Schneier on Security

JUNE 6, 2023

Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for. I told Greenwald that he and Laura Poitras should be sending large encrypted files of dummy documents back and forth every day. Definitely.

Surveillance 349

Surveillance Computers and Electronics Government Encryption 349

Security Affairs

JANUARY 31, 2021

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “ clowwindy “, and multiple implementations of the protocol have been made available since.

Firewall 143

Firewall Surveillance Internet Internet 143

SecureList

NOVEMBER 29, 2024

According to the UK’s National Crime Agency (NCA), this individual also was behind the infamous Reveton ransomware Trojan spread in 2012 — 2014. This type of cyberextortion predated Trojans, which encrypt the victim’s files. Reveton was among the most notorious PC screen lockers. Country/territory* %** 1 Qatar 11.95

Mobile 105

Mobile Adware Ransomware Malware 105

Krebs on Security

MAY 13, 2024

Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code. Therefore, decryptors appear on the Internet, and with them the hope that files can be decrypted without paying a ransom. Cyber intelligence firm Intel 471 finds that pin@darktower.ru

Ransomware 296

Ransomware Cybercrime Accountability Malware 296

The Last Watchdog

APRIL 13, 2020

Here are key takeaways: Middle East motivation Somewhat quietly since about 2012 or so, nation states of the Middle East, led by Saudi Arabia and the UAE, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. You now actually have to prove the data is encrypted, both at rest and in transit.

Mobile 205

Mobile Computers and Electronics Encryption Data privacy 205

Troy Hunt

JULY 18, 2022

But this isn't an internet age thing, the origins go back way further, originally being used to describe TV viewers being served ads. I think it was around the end of 2012, and they were terrible! And now you're thinking "I bet he wrote this just to get donations" so instead, go and give Let's Encrypt a donation.

Data breaches 295

Data breaches Passwords Password Management Software 295

The Last Watchdog

SEPTEMBER 26, 2023

26, 2023 — The Internet Infrastructure Coalition (i2Coalition) launched the VPN Trust Initiative (VTI) in 2020 to establish a baseline for how virtual private network (VPN) providers should operate. Social Responsibility: VPN providers will promote VPN technology to support access to the global Internet and freedom of expression.

VPN 100

VPN Internet Internet Technology 100

SecureList

OCTOBER 12, 2021

Code similarity and re-use of C2 infrastructure we discovered allowed us to connect these attacks with the actor known as IronHusky and Chinese-speaking APT activity dating back to 2012. Microsoft Windows Server 2012. Microsoft Windows Server 2012 R2. All communication is encrypted with SSL. Microsoft Windows 7.

Malware 145

Malware Technology Engineering Advertising 145

Fox IT

DECEMBER 7, 2021

This model utilizes the Half-Space-Trees algorithm and provides our security operations teams (SOC) with the opportunity to detect suspicious behavior, in real-time, even when network traffic is encrypted. The prevalence of encrypted traffic. The use of encrypted network protocols yields improved mitigation against eavesdropping.

Encryption 79

Encryption Ransomware Internet Internet 79

Google Security

AUGUST 24, 2022

Cryptology ePrint Archive, Paper 2012/064 ; Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Reporting weak certificates is important to keep the internet secure, as stated by the policies of the CAs. The Let's Encrypt policy, for example, is defined here. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Alex Halderman.

Engineering 106

Engineering Cryptocurrency Encryption Internet 106

Security Boulevard

MAY 5, 2022

OpenSSL Patches New Bug Targeting Encryption [Lessons from Heartbleed]. A flaw in the encryption algorithm used to underpin OpenSSL was exploited, triggering an infinite number of requests when certain input value(s) are used. Encryption must be encrypted. brooke.crothers. Thu, 05/05/2022 - 12:26.

Encryption 52

Encryption Software Media Passwords 52

Malwarebytes

JUNE 1, 2021

The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea.

Government 145

Government Phishing Encryption Media 145

SecureWorld News

MARCH 24, 2022

Summary: Multiple Facebook databases were found to be unprotected by passwords or encryption, meaning anyone who searched the internet could find them. LinkedIn data breach (2012). Summary: The company was attacked in 2012, when usernames and passwords were posted to a Russian hacker forum. Who attacked: no attacker.

Data breaches 128

Data breaches Passwords Accountability Government 128

eSecurity Planet

JANUARY 29, 2024

The company was founded in 2009, and the first software edition was released in 2012. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane.

Password Management 111

Password Management Passwords Authentication Accountability 111

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Isovalent Cloud security 2020 Private Illumio Cloud security 2015 Private SignalFx Monitoring 2015 Acquired: Splunk CipherCloud Cloud security 2012 Acquired: Lookout Lookout Mobile security 2011 Private. Mimecast Email security 2012 Nasdaq: MIME. a16z Investments. Bessemer Venture Partners. Greylock Partners.

Cybersecurity 130

Cybersecurity Technology Marketing Healthcare 130

Security Affairs

FEBRUARY 16, 2023

Below is the list of vulnerabilities exploited by V3G4: CVE-2012-4869 : FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727 : FRITZ!Box Unlike most Mirai variants, the V3G4 variant uses different XOR encryption keys for string encryption.

IoT 98

IoT DDOS Encryption Malware 98

CyberSecurity Insiders

MARCH 24, 2021

Canada-based Internet of Things (IoT) maker Sierra Wireless has been hit by ransomware attack bringing certain production operations of the company to a halt. Note – The products that Sierra Wireless produces are used in various industries like automobile, transportation and energy and healthcare fields.

Wireless 66

Wireless IoT Ransomware Mobile 66

eSecurity Planet

JULY 8, 2021

The company was founded in 2009, and the first software edition was released in 2012. Internet security best practices mandate unique credentials for each online account; doing so would be impossible without a solid password manager like Dashlane.

Password Management 98

Password Management Passwords Authentication Accountability 98

SecureWorld News

DECEMBER 29, 2020

Summary: Multiple Facebook databases were found to be unprotected by passwords or encryption, meaning anyone who searched the internet could find them. LinkedIn data breach (2012). Summary: The company was attacked in 2012, when usernames and passwords were posted to a Russian hacker forum. Who attacked: no attacker.

Data breaches 98

Data breaches Passwords Accountability Government 98

SecureList

JUNE 2, 2022

In one case we investigated, we noticed that a signed executable qgametool.exe (MD5 f756083b62ba45dcc6a4d2d2727780e4 ), compiled in 2012, deployed WinDealer on a target machine. Layout of the encrypted data. Packets exchanged with the C2 server contain a header (described in the next table) followed by AES-encrypted data.

Malware 137

Malware Encryption Social Engineering Telecommunications 137

Security Affairs

MAY 16, 2023

MustangPanda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. The communications are encrypted using a custom or modified encryption scheme that is based on Substitution-Permutation Network.

Firmware 98

Firmware Encryption Government Malware 98

Google Security

JUNE 27, 2024

CN=Entrust Root Certification Authority - EC1,OU=See www.entrust.net/legal-terms+OU=(c) 2012 Entrust, Inc. - Certification Authorities (CAs) serve a privileged and trusted role on the Internet that underpin encrypted connections between browsers and websites. for authorized use only,O=Entrust, Inc.,C=US

Authentication 111

Authentication Internet Internet Risk 111

Security Affairs

MARCH 4, 2019

Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. Instead, the real IP address of the C2 is obfuscated with what is essentially an encryption algorithm.

DNS 106

DNS Banking Advertising Ransomware 106

The Last Watchdog

MAY 11, 2020

Somewhat quietly since about 2012 or so, nation states in that region, led by Saudi Arabia and the United Arab Emirates, commenced a quiet surge to the forefront of implementing comprehensive cybersecurity regulations. Two meaningful steps every person can take, right now, is to begin routinely using a password manager and encrypted browsers.

Computers and Electronics 113

Computers and Electronics Data privacy Encryption Media 113

eSecurity Planet

JUNE 17, 2021

Security services and tools include anti-DDoS , SOCaaS , web application firewalls (WAF), data encryption , and more. Other features include applying secure socket layer (SSL) or transport layer security (TLS) and AES-256 encryption. Also Read: Best Encryption Software & Tools for 2021. EnterpriseDB.

Firewall 122

Firewall Encryption Computers and Electronics Software 122

SecureList

MARCH 13, 2025

Our telemetry data revealed domain controllers still running Microsoft Windows Server 2012 R2 Server Standard x64 or, as in the aforementioned incidents, Microsoft Exchange Server 2016 used for email. Localtonet is a reverse proxy server providing internet access to local services. An example download link is: hxxp://45[.]156[.]21[.]148:8443/winuac.exe

Energy and Utilities 75

Energy and Utilities Software Accountability Phishing 75

SecureList

OCTOBER 25, 2023

It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket, all using custom encrypted archives. The malware executable file is placed in /tmp directory with a random name. 8, 10.0.0.0/8, 8, 100.64.0.0/10,

Malware 142

Malware DNS Encryption Cryptocurrency 142

Security Affairs

NOVEMBER 9, 2019

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. This C2 encrypts data with the same key as the C&C requests.

Encryption 72

Encryption Passwords Malware Software 72

Duo's Security Blog

SEPTEMBER 13, 2023

In 2012 a group of 250+ security vendors formed the FIDO (Fast Identity Online) Alliance to combat authentication challenges "with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords”, and Web Authentication API, or WebAuthn for short, was born. How do users enroll? What is WebAuthn?

Authentication 64

Authentication Encryption eCommerce Phishing 64

eSecurity Planet

JULY 3, 2021

The internet and, now, cloud computing transformed the way we conduct business. VPNs offer clients an encrypted access channel to remote networks through a tunneling protocol and can obfuscate the client’s IP address. Also Read: Tokenization vs. Encryption: Pros and Cons. Enter VPN technology.

VPN 59

VPN Encryption Marketing Internet 59

eSecurity Planet

DECEMBER 17, 2021

Security functionality for DLP, discovery, encryption, and digital rights management. McAfee’s MVISION Cloud claims the “largest and most accurate registry of cloud services,” AI and machine learning functionality, DLP, encryption and more. Encryption and tokenization. Lookout Features. McAfee Features.

Risk 141

Risk Firewall Authentication Encryption 141

eSecurity Planet

MARCH 10, 2021

Encryption: Keep Your Secrets Secret. It’s best to assume internet-connected applications are not secure. Therefore encryption and hashing passwords, confidential data, and connection strings are of the utmost importance. . Encryption is almost universally employed as a data protection technique today and for a good reason.

Penetration Testing 119

Penetration Testing Firewall Software Accountability 119

eSecurity Planet

JANUARY 11, 2022

GitGuardian is a developer favorite offering a secrets detection solution that scans source code to detect certificates, passwords, API keys, encryption keys, and more. Evervault is on a mission to make encrypting sensitive data seamless with its security toolkit for developers. Venture Cybereason 2012 Boston, MA 1,100 $713.6

Cybersecurity 142

Cybersecurity Threat Detection Artificial Intelligence Risk 142

Security Affairs

OCTOBER 20, 2018

All the php files were encrypted using IONCube which has a known public decoder and given the version used was an old one, decoding the files didn’t take long. If you are using one of the above devices and they are connected on the WAN, make sure to remove your device from the internet. Part One: XXE.

Firmware 93

Firmware IoT VPN Authentication 93

eSecurity Planet

SEPTEMBER 26, 2023

Founded in 2012, Versa Networks seeks to deploy a single software operating system, called VOS, to converge and integrate cloud and on-premises security, networking, and analytics. Who is Versa Networks? Using VOS, Versa enables customers and service providers to deploy SASE and software-defined wide area network (SD-WAN) solutions.

Firewall 98

Firewall Software Internet Internet 98

SecureList

JULY 28, 2021

As in the case of Schepisi Communications, besides encrypting and stealing data from several of its branches, the cybercriminals carried out a DDoS attack on its websites. This meant that Internet access was available only on school-issued devices. Nor did video games escape attention this reporting period. Quarter trends.

DDOS 145

DDOS DNS IoT Marketing 145

eSecurity Planet

FEBRUARY 8, 2021

Don Duncan, security engineer at NuData Security, told eSecurity Planet by email that POS systems are often dangerously easy to penetrate with malware , including the following (among many others): Dexter was discovered by Seculert (now Radware) researchers in 2012. vSkimmer malware, a successor to Dexter, dates back to 2013.

Retail 52

Retail Encryption Malware Artificial Intelligence 52