Tech Republic Security

JULY 3, 2024

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 194

Software Information Security 194

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability 269

Accountability Advertising Marketing Malware 269

Krebs on Security

JUNE 10, 2022

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive. Adconion was acquired in June 2014 by Amobee , a Redwood City, Calif.

Government 300

Government Marketing Internet Internet 300

Schneier on Security

MAY 9, 2019

The article talks about evidence collected after he was identified and searched: According to the indictment, in August 2014, Mr. Hale's cellphone contact list included information for the reporter, and he possessed two thumb drives. Prosecutors said Mr. Hale had tried to delete the document from the thumb drive.

Software 223

Software 223

Schneier on Security

NOVEMBER 24, 2023

The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond.

Malware 282

Malware Government 282

Schneier on Security

APRIL 2, 2020

This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 name, mailing address, email address, and phone number) Loyalty Account Information (e.g., linked airline loyalty programs and numbers). Preferences (e.g.,

Hacking 247

Hacking Accountability Data breaches Government 247

Schneier on Security

APRIL 27, 2022

Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.

Ransomware 227

Ransomware Risk Malware Hacking 227

Schneier on Security

OCTOBER 7, 2019

The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short film about Snowden in 2014. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The second is an essay looking back at the Snowden revelations and what they mean.

Government 219

Government 219

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.

Government 251

Government Malware Cybercrime 251

Krebs on Security

JULY 9, 2024

Tyler Reguly at Forta noted that today marks the End of Support date for SQL Server 2014 , a platform that according to Shodan still has ~110,000 instances publicly available. All three bugs have been assigned a CVSS score of 9.8 (out out of 10) and indicate that a malicious packet could trigger the vulnerability.

Internet 267

Internet Internet Engineering Software 267

Schneier on Security

JANUARY 28, 2020

The NSA claims it stopped doing that in 2014 -- probably just stopped doing it in the US -- but why should it bother when the government can just get the data from Google. In 2013, we learned from Edward Snowden that the NSA does this worldwide. Its program is called CO-TRAVELLER.

Surveillance 216

Surveillance Government 216

Schneier on Security

JULY 26, 2019

But while Tinley's files worked for years, they started malfunctioning around 2014. The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management.

Software 214

Software Hacking 214

The Hacker News

DECEMBER 3, 2024

The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack

143

143

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February.

Malware 346

Malware Passwords Banking Password Management 346

Krebs on Security

FEBRUARY 7, 2024

In a retrospective post published to Livejournal in 2014 titled, “Mazafaka, from conception to the present day,” Stalker said Djamix had become a core member of the community. Those include several websites about life in and around Sochi , Russia, the site of the 2014 Winter Olympics, as well as a nearby coastal town called Adler.

Cybercrime 290

Cybercrime Accountability Identity Theft Hacking 290

Krebs on Security

FEBRUARY 4, 2021

For example, one of the most active accounts targeted in this week’s social network crackdown is the Instagram profile “ Trusted ,” self-described as “top-tier professional middleman/escrow since 2014.” Those databases show Beam was just the 12th user account created on OGUsers back in 2014.

Accountability 337

Accountability Hacking Media Mobile 337

Penetration Testing

DECEMBER 2, 2024

Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software.

Software 90

Software Cybersecurity 90

Krebs on Security

JUNE 16, 2021

While CLOP as a moneymaking collective is fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “ TA505 ,” which MITRE ‘s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Ransomware 338

Ransomware Cybercrime Malware Encryption 338

Schneier on Security

MARCH 21, 2019

The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives.

Media 251

Media 251

Krebs on Security

OCTOBER 26, 2021

Indeed, some of history’s largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target , Home Depot and elsewhere that led to the theft of roughly another 100 million cards.

Technology 72

Technology Retail Computers and Electronics Malware 72

Krebs on Security

DECEMBER 3, 2024

Image: Interisle Cybercrime Supply Chain 2014. Currently, there are around 2,500 registrars authorized to sell domains by the Internet Corporation for Assigned Names and Numbers (ICANN), the California nonprofit that oversees the domain industry. The top 5 new gTLDs, ranked by cybercrime domains reported.

Cybercrime 263

Cybercrime Phishing Accountability Internet 263

Schneier on Security

OCTOBER 11, 2024

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me.

Technology 215

Technology Cybersecurity 215

Schneier on Security

DECEMBER 13, 2018

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood's computer networks since 2014, said one of the sources. I used to have opinions about whether these attributions are true or not. These days, I tend to wait and see.

Hacking 206

Hacking 206

Krebs on Security

NOVEMBER 20, 2019

In February 2014, KrebsOnSecurity reached out to Usatyuk’s father Peter Usatyuk , an assistant professor at the University of Illinois at Chicago. 13, 2014. “I But Usatyuk’s involvement in the DDoS-for-hire space very much predates that period. I did so because a brief amount of sleuthing on Hackforums[.]net

DDOS 207

DDOS Internet Internet Advertising 207

The Hacker News

MAY 16, 2024

The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an

Cybersecurity 140

Cybersecurity 140

The Hacker News

MARCH 29, 2024

TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

IoT 142

IoT 142

Krebs on Security

JULY 27, 2022

“Full Delete netted ALM $1.7mm in revenue in 2014. In 2014, ALM reported revenues of $115 million. Cyber intelligence firm Intel 471 recorded a series of posts by a user with the handle “ Brutium ” on the Russian-language cybercrime forum Antichat between 2014 and 2016.

Cybercrime 59

Cybercrime Hacking Media Advertising 59

Schneier on Security

DECEMBER 24, 2020

Worries about what the Chinese now knew precipitated an intelligence community-wide damage assessment surrounding the OPM and other hacks, recalled Douglas Wise, a former senior CIA official who served deputy director of the Defense Intelligence Agency from 2014 to 2016.

Hacking 361

Hacking Government 361

Krebs on Security

APRIL 7, 2022

The Justice Department said that in Dragonfly’s first stage between 2012 and 2014, the defendants hacked into computer networks of industrial control systems (ICS) companies and software providers, and then hid malware inside legitimate software updates for such systems. energy facilities. ” HYDRA. . ” HYDRA.

Marketing 287

Marketing Energy and Utilities Malware Ransomware 287

The Hacker News

JUNE 19, 2021

A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus.

Cybersecurity 145

Cybersecurity 145

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Golubov was arrested in Ukraine in 2005 as part of a joint investigation with multiple U.S. Vrublevsky Sr.

Retail 235

Retail Advertising Cryptocurrency Marketing 235

Krebs on Security

MARCH 22, 2021

By 2014 it was throwing lavish parties at top Internet security conferences. ” Stiansen’s leadership at Norse coincided with the company’s release of a report in 2014 on Iran’s cyber prowess that was widely trounced as deeply flawed and headline-grabbing.

Surveillance 300

Surveillance Computers and Electronics Internet Internet 300

Schneier on Security

JANUARY 17, 2019

Back in 2014, Dan Geer said that that the US should corner the market on software vulnerabilities: "There is no doubt that the U.S. Many companies have bug bounty programs for those who want the exploit used for defensive purposes -- i.e., fixed -- but they pay orders of magnitude less. This is a problem.

Marketing 217

Marketing Surveillance Government Software 217

Krebs on Security

JULY 23, 2020

According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years.

Insurance 327

Insurance Financial Services Penetration Testing Scams 327

Krebs on Security

JANUARY 14, 2019

On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014.

DDOS 208

DDOS Internet Internet Spyware 208

Schneier on Security

OCTOBER 19, 2023

Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction.

CISO 257

CISO Data breaches Government 257

Security Affairs

OCTOBER 26, 2022

This is the second critical vulnerability ever addressed by the OpenSSL Project after the critical Heartbleed vulnerability (CVE-2014-0160) in 2014. The highest severity issue fixed in this release is CRITICAL:” The critical vulnerability only impacts versions 3.0 OpenSSL Project also announced the upcoming bug-fix release 1.1.1s

Encryption 136

Encryption Hacking Information Security 136