Security Affairs

MARCH 3, 2022

. “We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks.” These data are disconcerting considering that the average infusion pump has a life of eight to 10 years.

IoT 93

IoT Risk Libraries Security 93

Security Affairs

NOVEMBER 10, 2021

Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . The ministry’s information security and protection centre handled around 1.4 Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government 126

Government Military Information Security Security 126

Security Affairs

DECEMBER 29, 2023

Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects. Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Passwords 127

Passwords Authentication Data collection Privacy 127

Security Affairs

MAY 6, 2024

BTC-e collected virtually no customer data at all, which made the exchange attractive to those who desired to conceal criminal proceeds from law enforcement.” French authorities accused Vinnik of defrauding more than 100 people in six French cities between 2016 and 2018. ” reads the press release published by DoJ.

Computer and Electronics 98

Computer and Electronics Ransomware Marketing IT 98

Security Affairs

MAY 18, 2023

A carding site is an illegal marketplace where stolen credit card data and other personal info are offered for sale. The man and his co-conspirators sold the credit and debit card data of tens of thousands of U.S. 22, 2016, and Oct. Please nominate Security Affairs as your favorite blog. victims between Feb.

Marketing 93

Marketing Sales Access Government 93

Security Affairs

NOVEMBER 15, 2021

North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software.

Cybersecurity 105

Cybersecurity Ransomware Security IT 105

Security Affairs

JULY 9, 2019

The UK’s data privacy regulator plans to fine giant hotel chain Marriott International with a £99 million ($123 million) under GDPR over 2014 data breach. The UK’s data privacy regulator announced that the giant hotel chain Marriott International faces a £99 million ($123 million) fines under GDPR over 2014 data breach.

Data breaches 66

Data breaches GDPR e-Discovery Data Privacy 66

Hunton Privacy

JANUARY 7, 2020

and its former CEO, Mark Rawlins, related to allegations that InfoTrax failed to implement reasonable, low-cost and readily available security safeguards to protect the personal information the company maintained on behalf of its business clients. federal, state or local government entity of the Covered Incident.

Compliance 45

Compliance Information Security Access Cybersecurity 45

Hunton Privacy

JUNE 7, 2021

The regime, which was created under the Regulation of Investigatory Powers Act 2000 (“RIPA”) but has since been replaced by the Investigatory Powers Act 2016 (“IPA”), was found to violate Article 8 with respect to the rules permitting bulk interception and the obtaining of communications data from communication service providers.

Communications 105

Communications Government IT Security 105

Hunton Privacy

JULY 26, 2016

On July 20, 2016, the French Data Protection Authority (“CNIL”) announced that it issued a formal notice to Microsoft Corporation (“Microsoft”) about Windows 10, ordering Microsoft to comply with the French Data Protection Act within three months. Such data is described as vital to the operation of Windows.

Personal data 60

Personal data Privacy Compliance Data breaches 60

Security Affairs

JULY 19, 2021

The investigation was conducted by more than 80 journalists from 17 media organizations in 10 countries coordinated by media, non-profit organization Forbidden Stories with the technical support of Amnesty International. The researchers also shared data related to the Pegasus’s infrastructure, including more than 700 Pegasus-related domains.

Government 116

Government Privacy IT Security 116

Security Affairs

JULY 18, 2023

The FIN8 group has been active since 2016, it leverages known malware such as PUNCHTRACK and BADHATCH to infect PoS systems and steal payment card data. The sample analyzed by Symantec can run up to 10 such sessions at the same time.

Ransomware 94

Ransomware Sales IT Security 94

Security Affairs

JULY 26, 2021

A few days ago, security researcher Gilles Lionel (aka Topotam ) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him. For example, see Microsoft Security Advisory 974926.” ” reads the advisory.

Authentication 119

Authentication Passwords Encryption Security 119

Security Affairs

MAY 25, 2020

Some of the databases are dated as 2016, but data starts from March 28, 2020. Crooks’ demand is BTC 0.06 ($485 at current price), they threaten to leak the content of the database if the victims don’t pay the ransom in 10 days. Italy, India, Spain, and Belarus. Pierluigi Paganini.

Sales 92

Sales Passwords Authentication IT 92

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” Pierluigi Paganini.

Phishing 108

Phishing Healthcare Military Data collection 108

Security Affairs

OCTOBER 19, 2021

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. Minimize the AD attack surface. Pierluigi Paganini.

Ransomware 115

Ransomware Encryption Passwords Authentication 115

Security Affairs

JUNE 23, 2019

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California.

IT 111

IT Data breaches Archiving Education 111

Security Affairs

AUGUST 23, 2022

Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. wrote the expert. “. One payload in particular caught our attention.

Risk 114

Risk Access Passwords IT 114

Security Affairs

JANUARY 15, 2020

Microsoft has released a security update to address “a broad cryptographic vulnerability” that is impacting its Windows operating system. dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for data encryption. . The flaw affects the way Crypt32.dll

Libraries 75

Libraries Encryption Security Risk 75

Security Affairs

DECEMBER 4, 2020

Ardit Ferizi , aka Th3Dir3ctorY, is the hacker that supported the ISIS organization by handing over data for 1,351 US government and military personnel. According to the US investigators, he provided the data to the popular IS militant Junaid Hussain , which disclosed it on the web. ” states the Associated Press.

Military 69

Military Risk Government Security 69

Security Affairs

MAY 18, 2019

Researchers analyzed data collected by IBM’s X-Force threat intelligence unit between 2015 and 2019. Collected information shows a drop in the hacktivist attacks from 35 in 2015 to only 2 attacks in 2018. However, IBM experts only collected data on hacktivist attacks that resulted in quantifiable damage. ” continues IBM.

Data collection 71

Data collection Cybersecurity Security Information Security 71

Hunton Privacy

NOVEMBER 15, 2016

On November 10, 2016, the Court of Appeal for Moscow’s Taginsky District upheld an August 2016 decision by the district’s lower court that LinkedIn had violated Russian data protection laws. This is thought to be the first time Russia’s data localization law has been enforced since its entry into force in September 2015.

Access 67

Access Communications IT Personal data 67

Security Affairs

AUGUST 29, 2019

joined the $1M hacker ranks by hacking for improved internet security. HackerOne disclosed this information as part of the 2019 Hacker-Powered Security Report based on 123,000+ unique resolved security flaws and more than 1,400 customer programs. This data represents a 71% increase over the 2016 average of $1,977.

Security 93

Security Government IT Information Security 93

Security Affairs

JULY 4, 2019

Now the threat is evolving, the Sodinokibi ransomware includes fresh code to elevate its privileges on a target machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions. “Since some data is stored in the registry, this article uses the names given by the ransomware itself.

Ransomware 79

Ransomware Encryption Government IT 79

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events.

Data breaches 71

Data breaches Personal data Access GDPR 71

Security Affairs

JANUARY 16, 2020

Security researchers have published two proof-of-concept (PoC) code exploits for the recently-patched CVE-2020-0601 vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). reads the security advisory published by Microsoft. “An The flaw affects the way Crypt32.dll

Encryption 75

Encryption Security Cybersecurity Risk 75

IG Guru

DECEMBER 31, 2018

Friday, March 18, 2016 – 10:45 By Andrew Ysasi I frequently hear chatter about using tape technology online, at conferences, and even in meetings that can be summed up in one statement, “Tape is dead. Repost – I wrote this article on LinkedIn and it got picked up by IDM. It is old technology and […].

IT 41

IT Archiving Information governance Government 41

The Last Watchdog

JUNE 4, 2019

GCIS was a Davos-level conference with no vendors and no selling, where scores of chief security information officers (CISOs), top CEO’s, industry and government thought leaders and leading innovators discussed the myriad challenges in and around cybersecurity and possible solutions in today’s environment.

Cybersecurity 193

Cybersecurity Computer and Electronics Data science Marketing 193

IT Governance

JUNE 22, 2018

The Information Commissioner’s Office fined BT £77,000 this week for sending nearly 5 million spam emails to its customers. The unsolicited emails were sent between December 2015 and November 2016, and promoted three charities: BT’s My Donate platform, Giving Tuesday and Stand up to Cancer. Instead, it downloads malware.

Phishing 49

Phishing Compliance Marketing Information Security 49

IT Governance

DECEMBER 30, 2019

Welcome to the second part of our round-up of 2019’s information security stories. The second half of the year began with major data privacy news: the UK’s data protection authority, the ICO (Information Commissioner’s Office), announced its intention to fine British Airways and Marriott International a combined £282.6

Data breaches 78

Data breaches Personal data GDPR Ransomware 78

Security Affairs

AUGUST 21, 2019

In addition to the monetary costs associated with things like lost productivity and improving network security to reduce the likelihood of future incidents, affected companies have to deal with the costs tied to reduced customer trust and damaged reputations. People are becoming less tolerant of retailers that have widescale data breaches.

Cybersecurity 81

Cybersecurity Retail Manufacturing Data breaches 81

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. To bypass corporate security systems, cybercriminals are increasingly often archiving their malicious attachments.

Ransomware 71

Ransomware Archiving Passwords Encryption 71

Security Affairs

FEBRUARY 21, 2020

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. The method used to send the information to the C2 is the following: Figure 11: C2 communication routine.

Military 115

Military Communications Encryption IT 115

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. OLE files are hierarchical data structures that have several storages and streams (in contrast to folders and files in an operating system). Technical Analysis.

File names 86

File names Phishing Libraries IT 86

Security Affairs

FEBRUARY 5, 2023

Every week the best security articles from Security Affairs free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the newsletter with the international press subscribe here.

Security 92

Security Ransomware Data breaches Archiving 92

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Binni Shah | @binitamshah.

Cybersecurity 139

Cybersecurity e-Discovery Passwords Information Security 139

Security Affairs

APRIL 18, 2021

Every week the best security articles from Security Affairs free for you in your email box. Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 Joker malware infected 538,000 Huawei Android devices Personal data of 1.3

Security 100

Security Data breaches Personal data Risk 100