2015 - Information Management Today

Coronavirus-themed attacks April 05 – April 11, 2020

Security Affairs

APRIL 12, 2020

In this post, I decided to share the details of the Coronavirus-themed attacks launched from April 05 to April 11, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Coronavirus-themed attacks April 05 – April 11, 2020 appeared first on Security Affairs. Pierluigi Paganini.

Phishing

Phishing Ransomware Data breaches Government

Adobe fixed several memory corruption issues in some of its products

Security Affairs

MAY 20, 2020

for Adobe Premiere Rush 05/19/2020 05/19/2020 APSB20-28 Security?update for Adobe Audition 05/19/2020 05/19/2020 APSB20-27 Security?update for Adobe Premiere Pro 05/19/2020 05/19/2020 APSB20-25 Security?update 05/19/2020 05/19/2020. APSB20-29 Security?update update available?for

IT

IT Security Information Security

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the researchers. Pierluigi Paganini.

Retail

Retail Phishing Marketing IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Google addresses over 70 flaws in Android, including a remotely exploitable issue

Security Affairs

MARCH 4, 2020

Google also issued the 2020-03-05 security patch level that addresses 60 vulnerabilities in the system, kernel components, FPC, MediaTek, Qualcomm, and Qualcomm closed-source components. The 2020-03-05 security patch level also fixed a high severity issue (CVE-2020-0069) in MediaTek components that could lead to elevation of privilege.

Security

Security Risk IT Information Security

FTC says $12 million were lost due to Coronavirus-related scams

Security Affairs

APRIL 14, 2020

.” Unfortunately, crooks continue to attempt to take advantage of the current COVID-19 outbreak, if you are interested in a list of recent Coronavirus-themed attacks give a look here: Coronavirus-themed attacks April 05 – April 11, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security IT

Experts found a remote-code execution flaw in SQLite

Security Affairs

MAY 11, 2019

.” Talos published technical details of the vulnerability that was addressed with the released of SQLite version 3.28 , Timeline for the vulnerability is: 2019-02-05 – Vendor Disclosure 2019-03-07 – 30 day follow up with vendor; awaiting moderator approval 2019-03-28 – Vendor patched 2019-05-09 – Public Release.

Libraries

Libraries Security IT

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

The vendor pointed out that both My Book Live and My Book Live Duo devices received the last firmware update back in 2015 and are no longer supported. . “It is very scary that someone can do factory restore the drive without any permission granted from the end user…” wrote another user on the forum.

Security

Security Access IT Cybersecurity

Google fixes a critical DoS flaw tracked as CVE-2019-2232 in Android

Security Affairs

DECEMBER 9, 2019

Google addressed more than 40 vulnerabilities, including 17 as part of the 2019-12-01 security patch level , and 27 more in the 2019-12-05 security patch level. The 2019-12-05 security patch level addresses one high-severity information disclosure issue in Framework and one in the System.

Risk

Risk Security IT Information Security

CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Security Affairs

JUNE 10, 2019

Below the timeline of the flaw: 2019-05-22 Vim and Neovim maintainers notified 2019-05-23 Vim patch released 2019-05-29 Neovim patch released 2019-06-05 CVE ID CVE-2019-12735 assigned. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Access IT Information Security

Metadata Requirements for Permanent Electronic Records in the Cloud

National Archives Records Express

NOVEMBER 6, 2017

Metadata are records that need to be managed and retrievable These NARA Bulletins provide further records management guidance for agencies on the topic of metadata and cloud computing: NARA Bulletin 2015-04 : Metadata Guidance for the Transfer of Permanent Electronic Records.

Metadata

Metadata Cloud Computer and Electronics Records Management

Hackers stole more than $150 million from KuCoin cryptocurrency exchange

Security Affairs

SEPTEMBER 26, 2020

“We detected some large withdrawals since September 26, 2020 at 03:05:37 (UTC+8). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Deposits and withdrawals have been temporarily suspended while the company is investigating the security incident. ” reads a statement published by the company.

Security

Security IT Information Security

The Rise of the Bad Bots

Thales Cloud Protection & Licensing

APRIL 22, 2024

The Rise of the Bad Bots madhav Tue, 04/23/2024 - 05:13 Imperva's annual Bad Bot Report is always a fascinating – albeit alarming – insight into the nature of non-human internet traffic. However, by 2015, bad bot traffic had fallen to its lowest historical level of 18.6%, mainly due to increased human traffic from China, India, and Indonesia.

Digital transformation

Digital transformation Retail Access Encryption

Comodo Antivirus is affected by several vulnerabilities

Security Affairs

JULY 23, 2019

05/07/19 – Comodo confirms some vulnerabilities, waiting to confirm others. 05/20/19 – Tenabe requests status update. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Below the timeline for the flaw: 04/17/19 – Tenable discloses to Comodo. Pierluigi Paganini.

Access

Access Security IT Information Security

Google May 2019 Patches address 4 RCE flaws in Android

Security Affairs

MAY 8, 2019

and 9 and was addressed on all devices running the Android 2019-05-01 security patch level. . The Android 2019-05-01 security patch level also addresses a Moderate risk elevation of privilege vulnerability in Framework. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the advisory.

Risk

Risk Security Access

Coronavirus-themed attacks April 19 – April 25, 2020

Security Affairs

APRIL 26, 2020

Coronavirus-themed attacks April 05 – April 11, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. If you are interested in COVID19-themed attacks from February 1 give a look at the following posts: Coronavirus-themed attacks March 22 – March 28, 2020.

Cybersecurity

Cybersecurity Government Security IT

Security Affairs newsletter Round 260

Security Affairs

APRIL 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – newsletter, hacking). adrotate banner=”13″].

Security

Security Phishing Ransomware Sales

First Google security patches for Android in 2019 fix a critical flaw

Security Affairs

JANUARY 9, 2019

The 2019-01-05 security patch level addressed a total of 14 vulnerabilities in Kernel components (7), NVIDIA components (1), Qualcomm components (3), and Qualcomm closed-source components (3). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 4 High risk elevation of privilege issues. Pierluigi Paganini.

Security

Security Risk IT

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

JULY 17, 2020

A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The gang gained access to twenty Orange Pro/SME customers’ data. “A ” reads a statement issued by Orange.

Business Services

Business Services Ransomware Manufacturing Archiving

Google addressed three critical code execution flaws in Android Media Framework

Security Affairs

JULY 3, 2019

The 2019-07-05 security patch level addressed a total of 21 flaws in Qualcomm components (2 rated as Critical and 6 as High severity) and Qualcomm closed source components (3 rated as Critical and 10 as High severity). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries

Libraries Security IT Information Security

Tracking Iran-linked APT33 group via its own VPN networks

Security Affairs

NOVEMBER 14, 2019

7/1/19 7/2/19 54.36.73.108 7/22/19 10/05/19 54.37.48.172 10/22/19 11/05/19 54.38.124.150 10/28/18 11/17/18 88.150.221.107 9/26/19 11/07/19 91.134.203.59 ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. IP address First seen Last seen 5.135.120.57 12/4/18 1/24/19 5.135.199.25

IT

IT Military Security

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

MARCH 4, 2020

In a couple of hours (05:22 UTC) it fixed the problem and re-enabled issuance. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The organization confirmed the bug at 2020-02-29 03:08 UTC, and two minutes later halted issuance. According to Let’s Encrypt, the bug was likely introduced on 2019-07-25.

Encryption

Encryption IT Security Information Security

A missing authorization check in WordPre WPvivid plugin that can lead to the exposure of the database and all files

Security Affairs

MARCH 27, 2020

05-03-2020 – Asked for update regarding the report. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Below the timeline for this vulnerability: 28-02-2020 – Discovery of the vulnerability in WPvivid and release of a virtual patch to all WebARX customers.

Authentication

Authentication IT Access Security

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

zip MD5: 4410f53446fe6784f904a75df57e7ad7 SHA1: 814525924cd65f488348e921c1ca23a7da0085b5 First submission VT: 2020-05-02 01:32:12. Threat name: fZpoAruv.exe MD5: dc61d6239c2848bf8994df95740cbb13 SHA1: 7eb6088157f3fbc0a758c4402c563bdfe1e91ee2 First submission VT: 2020-05-03 07:35:06. Initial infection – the zip file (1st stage).

Communications

Communications Phishing Access IT

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Security Affairs

JUNE 4, 2020

“Approximately 12:00 on June 1, 2020, as a result of detecting an abnormality in the monitoring work and starting an investigation, from around 0:05 on May 31, 2020, in our account in “Ome.com”, It was confirmed that the domain registration information was changed by a third party. Pierluigi Paganini.

Phishing

Phishing Access Communications Security

Sodinokibi ransomware uses MS API to encrypt open and locked files

Security Affairs

MAY 11, 2020

2020-05-08: #REvil #Ransomware Decrypter v2.2 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. This frees files that are in use and allows installation operations to complete,” The popular malware researcher Vitali Kremez noted that the REvil Decryptor v2.2 Pierluigi Paganini.

Encryption

Encryption Ransomware Cybersecurity Security

Experts disclose security flaws in Oracle’s iPlanet Web Server

Security Affairs

MAY 11, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Oracle’s iPlanet Web Server, hacking).

Security

Security Phishing Encryption Authentication

Expert presented a new attack technique to compromise MikroTik Routers

Security Affairs

OCTOBER 8, 2018

release date: 05-25-2018) using the x86 ISO.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The most critical of these vulnerabilities is the authenticated RCE, which would allow attackers to potentially gain full system access. They were tested against RouterOS 6.42.3 ” concludes Tenable Research.

Authentication

Authentication Access Passwords Security

SystemBC, a new proxy malware is being distributed via Fallout and RIG EK

Security Affairs

AUGUST 3, 2019

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. “The synergy between SystemBC as a malicious proxy and mainstream malware creates new challenges for defenders relying on network edge detections to intercept and mitigate threats like banking Trojans.” Pierluigi Paganini.

e-Delivery

e-Delivery Sales Communications Security

CSRF flaw in WordPress potentially allowed the hack of websites

Security Affairs

MARCH 14, 2019

2019/02/05 WordPress proposes a patch, we provide feedback. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 2019/02/05 WordPress proposes a patch, we provide feedback. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 2019/03/13 WordPress 5.1.1 Pierluigi Paganini.

Security

Security IT

Getting the most out of digital insight: Key challenges for banks

CGI

MAY 2, 2016

Mon, 05/02/2016 - 05:28. During the 2015 VOC program, we interviewed 110 bank executives across 14 countries. 1 Gartner, IT Key Metrics Data 2016: Key Industry Measures: Banking and Financial Services Analysis: Multiyear, December 14, 2015. Getting the most out of digital insight: Key challenges for banks.

Customer Experience

Customer Experience Financial Services Analytics Cloud

Cisco WebEx Meetings affected by a new elevation of privilege flaw

Security Affairs

FEBRUARY 27, 2019

2018-12-05: Cisco confirmed the reception of the advisory and informed they will open a case. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 2018-12-05: Cisco confirmed the reception of the advisory and informed they will open a case. The first one targeting the 33.8.X Pierluigi Paganini.

Authentication

Authentication Security IT

Hacking the ‘Unhackable’ eyeDisk USB stick

Security Affairs

MAY 12, 2019

He discovered it was possible to improve the attack with an automated command script that would abuse sub opcode 05 to force the password to be dumped. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. .” The expert also analyzed the controller of the USB stick and the way it use custom SCSI commands.

Passwords

Passwords Authentication Encryption IT

Health policy challenges to achieving big data outcomes, part I

CGI

MAY 5, 2015

Tue, 05/05/2015 - 05:30. Produire des résultats à partir des données massives : politiques de santé et défis liés à la mise en œuvre – 1re partie.

Big data

Big data Insurance Communications

Award Ceremonies – why do we do it?

CGI

NOVEMBER 16, 2015

Mon, 11/16/2015 - 05:43. 2015 has been a good year for CGI; we won the contract to supply ICT Services to City of Edinburgh Council , a contract worth £186m, bringing over 200 new jobs to the city, and more than 60 Modern Apprentices. Submitted by Chris Morton on December 5, 2015. Award Ceremonies – why do we do it?

IT

IT Education Access

Amazon’s Ring Video Doorbell could open the door of your home to hackers

Security Affairs

NOVEMBER 7, 2019

Passwords

Passwords IoT Authentication Communications

Banking on a digital future

CGI

JUNE 15, 2015

Mon, 06/15/2015 - 05:40. Banking on a digital future. p.butler@cgi.com. In my last blog I shared my views on the impact of the digital revolution and its far reaching impact on every one of us and the companies we work for. I read a recent article in the Financial Times about the race to the first true digital bank.

Access

Access IT

Does Anybody Really Know What Time It Is?: eDiscovery Throwback Thursdays

eDiscovery Daily

OCTOBER 9, 2019

05:00 (at least for Central Daylight Time) as a time offset of five hours earlier than the UTC time. So, a workstation displaying the time of an email in Central time would display it as UTC?05:00 So, it’s 7:11 (oh, thank heaven!)

IT

IT Computer and Electronics Education

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

One of the last analyzed samples (2020-05-21 – 8491a619dc6e182437bd4482d6e97e3a ) is scrutinized below. The sample was available for download between 2020-05-18 and 2020-05-22. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Grandoreiro VBS file – First stage (Portugal May 2020).

Communications

Communications Archiving Access IT

The number of exploits in the Echobot botnet reached 59

Security Affairs

AUGUST 7, 2019

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 16 Remote Command Execution EyeLock nano NXT 3.5 Remote Code Execution OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 5.5.1 ‘welcome’ Remote Command Execution op5 7.1.9

IoT

IoT CMS Authentication Security

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)

CGI

JUNE 17, 2019

Mon, 06/17/2019 - 05:09. For example, a 2016 power cut in the Ukrainian capital, Kiev has been linked to a hack and blackout in 2015 that affected 225,000 households. Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs). and continuous disruptions pose a serious risk.

Energy and Utilities

Energy and Utilities Cybersecurity CMS Security

Order, Order: Why the UK court system is ready for transformational change…

CGI

JULY 28, 2016

Thu, 07/28/2016 - 05:17. A Citizens Advice study in 2015 found that one in five people who had been involved in the UK court system left with a worse opinion than when they entered it. Order, Order: Why the UK court system is ready for transformational change…. The UK Criminal Justice System is suffering a crisis of public perception.

Paper

Paper Government IT

A pragmatic solution to the cyber talent shortage: Co-sourcing

CGI

MAY 11, 2015

Mon, 05/11/2015 - 02:21. A pragmatic solution to the cyber talent shortage: Co-sourcing. CGI recently partnered with Pierre Audoin Consultants (PAC) to study cybersecurity trends in the United Kingdom. A key question asked was this: “Is cybersecurity now too hard for enterprises?”

Cybersecurity

Cybersecurity Cloud Government Security

The perfect digital storm

CGI

APRIL 10, 2015

Fri, 04/10/2015 - 05:36. The perfect digital storm. ravi.kumarv@cgi.com. I recently attended a Tech UK discussion forum, the subject was ‘Has technology created or destroyed jobs’, t he answer is, of course, both.

Personal data

Personal data Communications Cloud Risk

Rethinking how things get done, part 3: Managing change as an everyday part of business

CGI

MARCH 20, 2019

Wed, 03/20/2019 - 05:06. Since 2015, our clients have been telling us that they are in a constant state of disruption and that change has become an everyday occurrence in their business. Rethinking how things get done, part 3: Managing change as an everyday part of business.

Mining

Mining Government Risk IT

Coronavirus-themed attacks April 05 – April 11, 2020

Adobe fixed several memory corruption issues in some of its products

Webinars

Trending Sources

North Korean Lazarus APT stole credit card data from US and EU stores

Webinars

Google addresses over 70 flaws in Android, including a remotely exploitable issue

FTC says $12 million were lost due to Coronavirus-related scams

Experts found a remote-code execution flaw in SQLite

Hackers exploit 3-years old flaw to wipe Western Digital devices

Google fixes a critical DoS flaw tracked as CVE-2019-2232 in Android

CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Metadata Requirements for Permanent Electronic Records in the Cloud

Hackers stole more than $150 million from KuCoin cryptocurrency exchange

The Rise of the Bad Bots

Comodo Antivirus is affected by several vulnerabilities

Google May 2019 Patches address 4 RCE flaws in Android

Coronavirus-themed attacks April 19 – April 25, 2020

Security Affairs newsletter Round 260

First Google security patches for Android in 2019 fix a critical flaw

Orange Business Services hit by Nefilim ransomware operators

Google addressed three critical code execution flaws in Android Media Framework

Tracking Iran-linked APT33 group via its own VPN networks

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

A missing authorization check in WordPre WPvivid plugin that can lead to the exposure of the database and all files

Brazilian trojan banker is targeting Portuguese users using browser overlay

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Sodinokibi ransomware uses MS API to encrypt open and locked files

Experts disclose security flaws in Oracle’s iPlanet Web Server

Expert presented a new attack technique to compromise MikroTik Routers

SystemBC, a new proxy malware is being distributed via Fallout and RIG EK

CSRF flaw in WordPress potentially allowed the hack of websites

Getting the most out of digital insight: Key challenges for banks

Cisco WebEx Meetings affected by a new elevation of privilege flaw

Hacking the ‘Unhackable’ eyeDisk USB stick

Health policy challenges to achieving big data outcomes, part I

Award Ceremonies – why do we do it?

Amazon’s Ring Video Doorbell could open the door of your home to hackers

Banking on a digital future

Does Anybody Really Know What Time It Is?: eDiscovery Throwback Thursdays

Grandoreiro Malware implements new features in Q2 2020

The number of exploits in the Echobot botnet reached 59

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)

Order, Order: Why the UK court system is ready for transformational change…

A pragmatic solution to the cyber talent shortage: Co-sourcing

The perfect digital storm

Rethinking how things get done, part 3: Managing change as an everyday part of business

Stay Connected