2015, IT and Security - Information Management Today

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

IT

IT Ransomware Systems administration Authentication

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Passwords

Passwords Data breaches Marketing IT

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. “In September 2015, Apple managers had a dilemma on their hands: should, or should they not notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Pierluigi Paganini.

Passwords

Passwords Privacy IT Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Naikon APT is flying under the radar since 2015

Security Affairs

MAY 7, 2020

” The activity of the group was detailed in a report published by Kaspersky in 2015, but in the last five years, the group drastically changed its modus operandi to go silent. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. ” continues the report. Pierluigi Paganini.

Government

Government Archiving Cybersecurity IT

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Krebs on Security

JUNE 18, 2020

According to the indictment, Johnson stole employee information on all 65,000 then current and former employees, including their names, dates of birth, Social Security numbers, and salaries. ” 2014 and 2015 were particularly bad years for tax refund fraud, a form of identity theft which cost taxpayers and the U.S.

IT

IT Archiving Personal data Access

Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015

Security Affairs

NOVEMBER 19, 2019

Adobe announces the end of support for Acrobat 2015 and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015, the company will no longer receive any security updates after the deadline.

Security

Security IT Information Security

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

Security Affairs

OCTOBER 22, 2020

The Council of the European Union announced sanctions imposed on Russian military intelligence officers for 2015 Bundestag hack. The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Military

Military Government IT Security

A Retrospective on the 2015 Ashley Madison Breach

Krebs on Security

JULY 27, 2022

As first reported by KrebsOnSecurity on July 19, 2015 , a group calling itself the “ Impact Team ” released data sampled from millions of users, as well as maps of internal company servers, employee network account information, company bank details and salary information. 18, 2015, the Impact Team posted a “Time’s up!

Sales

Sales Archiving IT Privacy

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Darkode was taken down in 2015 as part of an FBI investigation sting operation , but screenshots of the community saved by this author show that DCReavers2 was already well known to the Darkode founders when his membership to the forum was accepted in May 2009. .” “We’ve identified in excess of a thousand of his victims.

IT

IT Ransomware Mining Sales

The DoD Isn't Fixing Its Security Problems

Schneier on Security

APRIL 17, 2020

While an assessment of "cybersecurity hygiene" like this doesn't directly analyze a network's hardware and software vulnerabilities, it does underscore the need for people who use digital systems to interact with them in secure ways. It has produced several reports outlining what's wrong and what needs to be fixed.

IT

IT Security Education Cybersecurity

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2022

CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Microsoft. Pierluigi Paganini.

IT

IT IoT Cybersecurity Authentication

Safe, Secure, Anonymous, and Other Misleading Claims

Troy Hunt

OCTOBER 4, 2023

"Anonymous" "Discreet" That was July 2015, and we all know what happened next. Here's a service that enables you to send an actual piece of smelly s**t to "An irritating colleague. School teacher. Your ex-wife. Filthy boss. Jealous neighbour. That successful former classmate. Or all those pesky haters."

Security

Security Data breaches Privacy IT

Indian-linked Patchwork APT infected its own system revealing its ops

Security Affairs

JANUARY 10, 2022

The APT group has been active since at least 2015, previous operations targeted military and political individuals across the world, it shows a specific interest in organizations in Pakistan. The post Indian-linked Patchwork APT infected its own system revealing its ops appeared first on Security Affairs. Pierluigi Paganini.

IT

IT Military Phishing Government

CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog

Security Affairs

FEBRUARY 11, 2023

US CISA added actively exploited flaws in Fortra MFT, Intel driver, and TerraMaster NAS, respectively tracked as CVE-2023-0669 , CVE-2015-2291 , and CVE-2022-24990 , to its Known Exploited Vulnerabilities Catalog. The CVE-2015-2291 flaw (CVSS v3 score 7.8) sys and IQVW64.sys.

IT

IT Ransomware Authentication Access

France Télévisions group hit by a cyber attack, its antennas were not impacted

Security Affairs

JUNE 27, 2020

In April 2015, the TV5Monde was hit by a severe cyber attack that compromised broadcasting of transmissions across its medium. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post France Télévisions group hit by a cyber attack, its antennas were not impacted appeared first on Security Affairs.

IT

IT Ransomware Security Information Security

2015 Ashley Madison Breach Is Back Just in Time for Valentine’s Day

Adam Levin

FEBRUARY 4, 2020

A new extortion scam is targeting users of marital infidelity site Ashley Madison whose accounts were compromised in a 2015 data breach. Moreover, like sextortion, the threat itself will likely evolve in response to tweaks by email security vendors,” wrote VadeSecure Senior Director Ed Hadley.

Data breaches

Data breaches Security IT

The British government aims at improving its offensive cyber capability

Security Affairs

OCTOBER 13, 2020

The news is not surprising for people working in the cyber security sector, the British military claims to have had an offensive cyber capability for a decade. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” Sanders confirmed. ” reported The Guardian. Pierluigi Paganini.

Government

Government Military IT Security

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Security Affairs

NOVEMBER 4, 2020

150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. appeared first on Security Affairs. Always free, no strings attached.

IT

IT Cybersecurity Marketing Information Security

Swiss watchmaker Swatch shuts down IT systems in response to a cyberattack

Security Affairs

SEPTEMBER 30, 2020

“For security reasons, the Group immediately took action and shut down precautionary some of its IT systems, which affected some operations.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The company turned off its systems to avoid other systems on its network from being infected.

IT

IT Ransomware Manufacturing Sales

Security Risks of Client-Side Scanning

Schneier on Security

OCTOBER 15, 2021

I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. It means I don’t have to.)

Risk

Risk Paper Security Encryption

CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. CVE-2021-3560 – Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation. We are in the final!

IT

IT Cybersecurity Communications Security

The head of the Federal Cyber Security Authority (BSI) faces dismissal

Security Affairs

OCTOBER 10, 2022

The German Interior Minister wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contacts with Russian security services. In 2015, Russia-linked hackers paralysed the computer network of the lower house of parliament, the Bundestag. Russia denied any accusation.

Security

Security Government Cybersecurity IT

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

However, Macron said that France will favor European providers of 5G technology due to security concerns. It’s normal that … we want a European solution” because of the importance of “the security of our communication,” Macron told reporters. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Military Manufacturing Risk

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

Sweden is banning Chinese tech giant Huawei and ZTE from building new 5G wireless networks due to national security concerns. The decision is the result of assessments made by the Swedish military and security service. Excluding Huawei will not make Swedish 5G networks any more secure.

IT

IT Military Manufacturing Risk

Garmin shut down its services after an alleged ransomware attack

Security Affairs

JULY 23, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Garmin shut down its services after an alleged ransomware attack appeared first on Security Affairs. 1/2) — Garmin (@Garmin) July 23, 2020. .”

Ransomware

Ransomware IT Data breaches Security

ISS reveals malware attack impacted parts of the IT environment

Security Affairs

FEBRUARY 23, 2020

ISS services include cleaning services, support services, property services, catering services, security services and facility management services. ISS World is investigating the incident, the company confirmed to have found the root cause of the security breach with the help of forensic experts. Pierluigi Paganini.

IT

IT Ransomware Access Security

Nefilim ransomware gang published Luxottica data on its leak site

Security Affairs

OCTOBER 20, 2020

BleepingComputer website, citing the security firm Bad Packets, speculates that the Italian was using a Citrix ADX controller device vulnerable to the critical CVE-2019-19781 vulnerability in Citrix devices. Security experts believe that threat actor exploited the above flaw to infect the systems at the company with ransomware.

Ransomware

Ransomware IT Retail Manufacturing

SamSam Ransomware operators earned more than US$5.9 Million since late 2015

Security Affairs

JULY 31, 2018

The security experts from Sophos have published a report on the multimillion-dollar black market business for crooks, they analyzed the SamSam ransomware case as a case study. Million since late 2015. Million since late 2015. million, the security firm also estimated that the group is netting around $300,000 per month.

Ransomware

Ransomware Encryption Marketing Sales

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Security Affairs

JANUARY 24, 2023

Some of the most clamorous attacks clamorous attacks observed in the past hit Ukraine in 2015 and 2016. appeared first on Security Affairs. Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. The power outage impacted all the major cities in Pakistan.

IT

IT Government Security Information Security

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

Compromised data vary by individuals and organizations, it includes names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more. In June 2016, security researcher Chris Vickery found a copy of the World-Check database dated 2014 that was accidentally exposed online.

Risk

Risk Archiving Access Privacy

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post SFO discloses data breach following the hack of 2 of its websites appeared first on Security Affairs. San Francisco International Airport (SFO) disclosed a data breach, its websites SFOConnect.com and SFOConstruction.com were hacked last month.

Data breaches

Data breaches IT Passwords Access

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs

MAY 8, 2020

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Ruhr University Bochum (RUB) shuts down a large portion of its central IT infrastructure between May 6 and May 7, 2020. on Thursday, May 7, 2020. .”

IT

IT Ransomware Access Cybersecurity

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Marketing Cloud

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: Network security incident, where allegedly AlphV gained unauthorised access and made demands to the hospital’s leadership, suggesting a ransomware attack. D-Link Corporation Provides Details about an Information Disclosure Security Incident Date of breach: 2 October 2023. Records breached: 91,000 individuals affected.

Data Privacy

Data Privacy Privacy Security Data breaches

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The United States National Security Agency (NSA) has published guidance on how the Unified Extensible Firmware Interface (UEFI) Secure Boot feature that can be customized organizations.

Security

Security Manufacturing IT Data breaches

Microsoft open-sourced its Project OneFuzz fuzzing framework for Azure

Security Affairs

SEPTEMBER 15, 2020

It is updated by contributions from Microsoft Research & Security Groups across Windows and by more teams as we grow our partnership and expand fuzzing coverage across the company to continuously improve the security of all Microsoft platforms and products.”the ”the company concludes. Pierluigi Paganini.

IT

IT Cloud Security Information Security

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

” G7 experts pointed out that these attacks often involve payments in crypto-assets, jeopardizing essential functions along with our collective security and prosperity. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the statement. Pierluigi Paganini.

Ransomware

Ransomware IT Financial Services Data Privacy

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

OCTOBER 18, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post FIN11 gang started deploying ransomware to monetize its operations appeared first on Security Affairs. The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cyber criminal activities. Pierluigi Paganini.

Ransomware

Ransomware IT Healthcare Phishing

Facial recognition firm Clearview AI reveals intruders stole its client list

Security Affairs

FEBRUARY 27, 2020

The company already informed its customers of the security breach. . We patched the flaw, and continue to work to strengthen our security,” said Tor Eklund, an attorney representing the company. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Our servers were never accessed. Pierluigi Paganini.

IT

IT Data breaches Access Security

North Korea-linked Lazarus APT targets the IT supply chain

Security Affairs

OCTOBER 27, 2021

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. Cybersecurity and Infrastructure Security Agency (CISA) in August 2020.

IT

IT Systems administration Military Cybersecurity

DOD DISA US agency discloses a security breach

Security Affairs

FEBRUARY 21, 2020

The Defense Information Systems Agency (DISA) US agency in charge of secure IT and communication for the White House has disclosed a data breach. The Defense Information Systems Agency (DISA), the DoD agency that is in charge of the security of IT and telecommunications for the White House and military troops has suffered a cyber attack.

Military

Military Data breaches Security Communications

Juniper Networks addressed many issues in its products

Security Affairs

JULY 10, 2020

The company published a list of security advisories to inform its customers of the vulnerabilities in its products. Most of the vulnerabilities impact Junos OS, other issues affect Juniper Secure Analytics, Junos Space and Junos Space Security Director. The flaw affects Junos OS 18.1, The flaw affects Junos OS 18.1,

IT

IT Analytics Security Information Security

Adobe fixed several memory corruption issues in some of its products

Security Affairs

MAY 20, 2020

APSB20-29 Security?update for Adobe Premiere Rush 05/19/2020 05/19/2020 APSB20-28 Security?update for Adobe Audition 05/19/2020 05/19/2020 APSB20-27 Security?update for Adobe Premiere Pro 05/19/2020 05/19/2020 APSB20-25 Security?update Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IT

IT Security Information Security

Uber Guilty Verdict Raises Security Stakes for CSOs

eSecurity Planet

OCTOBER 7, 2022

In a case that ups the stakes for CSOs dealing with data breaches, former Uber chief security officer Joe Sullivan was found guilty by a federal jury earlier this week of obstructing justice and of misprision (concealing) of a felony in connection with his coverup of a 2016 breach. United States Attorney Stephanie M.

Security

Security Data breaches Compliance Cybersecurity

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Webinars

Trending Sources

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Webinars

Naikon APT is flying under the radar since 2015

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015

EU Council sanctions two Russian military intelligence officers over 2015 Bundestag hack

A Retrospective on the 2015 Ashley Madison Breach

Canada Charges Its “Most Prolific Cybercriminal”

The DoD Isn't Fixing Its Security Problems

CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Safe, Secure, Anonymous, and Other Misleading Claims

Indian-linked Patchwork APT infected its own system revealing its ops

CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog

France Télévisions group hit by a cyber attack, its antennas were not impacted

2015 Ashley Madison Breach Is Back Just in Time for Valentine’s Day

The British government aims at improving its offensive cyber capability

Cyber Defense Magazine – November 2020 has arrived. Enjoy it!

Swiss watchmaker Swatch shuts down IT systems in response to a cyberattack

Security Risks of Client-Side Scanning

CISA adds Ruckus bug and another six flaws to its Known Exploited Vulnerabilities catalog

The head of the Federal Cyber Security Authority (BSI) faces dismissal

France will not ban Huawei from its upcoming 5G networks

Sweden bans Huawei and ZTE from building its 5G infrastructure

Garmin shut down its services after an alleged ransomware attack

ISS reveals malware attack impacted parts of the IT environment

Nefilim ransomware gang published Luxottica data on its leak site

SamSam Ransomware operators earned more than US$5.9 Million since late 2015

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

SFO discloses data breach following the hack of 2 of its websites

Massive cyber attack forced Ruhr University Bochum (RUB) to shut down its IT infrastructure

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

The Week in Cyber Security and Data Privacy: 16–22 October 2023

NSA publishes guidance on UEFI Secure Boot customization

Microsoft open-sourced its Project OneFuzz fuzzing framework for Azure

The G7 expresses its concern over ransomware attacks

FIN11 gang started deploying ransomware to monetize its operations

Facial recognition firm Clearview AI reveals intruders stole its client list

North Korea-linked Lazarus APT targets the IT supply chain

DOD DISA US agency discloses a security breach

Juniper Networks addressed many issues in its products

Adobe fixed several memory corruption issues in some of its products

Uber Guilty Verdict Raises Security Stakes for CSOs

Stay Connected