. South Africa’s Information Regulator is expected to put the Act into force in the second half of 2018.

Encryption

Encryption e-Discovery Personal data Risk

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

For example, RevCode’s website touted the software’s compatibility with all “ crypters ,” software that can encrypt, obfuscate and manipulate malware to make it harder to detect by antivirus programs. In February 2015, a then 24-year-old Alex Yücel pleaded guilty in a U.S.

Sales

Sales Archiving Encryption Passwords

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

Hunton Privacy

JULY 16, 2021

According to the Regulators, the Proposed Guidance largely would adopt the text of the OCC’s 2013 guidance, broadening its scope to include organizations supervised by all three Regulators.

Risk

Risk Insurance Sales Encryption

NSA, CISA Report Outlines Risks, Mitigations for Kubernetes

eSecurity Planet

AUGUST 5, 2021

Since Docker hit the scene in 2013, containers have become a primary way for developers to create and deploy applications in an increasingly distributed IT world of on-premises data centers, public and private clouds, and the edge. ” Containers, Kubernetes Take Over.

Risk

Risk Cloud Encryption Cybersecurity

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Hladyr also controlled the organization’s encrypted channels of communication.”

Systems administration

Systems administration Encryption Communications Security

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

The settlement stemmed from the theft of two laptops stolen from Horizon headquarters in November 2013, when personnel from outside vendors performing renovations and moving services at Horizon’s Newark headquarters had unsupervised access to the area where company laptops were stored.

Insurance

Insurance Privacy Encryption Passwords

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats. organizations between January 2013 and July 2019. Ransomware hacking groups extorted at least $144.35

Computer and Electronics

Computer and Electronics Encryption Cybersecurity Privacy

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

Hunton Privacy

FEBRUARY 3, 2017

OCR found Children’s to be noncompliant with HIPAA due to Children’s (1) “failure to implement risk management plans, contrary to prior external recommendations to do so” and (2) “failure to deploy encryption or an equivalent alternative measure on all of its laptops, work stations, mobile devices and removable storage media until April 9, 2013.”.

Privacy

Privacy Security Insurance Encryption

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Many password managers also encrypt passwords to create an additional layer of protection. We celebrated World Password Day on May 6, 2021. Related: Credential stuffing fuels account takeovers.

Passwords

Passwords Security Authentication Paper

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

The Last Watchdog

APRIL 5, 2019

Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Digital transformation

Digital transformation Security Cloud Access

New TSX Speculative Attack allows stealing sensitive data from latest Intel CPUs

Security Affairs

NOVEMBER 13, 2019

The Zombieload 2 attack only affects CPU supporting the Intel TSX instruction-set extension, a condition that is true in all Intel CPUs manufactured since 2013. An attacker could exploit the flaw to steal sensitive data, including passwords and encryption keys. ” reads the security advisory published by Intel.

Data structuring

Data structuring Manufacturing Encryption Passwords

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

Hunton Privacy

OCTOBER 9, 2013

On October 2, 2013, the 86th Conference of the German Data Protection Commissioners concluded in Bremen. securing electronic communications by implementing and developing end-to-end encryption. Resolution on End-to-End Encryption. The previous Conference was held in Bremerhaven in March 2013.

Computer and Electronics

Computer and Electronics Encryption Communications Insurance

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

Kaspersky experts found a similar sample on Google Play, it implements high levels of encryption, furthermore, the malicious code was able to download and execute additional malicious payloads that would be suitable to the specific device environment (i.e Android version, installed apps). . ” continues the analysis.

Marketing

Marketing Encryption IT Cybersecurity

Ransomware Protection in 2021

eSecurity Planet

FEBRUARY 16, 2021

All of your files are encrypted with RSA-2048 and AES-128 ciphers.” ” Or you might see a readme.txt stating, “Your files have been replaced by these encrypted containers and aren’t accessible; you will lose your files on [enter date] unless you pay $2500 in Bitcoin.” IMPORTANT INFORMATION !!!

Ransomware

Ransomware Encryption Insurance Cloud

Neiman Marcus Settles Lawsuit Over Payment Card Breach

Attorney General William Barr on Encryption Policy

Webinars

Trending Sources

Attorney General Barr and Encryption

Webinars

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

3 of the Worst Data Breaches in the World That Could Have Been Prevented

California Attorney General Releases New Report with Findings and Recommendations on 2013 Data Breaches

Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty

ICO Stresses Importance of Encryption for Data Security

FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

My 7 top security publications from the ICO

Two NSA Algorithms Rejected by the ISO

Previously undocumented Aoqin Dragon APT targets entities in Southeast Asia and Australia

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Snowden Ten Years Later

NIST Announced Four Quantum-Resistant Cryptographic Algorithms

The Rise of the Bad Bots

How 5G Operators Can Prepare for The Quantum Era

New KilllSomeOne APT group leverages DLL side-loading

North Korea-linked APT breached the Seoul National University Hospital

A Closer Look at the Snatch Data Ransom Group

Security Compliance & Data Privacy Regulations

Attor malware was developed by one of the most sophisticated espionage groups

GDPR: Data transfers outside the EU – what are the rules?

Transferring personal data under the GDPR

Adobe Settles Multistate Data Breach Enforcement Action

North Korea-linked malware ATMDtrack infected ATMs in India

Yahoo proposes $117.5 million for the settlement of data breach

The Week in Cyber Security and Data Privacy: 16–22 October 2023

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

2018 is the Year for POPI in South Africa

Who’s Behind the RevCode WebMonitor RAT?

Federal Banking Regulators Request Comment on Proposed Guidance for Third-Party Risk Management

NSA, CISA Report Outlines Risks, Mitigations for Kubernetes

A member of the FIN7 group was sentenced to 10 years in prison

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

MY TAKE: How ‘CASBs’ are evolving to close the security gaps arising from digital transformation

New TSX Speculative Attack allows stealing sensitive data from latest Intel CPUs

German DPAs Address a Wide Range of Topics at Annual Conference and Adopt Resolutions

PhantomLance, a four-year-long cyberespionage spying campaign

Ransomware Protection in 2021

Stay Connected