2020, Data, Information Security and Security - Information Management Today

2020

Data

Information Security

Security

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

Security Affairs

FEBRUARY 18, 2024

This type of tool is crucial for maintaining security, compliance, and efficient administration of user access to various resources, systems, and data. Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3

Access

Access Authentication Compliance IT

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. 02% of the data on the servers was affected by the attack.” ” According to the University, the ransomware encrypted only 0.02% of the data stored on its servers.

Ransomware

Ransomware Insurance Encryption Information Security

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

NextMotion plastic surgery tech firm data leak

Security Affairs

FEBRUARY 15, 2020

. “ Nextmotion is an ecosystem based on a medical cloud that allows you to sort, store and access your data wherever you are,” states the company on its website. SecurityAffairs – NextMotion, data leak). The post NextMotion plastic surgery tech firm data leak appeared first on Security Affairs.

Access

Access Phishing Cloud Cybersecurity

Google addresses a high severity flaw in V8 engine in Chrome

Security Affairs

APRIL 28, 2021

Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. The CVE-2021-21227 flaw is linked to the CVE-2020-16040 and CVE-2020-15965 vulnerabilities that were addressed by Google in 2020.

Cybersecurity

Cybersecurity Security IT Information Security

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. The most severe flaw is a critical RCE tracked as CVE-2020-26919 and rated with a CVSS v3 score of 9.8, 05 Sep 2020 – Vulnerabilities details reported to Netgear.

Authentication

Authentication Security IT Access

Hacking Nespresso machines to have unlimited funds to purchase coffee

Security Affairs

FEBRUARY 7, 2021

The vulnerability was disclosed by the security researcher Polle Vanhoof. The Mifare Classic smart card technology is known to be insecure since 2008, when security researchers from Radboud University Nijmegen performed reverse engineering of the chip and published their findings. ” Vanhoof added. Pierluigi Paganini.

Encryption

Encryption Communications Security IT

Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile

Security Affairs

DECEMBER 28, 2020

The dump allegedly includes 2,500,000 customers’ records and other data that can be exploited by hackers for SIM swapping attacks , A Threat Actor is selling a Database of the Italian mobile service provider ho. ( [link] ) owned by @VodafoneIT. pic.twitter.com/yR193Mt3CS — Bank Security (@Bank_Security) December 28, 2020.

Phishing

Phishing Data breaches Sales Authentication

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

The new variant also implements new features for data-stealing focused on cryptocurrency apps. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Ransomware

Ransomware Encryption IT Security

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Ransomware

Ransomware Encryption IT Security

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Security Affairs

APRIL 16, 2020

The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other clients of different banking organizations. These campaigns have been noticed from the beginning of 2020, where phishing and smishing campaigns are launched to target users probably obtained via other malicious waves.

Authentication

Authentication Phishing Data structuring Access

Brazilian trojan banker is targeting Portuguese users using browser overlay

Security Affairs

MAY 7, 2020

Since the end of April 2020, a new trojan has been affecting Portuguese users from several bank organizations. Afterward, the malware runs on the compromised machine, collecting sensitive data from browsers, including credentials for accessing bank portals. The modus operandi of this piece of malware is not new in Portugal.

Communications

Communications Phishing Access IT

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

The victims’ data is encrypted and sent to the C2 server geolocated in Russia. In addition, most artifacts extracted also matched a threat documented in 2020 and available here. exe – 4eb39d47ef742996c02a886d56b97aedad904d85cd2ebd57000f6cbbfabe0ea0 ) with 0/90 detections in VirusTotal at the time of analysis (23-02-2022).

Encryption

Encryption Phishing Communications IT

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Security Affairs

MAY 10, 2021

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites. SSL Stripping (aka SSL Downgrade Attack) allows downgrading connection from secure HTTPS to HTTP which could expose the traffic to eavesdropping and data manipulation. . ” reads the study.

Security

Security Access IT Cybersecurity

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

University of Utah pays a $457,000 ransom to ransomware gang

Trending Sources

NextMotion plastic surgery tech firm data leak

Google addresses a high severity flaw in V8 engine in Chrome

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Hacking Nespresso machines to have unlimited funds to purchase coffee

Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile

XCSSET malware now targets macOS 11 and M1-based Macs

New variant for Mac Malware XCSSET compiled for M1 Chips

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Brazilian trojan banker is targeting Portuguese users using browser overlay

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks

Stay Connected