2015, Events and Security - Information Management Today

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

MAY 2, 2019

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The post A ‘Cyber Event’ disrupted power grid operations in three US states appeared first on Security Affairs.

Energy and Utilities

Energy and Utilities Security IT

ReiKey app for macOS can detect Mac Keyloggers using event taps

Security Affairs

JANUARY 7, 2019

ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes. The ReiKey app monitor systems for applications that analyzed keyboard ‘ event taps ‘ to monitor and filter input events from several points within the system intercept keystrokes.

Security

Security IT

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

NOVEMBER 27, 2018

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. .” ” wrote Tarr.

Libraries

Libraries Encryption IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

MAY 2, 2019

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The post A ‘Cyber Event’ disrupted power grid operations in three US states appeared first on Security Affairs.

Energy and Utilities

Energy and Utilities Security IT

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. The wallet was monitored since 2015 because it was associated with hacking activities, it had been “ dormant ” since 2015. 2015* apparently, maybe the owner? Pierluigi Paganini.

Passwords

Passwords Security IT Information Security

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

Another 0-Day Looms for Many Western Digital Users

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But just days before the event Western Digital released MyCloud OS 5 , which eliminated the bug they found.

Cloud

Cloud Passwords Communications Security

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. “Observed targeting includes pen testers, private offensive security researchers, and employees at security and tech companies. .” ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Security Affairs

OCTOBER 30, 2020

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention. Organizations are no strangers to security incidents in their Kubernetes environments. It will then provide recommendations on how organizations can secure each of these components.

Security

Security Cloud Access IT

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

The Last Watchdog

JUNE 22, 2021

Network security is in the throes of a metamorphosis. Advanced technologies and fresh security frameworks are being implemented to deter cyber attacks out at the services edge, where all the action is. Related: Automating security-by-design in SecOps. This means Security Operations Centers are in a transition.

Security

Security Digital transformation Ransomware IoT

Rapid7 InsightIDR Review: Features & Benefits

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? This article looks at the top three benefits of the Rapid7 InisightIDR solution.

Analytics

Analytics Cloud Cybersecurity Honeypots

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Security Affairs

FEBRUARY 7, 2020

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. In January, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Manufacturing Data breaches Access

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

Security Affairs

FEBRUARY 16, 2020

Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak. We still plan to host the event in Singapore this fall & will post new dates ASAP. Organizers of another important cyber security conference, DEF CON China 2.0

Cybersecurity

Cybersecurity Security Risk IT

The Pyramid Hotel Group data leak exposes 85GB of security logs of major hotel chains

Security Affairs

MAY 31, 2019

Researchers discovered 85.4GB of security audit logs, the exposed data also include monitoring and alerts, reported system errors, misconfiguration, policy violations, potential attempted malicious breaches, and other cybersecurity events. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Cybersecurity Data breaches IT

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Security Affairs

JANUARY 20, 2020

Expert found a hardcoded SSH public key in Fortinet ’s Security Information and Event Management FortiSIEM that can allow access to the FortiSIEM Supervisor. . ” reads the security advisory. ” Fortinet published a security advisory for the issue that is tracked as CVE-2019-17659. Pierluigi Paganini.

Authentication

Authentication Access Security IT

Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

Security Affairs

MARCH 19, 2020

The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits. ” reads the official page of the event. Pierluigi Paganini.

Security

Security IT Information Security

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. See CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. (For The Act does not, of course, supersede federal privacy or data security laws, such as HIPAA. 11 to the Ohio Revised Code.

Insurance

Insurance Security Cybersecurity Data breaches

Guardzilla Security Video System Footage exposed online

Security Affairs

DECEMBER 29, 2018

The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. “During the 0DAYALLDAY Research Event a vulnerability was discovered ( CVE-2018-5560 ) in the Guardzilla Security Video System Model #: GZ521W. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security IoT Passwords Access

SecurityAffairs awarded as Best European Cybersecurity Technical Blog

Security Affairs

JUNE 2, 2020

“In the true spirit of the event, we didn’t let COVID-19 stop us this year; and thanks to the headline sponsor, Qualys, we were able to deliver a fun, virtual event complete with a cocktail making experience. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cybersecurity

Cybersecurity Education Security

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. S ee CT Gen Stat § 38a-999b (2015) ; 23 NYCRR 500. The Act does not, of course, supersede federal privacy or data security laws, such as HIPAA. 6491 (Act).

Insurance

Insurance Security Cybersecurity FOIA

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? “These events ensue an unsatisfying narrative – Is it really hacktivism or cyber espionage?” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military

Military Manufacturing Phishing Government

Are you critical? Amendments to the Security of Critical Infrastructure Act (2018) dramatically expand its scope and impact across Australian industry

Data Protection Report

DECEMBER 6, 2021

Significant changes to the law with respect to security of critical infrastructure in Australia, including enhanced cybersecurity incident reporting requirements and the inclusion of further asset classes have been passed. This legislation amends the Security of Critical Infrastructure Act 2018 (Cth) ( Act ) in four significant ways.

IT

IT Security Cybersecurity Government

A powerful DDoS attack hit Hungarian banks and telecoms services

Security Affairs

SEPTEMBER 26, 2020

“The volume of data traffic in the attack was 10 times higher than the amount usually seen in DDoS events, the company said.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post A powerful DDoS attack hit Hungarian banks and telecoms services appeared first on Security Affairs.

IT

IT Security Information Security

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Security Affairs

MAY 18, 2020

“The Texas Department of Transportation determined that on May 14, 2020, there was unauthorized access to the agency’s network in a ransomware event” states the TxDOT. The Texas Department of Transportation determined that on May 14, 2020, there was unauthorized access to the agency’s network in a ransomware event. Pierluigi Paganini.

Ransomware

Ransomware Government Access IT

Sotto Speaks Out on Potential for “Armageddon-Type Cyber Event”

Hunton Privacy

MARCH 3, 2015

On March 2, 2015, HuffPost Live interviewed four cybersecurity experts in response to a top financial regulator’s warning of an “Armageddon-type cyber event” that could eventually affect the U.S.

Cybersecurity

Cybersecurity Privacy Government IT

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Artificial intelligence is an immensely helpful tool for businesses and consumers alike, how to use artificial intelligence to secure sensitive Information. In fact, keeping data secure is a significant part of what AI does in the modern world, though some hackers use technology for their own means. . Early Detection. Encryption.

Artificial Intelligence

Artificial Intelligence Information Security Security Passwords

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

The leak was reported to Wyze on December 26th at around 10:00 AM and the company immediately secured the database and launched an investigation. “Today, we are confirming that some Wyze user data was not properly secured and left exposed from December 4th to December 26th.” on December 26 by a reporter at IPVM.com. .

Security

Security IoT Data collection Access

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

OCTOBER 11, 2020

According to BleepingComputer, which cited a source informed on the event, Tyler Technologies paid a ransom of an unspecified amount to receive the decryption key and recover encrypted files. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported BleepingComputer. Pierluigi Paganini.

Ransomware

Ransomware Encryption Access Government

Magento fixed security flaws that allow complete site takeover

Security Affairs

JULY 4, 2019

Magento addressed security vulnerabilities that could be chained by an unauthenticated attacker to hijack administrative sessions and completely take over online stores. ” reads the analysis published by security firm RIPS Technologies. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Authentication IT Information Security

Dropbox paid more than $1 Million via its bug bounty program

Security Affairs

FEBRUARY 5, 2020

DropBox paid over $318,000 via the HackerOne platform for nearly 300 vulnerabilities and $336,479 at a live hacking event held in Singapore in 2019. They gathered to hack new scope and Dropbox core assets at Huone Event Center in the Clarke Quay area of Singapore.” ” reads the website of event. Pierluigi Paganini.

IT

IT Paper Security Information Security

Security Affairs newsletter Round 196 – News of the week

Security Affairs

JANUARY 13, 2019

The best news of the week with Security Affairs. ReiKey app for macOS can detect Mac Keyloggers using event taps. First Google security patches for Android in 2019 fix a critical flaw. Three security bugs found in the popular Linux suite systemd. Reddit locked Down accounts due to alleged security breach.

Security

Security Manufacturing Paper Ransomware

Security Affairs newsletter Round 191 – News of the week

Security Affairs

DECEMBER 2, 2018

The best news of the week with Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 191 – News of the week appeared first on Security Affairs. 20% discount. Kindle Edition. Paper Copy.

Data breaches

Data breaches Security Ransomware Paper

A flaw in LibreOffice could allow the hack of your PC

Security Affairs

JULY 26, 2019

The fix CVE-2019-9849 did not completely address the security researcher Alex Inführ explained hot to bypass it. “ LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. ” reads the security advisory. Pierluigi Paganini.

Security

Security IT Information Security

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The lawsuit concerns a May 2015 data breach in which hackers allegedly stole health information relating to 3.9 The complaint states that the Company failed to implement basic industry-accepted data security measures to protect PHI from unauthorized access, and did not have adequate controls in place.

Data breaches

Data breaches Computer and Electronics Security Insurance

Hurry Up! Update your LibreOffice because 2 patches have been bypassed

Security Affairs

AUGUST 16, 2019

LibreLogo allows users to specify pre-installed scripts in a document that can be executed when some events occur. CVE-2019-9851 vulnerability resides in a separate feature where documents can specify pre-installed scripts, just like LibreLogo, which can be executed on various global script events such as document-open, etc.

Security

Security IT Information Security

Security Affairs newsletter Round 212 – News of the week

Security Affairs

MAY 5, 2019

The best news of the week with Security Affairs. Microsoft removes Password-Expiration Policy in security baseline for Windows 10. A ‘Cyber Event disrupted power grid operations in three US states. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Kindle Edition. Paper Copy. Pierluigi Paganini.

Security

Security Passwords Ransomware Data breaches

Pwn2Own 2020 – Participants hacked Adobe Reader, Oracle VirtualBox, and Windows

Security Affairs

MARCH 20, 2020

The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits. ” reads the page of the event. Day 2 begun with Phi Ph?m “Phi Ph?m Pierluigi Paganini.

IT

IT Security Information Security

A flaw in Google Titan Security Keys expose users to Bluetooth Attacks

Security Affairs

MAY 16, 2019

Titan Security Keys are affected by a severe vulnerability, for this reason, Google announced it is offering a free replacement for vulnerable devices. Google announced it is offering a free replacement for Titan Security keys affected by a serious vulnerability that could be exploited by to carry out Bluetooth attacks.

Security

Security Phishing Communications Passwords

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory. For further information, see our blog post: [link] — Security Response (@msftsecresponse) October 29, 2020. Pierluigi Paganini.

Authentication

Authentication Passwords Security Government

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Security Affairs

APRIL 2, 2020

Pulse Secure VPN devices) and gateways to compromise the target network. Once the attackers have breached the target network, they leverage stolen credentials, attempt to dump credentials and disable security solutions, then download tools to gather intelligence and make lateral movements. . Pierluigi Paganini. Pierluigi Paganini.

Ransomware

Ransomware Risk Access Passwords

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Security Affairs

FEBRUARY 5, 2019

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. Security Affairs – Libre Office, hacking).

File names

File names Libraries Security IT

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

The vendor Fortinet has finally released security patches to remove the hardcoded SSH keys in Fortinet SIEM appliances. Fortinet has finally released security updates to remove the hardcoded SSH keys in Fortinet SIEM appliances. reads the security advisory. The unencrypted key is also stored inside the FortiSIEM image.

Authentication

Authentication Passwords Access Security

FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

SEPTEMBER 21, 2020

In the detection and analysis phase, the study recommends the use of baselining to detect potential cyber incidents, and the adoption of a decision tree or flowchart to quickly assess if a specific risk threshold is reached and if certain circumstances qualify as an event. ” reads the study. Pierluigi Paganini.

Energy and Utilities

Energy and Utilities Compliance Communications Cybersecurity

Rogue employees at Shopify accessed customer info without authorization

Security Affairs

SEPTEMBER 23, 2020

The company is not aware of the illegal use of the accessed data, it pointed out that the incident was not the result of a security vulnerability in its platform. We don’t take these events lightly at Shopify.”the Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ”the company concludes.

Access

Access Communications IT Security

A ‘Cyber Event’ disrupted power grid operations in three US states

ReiKey app for macOS can detect Mac Keyloggers using event taps

Webinars

Trending Sources

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Webinars

A ‘Cyber Event’ disrupted power grid operations in three US states

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Another 0-Day Looms for Many Western Digital Users

Microsoft: North Korea-linked Zinc APT targets security experts

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

MY TAKE: Equipping SOCs for the long haul – automation, edge security solidify network defenses

Rapid7 InsightIDR Review: Features & Benefits

Japanese defense contractors Pasco and Kobe Steel disclose security breaches

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

The Pyramid Hotel Group data leak exposes 85GB of security logs of major hotel chains

Expert found a hardcoded SSH Key in Fortinet SIEM appliances

Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Guardzilla Security Video System Footage exposed online

SecurityAffairs awarded as Best European Cybersecurity Technical Blog

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Researchers found alleged sensitive documents of NATO and Turkey

Are you critical? Amendments to the Security of Critical Infrastructure Act (2018) dramatically expand its scope and impact across Australian industry

A powerful DDoS attack hit Hungarian banks and telecoms services

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Sotto Speaks Out on Potential for “Armageddon-Type Cyber Event”

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security experts disclosed Wyze data leak

Tyler Technologies finally paid the ransom to receive the decryption key

Magento fixed security flaws that allow complete site takeover

Dropbox paid more than $1 Million via its bug bounty program

Security Affairs newsletter Round 196 – News of the week

Security Affairs newsletter Round 191 – News of the week

A flaw in LibreOffice could allow the hack of your PC

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Hurry Up! Update your LibreOffice because 2 patches have been bypassed

Security Affairs newsletter Round 212 – News of the week

Pwn2Own 2020 – Participants hacked Adobe Reader, Oracle VirtualBox, and Windows

A flaw in Google Titan Security Keys expose users to Bluetooth Attacks

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Severe bug in LibreOffice and OpenOffice suites allows remote code execution

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

FERC, NERC joint report on cyber incident response at electric utilities

Rogue employees at Shopify accessed customer info without authorization

Stay Connected