Krebs on Security

MARCH 21, 2019

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Passwords 56

Passwords Engineering Accountability Advertising 56

The Last Watchdog

SEPTEMBER 13, 2023

Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs. With AI speeding everything up, triaging risks makes a lot of sense. I’ll keep watch and keep reporting.

Security Intelligence 228

Security Intelligence Marketing Risk Internet 228

eSecurity Planet

OCTOBER 8, 2021

Qualys this week launched a new Ransomware Risk Assessment Service that’s designed to help enterprises understand their potential exposure to ransomware and automate the process of patching any associated vulnerabilities or misconfigurations. CVE-2012-1723. Qualys Ransomware Risk Assessment dashboard. February 2013.

Ransomware 104

Ransomware Risk Backups Software 104

eSecurity Planet

AUGUST 27, 2021

In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. This article looks at the top third-party risk management vendors and tools and offers a look into TPRM solutions and what buyers should consider before purchasing. Aravo TPRM.

Risk 130

Risk Marketing Software Cybersecurity 130

The Last Watchdog

OCTOBER 4, 2019

Since its launch in 2012, the company has operated profitably, attracting customers mainly in Texas, Oklahoma, Louisiana and Arkansas and growing to 131 employees. Here are excerpts, edited for clarity and length: LW: What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security?

Risk 147

Risk Marketing Digital transformation DNS 147

Schneier on Security

JULY 24, 2019

But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Encryption 279

Encryption Telecommunications Risk Government 279

Schneier on Security

AUGUST 14, 2019

But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability -- a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Encryption 272

Encryption Telecommunications Risk Government 272

Krebs on Security

NOVEMBER 26, 2021

And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab , a network engineer and security researcher based in Houston. “LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity.

Internet 72

Internet Internet Authentication Telecommunications 72

Malwarebytes

FEBRUARY 3, 2021

While this is certainly convenient, particularly when you’re migrating to a new device, synchronizing browsers also comes with some risks. Browser syncing was introduced in 2012 by Chrome with the goal of letting you continue at home where you left off at work, and vice versa. What is browser sync? Stay safe, everyone!

Risk 128

Risk Passwords Adware Accountability 128

Schneier on Security

SEPTEMBER 26, 2019

There is definitely a national security risk in buying computer infrastructure from a country you don't trust. The risk of discovery is too great, and the payoff would be too low. But we need to make these decisions to protect ourselves deliberately and rationally, recognizing both the risks and the costs. Our allies do it.

Surveillance 252

Surveillance Wireless Government Internet 252

Security Affairs

JULY 24, 2024

Remote attackers can exploit the flaw to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. is a use-after-free issue in Microsoft Internet Explorer 6 through 8.

Internet 110

Internet Internet Hacking Accountability 110

eSecurity Planet

OCTOBER 12, 2023

supports weak cryptography, which is a security risk as there are tools available to decrypt packets with weak cryptography. For example, if a Windows 8 machine communicates with a Windows 2012 server, the SMB 3.0 Subscribe The post A PowerShell Script to Mitigate Active Directory Security Risks appeared first on eSecurity Planet.

Risk 142

Risk Authentication Encryption Cybersecurity 142

Malwarebytes

JULY 25, 2024

Affected systems are running Windows 10 and 11 or one of the server versions (Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.). And the affected systems are very likely to have Device Encryption enabled.

Encryption 141

Encryption Firmware Accountability Risk 141

Security Affairs

JANUARY 4, 2021

Judge Vanessa Baraitser denied the extradition due to suicide risk for the impression he could suffer in the U.S. “Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent.

Government 141

Government Risk Passwords Hacking 141

Security Affairs

MARCH 12, 2025

The exploit, linked to the PipeMagic backdoor , has targeted unsupported Windows versions like Server 2012 R2 and 8.1 but also affects Windows 10 (build 1809 and earlier) and Server 2016.

Cybersecurity 67

Cybersecurity Hacking Risk Information Security 67

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking 140

Hacking Firmware Internet Internet 140

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Advertising 145

Advertising Firewall Education Engineering 145

Adam Shostack

JANUARY 2, 2025

Lastly, I want to acknowledge that at BSides San Francisco 2012 , Kellman Meghu made the point that "they're having a pretty good risk management discussion," and that inspired the way I kicked off this talk. Adam's New Thing is my announcement list for people who hate such things.

Risk 130

Risk 130

SecureWorld News

JUNE 22, 2022

The thing that makes the SolarWinds hack newsworthy, and it is indeed extraordinary if national security is important to you, is that it is the first notable example—or at least, the first one we've heard about—of the very thing that the GAO warned Congress about back in 2012. The obvious question is, what shall we do?

Software 95

Software Risk Hacking Accountability 95

Schneier on Security

APRIL 10, 2023

But while it’s an easy experiment to run, it misses the real risk of large language models (LLMs) writing scam emails. In 2012, researcher Cormac Herley offered an answer : It weeded out all but the most gullible. Today’s human-run scams aren’t limited by the number of people who respond to the initial email contact.

Phishing 339

Phishing Scams Internet Internet 339

Security Affairs

JUNE 9, 2024

This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. ” reads the advisory published by DEVCORE.

Architecture 141

Architecture Hacking Risk Cybersecurity 141

SecureWorld News

NOVEMBER 30, 2021

M&A cyber risk is real. DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012. This system has never been used in DDC's operations and has not been active since 2012.".

Data breaches 98

Data breaches Insurance Cyber Risk Risk 98

CyberSecurity Insiders

DECEMBER 29, 2021

So, it is urging all businesses to take appropriate measures to mitigate all cyber risks associated with Log4j2 issues. Note- Found in 2012, Aquatic Panda is found relying heavily on cobalt strike, the remote access exploiting tool.

Cyber Risk 134

Cyber Risk Education Government Ransomware 134

Troy Hunt

MARCH 18, 2024

The Dropbox and LinkedIn breaches, for example, occurred in 2012 before being broadly distributed in 2016 and just like those incidents, the alleged AT&T data is now in very broad circulation. That's just an unacceptable risk for which the old adage of "you cannot lose what you do not have" provides the best possible fix.

Data breaches 362

Data breaches Encryption Identity Theft InfoSec 362

Security Affairs

JUNE 12, 2024

An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. The vulnerability CVE-2024-4577 resides in the Best-Fit feature of encoding conversion within the Windows operating system.

Hacking 133

Hacking Cybersecurity Risk Information Security 133

Security Boulevard

NOVEMBER 29, 2021

The Giving Tuesday movement came into being in 2012 to encourage generosity and charitable giving year-round; the Tuesday after the U.S. Tomorrow, November 30, is Giving Tuesday, a day of emphasis on charitable giving both by individuals and organizations and enterprises. Thanksgiving holiday is officially designated Giving Tuesday.

Social Engineering 111

Social Engineering Scams Engineering Security Awareness 111

Anton on Security

SEPTEMBER 21, 2023

Low awareness of removed or failed log sources  — SOCs with low awareness of removed or failed log sources are at risk of missing critical security events and failed — worse, quietly failed — detections. What data do we collect?” tends to predate “what do we actually want to do?”

Engineering 221

Engineering Threat Detection Marketing Internet 221

Security Affairs

MAY 16, 2019

was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. replaces the original Attack Surface Analzyer tool, released publicly in 2012.” The first version of the Attack Surface Analyzer 1.0 “Attack Surface Analyzer 2.0

Advertising 109

Advertising Software Technology Accountability 109

Security Affairs

MARCH 27, 2020

“Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.” and Windows Server 2012. reads the advisory published by Microsoft. See the link for more details.

Advertising 142

Advertising Risk Internet Internet 142

SecureList

NOVEMBER 29, 2024

According to the UK’s National Crime Agency (NCA), this individual also was behind the infamous Reveton ransomware Trojan spread in 2012 — 2014. Ransomware Quarterly trends and highlights Progress in law enforcement In August, Spain arrested a cybercriminal who founded Ransom Cartel in 2021 and set up a malvertizing campaign.

Mobile 106

Mobile Adware Ransomware Malware 106

eSecurity Planet

OCTOBER 11, 2023

This CVE should be treated as a higher severity than Important due to the risk of exploit.” Ivanti’s Goettl noted that, as with the WordPad flaw, the CVE should be treated as a higher severity than its rating due to the risk of exploit. “End-of-life software poses a risk to an organization,” he said.

DDOS 109

DDOS Engineering Authentication Social Engineering 109

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware 117

Ransomware Hacking Software Risk 117

CyberSecurity Insiders

OCTOBER 24, 2021

times the amount observed during the 2012 London Olympics. According to a finding discovered by NTT Corporation that was assigned operating the digital services across the event, state funded hackers tried their best to disrupt the event that counted over 2.5

Cyber Attacks 141

Cyber Attacks Cyber Risk Backups Education 141

Security Boulevard

MARCH 4, 2021

In 2012, an employee’s laptop, containing ePHI for about 30,000 patients was stolen. The University of Texas M.D. Anderson Cancer Center was having a hard time protecting patient electronic health information. The same year, a trainee lost an unencrypted thumb drive with ePHI for about 2,000 people during her evening commute and in 2013, a.

Risk 97

Risk Government Cybersecurity 97

Malwarebytes

MAY 2, 2024

At the age of 17, Kivimäki was convicted of more than 50,000 computer hacks and sentenced to a two-year prison sentence, which was suspended because he was 15 and 16 when he carried out the crimes in 2012 and 2013.

Hacking 128

Hacking Government Risk Cybersecurity 128

Malwarebytes

JANUARY 9, 2023

after January 10, 2023 may increase an organization's exposure to security risks or impact its ability to meet compliance obligations. Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Cybersecurity risks should never spread beyond a headline. Continuing to use Windows 8.1 drivers months before.

Risk 98

Risk Software Cybersecurity 98

Security Affairs

JULY 11, 2024

An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. The continuously shrinking time that defenders have to protect themselves after a new vulnerability disclosure is yet another critical security risk.” ” concludes the report.

Malware 138

Malware DDOS Internet Internet 138