eSecurity Planet

MARCH 27, 2023

Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. That’s fewer than the 81 zero-days exploited in 2021, but far more than those exploited in any previous year. Overall, the proportion of financially motivated zero-day exploitation decreased in 2022.

Cloud 103

Cloud Ransomware Risk Access 103

Security Affairs

JANUARY 30, 2022

A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege vulnerability was fixed this month as part of the January 2022 Patch Tuesday , it is the result of a bypass for the previously CVE-2021-1732 flaw.

Authentication 77

Authentication Ransomware Security Access 77

eSecurity Planet

JANUARY 11, 2022

Investors recognize the potential too, as funding for cybersecurity ventures more than doubled from previous years to almost $22 billion in 2021. We’ll start with the top 10 overall and then look at other noteworthy startups in a number of markets. Top 10 Cybersecurity Startups. Series B SECURITI.ai BluBracket.

Cybersecurity 142

Cybersecurity Cloud Compliance Analytics 142

Krebs on Security

MARCH 17, 2023

The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022. In April 2022, U.S. Image: News 12 Westchester.

Sales 317

Sales Data breaches Insurance Access 317

Security Affairs

FEBRUARY 5, 2022

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882.

Cybersecurity 84

Cybersecurity Authentication Compliance Risk 84

Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Ransomware 264

Ransomware Access Marketing Government 264

Krebs on Security

JANUARY 19, 2023

APIs are essentially instructions that allow applications to access data and interact with web databases. In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia. The company said it first learned of the incident on Jan.

Data breaches 308

Data breaches Cybersecurity Passwords Phishing 308

eSecurity Planet

SEPTEMBER 16, 2022

billion in reported fraud in 2021 alone. PwC’s 2022 Global Economic Crime and Fraud Survey reported that 46% of surveyed organizations experienced corruption, fraud, or other economic crimes in the 24-month survey period. 52% of companies with more than $10 billion in revenue were hit with fraud. million in losses.

Analytics 111

Analytics Risk Authentication Financial Services 111

Security Affairs

AUGUST 10, 2022

10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. In June 2022, Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. ” concludes the report. Pierluigi Paganini.

Passwords 88

Passwords Access IT Security 88

The Last Watchdog

JULY 25, 2022

A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022. On December 10, 2021, by the discovery of CVE-2021-44228 , a critical vulnerability in the widely used Apache Log4j logging framework. percent in a six-month period.

Artificial Intelligence 214

Artificial Intelligence Analytics Ransomware Marketing 214

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. 11-12, 2022. 11-12, 2022. ” Colorado resident Emily “Em” Hernandez allegedly helped the group gain access to victim devices in service of SIM-swapping attacks between March 2021 and April 2023.

Blockchain 243

Blockchain Ransomware Retail Analytics 243

Security Affairs

APRIL 25, 2022

Google’s Project Zero researchers reported that 58 zero-day were discovered in 2021 (28 zero-day were detected in 2020), which marks a record for the company since it started tracking these issues in mid 2014. Google researchers reported that the exploitation of the zero-days they saw in 2021 was not different from the past.

Ransomware 93

Ransomware Security Cybersecurity Risk 93

Security Affairs

DECEMBER 13, 2021

CVE Number CVE Title Remediation Due Date CVE-2021-44228 Apache Log4j2 Remote Code Execution Vulnerability 12/24/2021 CVE-2021-44515 Zoho Corp. CISA also warns of a recently disclosed arbitrary file download vulnerability in FortiOS, tracked as CVE-2021-44168, that is actively exploited.

CMS 88

CMS Authentication Libraries Risk 88

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches 128

Data breaches Privacy Risk Information Security 128

Data Protection Report

AUGUST 16, 2022

On July 27, 2022, the Office of the Information and Privacy Commissioner of Alberta ( OIPC ) released its 2022 PIPA Breach Report. [1] 2020-2021 reporting period. 1] The report analyzes the nearly 2,000 breach reports [2] received by the OIPC during. . 2010-2011 reporting period. Number of reports made. Types of cases Reported.

Privacy 105

Privacy Risk Cybersecurity Phishing 105

Krebs on Security

OCTOBER 7, 2022

who in April 2022 opened an investigation into fraud tied to Zelle , the “peer-to-peer” digital payment service used by many financial institutions that allows customers to quickly send cash to friends and family. . million of payments in 2021 and the first half of 2022,” the report summarized.

Passwords 268

Passwords Financial Services IT Phishing 268

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” concludes the report.

Government 103

Government Ransomware Libraries Access 103

The Last Watchdog

AUGUST 29, 2022

This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). Brute forcing passwords (10 percent) came in third. Backdoors or C2 (10 percent) were the fourth runner-ups. In 2022, 69 percent of personal data and 67 percent of credentials became compromised in a web breach.

Passwords 201

Passwords Data breaches Authentication Cybersecurity 201

Security Affairs

JANUARY 18, 2022

Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday. Pierluigi Paganini.

Security 93

Security Access Information Security IT 93

Security Affairs

NOVEMBER 18, 2022

Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware -as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. key files.

Ransomware 87

Ransomware Blockchain Manufacturing Analytics 87

eSecurity Planet

APRIL 22, 2022

According to the National Association of Insurance Commissioners (NAIC) report from October of 2021, the cybersecurity insurance market, including both U.S. jump from the prior year and it is expected to increase by a large amount once 2021 totals are verified. AXA XL accounts for about 10% of the current cyber insurance market.

Insurance 117

Insurance Ransomware Cybersecurity Marketing 117

Krebs on Security

DECEMBER 13, 2022

10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Sales 362

Sales Energy and Utilities Communications Data breaches 362

Security Affairs

FEBRUARY 15, 2022

Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD][ 1285449 ]” reads the security advisory published by Google.

Security 81

Security Access IT Information Security 81

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. On April 12, the company launched an investigation into a series of unauthorized access to data stored in repositories of dozens of organizations.

Metadata 135

Metadata Passwords Archiving Access 135

Security Affairs

JANUARY 14, 2022

The issue seems to affect Windows 10 21H1 and Windows 10 21H2 since at least eight years, but it does not affect Windows 11. SentinelOne threat researcher Antonio Cocomazzi pointed out that the list of scanning exceptions can be accessed by any local user, regardless of its permissions.

Access 134

Access Security IT Information Security 134

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity 115

Cybersecurity Insurance Phishing Financial Services 115

eSecurity Planet

MAY 3, 2022

From Q1 2021 to Q1 2022, the team discovered 399,200 exposed databases due to those efforts. days was required for an exposed database owner to resolve a security issue in the first quarter of 2021. The average time decreased gradually throughout 2021, but it returned to the original count of 170 at the start of 2022.

Security 126

Security Risk Information Security Data breaches 126

Security Affairs

FEBRUARY 8, 2022

Data belonging to 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit Ultimate Kronos Group (UKG). Kronos confirmed that a threat actor had unauthorized access to the cloud-based environment earlier in 2021, and stole data before encrypting the infrastructure. ” continues the letter.

Ransomware 79

Ransomware Cloud Personal data Encryption 79

Krebs on Security

DECEMBER 29, 2022

Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below. It emerges that email marketing giant Mailchimp got hacked.

Passwords 239

Passwords Ransomware Computer and Electronics Encryption 239

Security Affairs

APRIL 6, 2022

“On April 4, 2022, Block, Inc. the “Company”) announced that it recently determined that a former employee downloaded certain reports of its subsidiary Cash App Investing LLC (“Cash App Investing”) on December 10, 2021 that contained some U.S. customer information. ” reads the FORM 8-K published by the U.S.

Data breaches 104

Data breaches Passwords Access Security 104

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. wrote the expert. “.

Risk 112

Risk Access Passwords IT 112

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. The messages began at 2022-07-20 22:50 UTC. 2, and Aug. On that last date, Twilio disclosed that on Aug.

Phishing 299

Phishing Authentication Passwords Access 299

Thales Cloud Protection & Licensing

OCTOBER 13, 2022

Thu, 10/13/2022 - 10:27. In 2021, to help protect the United States from increasing cyber threats, the White House issued an Executive Order ( EO 14028 ) with the goal of improving security in the Federal Government. FIDO2 devices provide passwordless MFA, enabling users to securely access Windows PCs and tablets.

Authentication 127

Authentication Phishing Digital transformation Cloud 127

Security Affairs

JUNE 13, 2023

A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords. ” reported HIBP.

Data breaches 80

Data breaches Passwords Encryption Archiving 80

DLA Piper Privacy Matters

NOVEMBER 5, 2021

In December 2019, in response to the final report of the Australian Competition and Consumer Authority’s ( ACCC ) Digital Platforms’ Inquiry, the Commonwealth Government made commitments to introduce certain changes to the Privacy Act, as well as to carry out a broader review and reform of the regime (scheduled in 2020-2021).

Privacy 118

Privacy Government Access IT 118

Security Affairs

JULY 30, 2022

The ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022. The findings are worrisome. of all the stolen data contains GDPR personal data based on this analysis; In 95.3%

Ransomware 80

Ransomware GDPR Personal data Encryption 80

Security Affairs

MAY 2, 2023

According to the press release published by the Europol, the seized drugs include over 258 kg of amphetamines, 43 kg of cocaine, 43 kg of MDMA, and over 10 kg of LSD and ecstasy pills. The Monopoly Market was launched in 2019 and the German authorities seized the marketplace’s infrastructure in December 2021.

Marketing 75

Marketing Sales Education Cybersecurity 75