Penetration Testing

DECEMBER 2, 2024

Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software.

Software 88

Software Cybersecurity 88

Krebs on Security

SEPTEMBER 29, 2020

On April 6, 2014, some 11 million people across the United States were disconnected from 911 services for eight hours thanks to an “entirely preventable” software error tied to Intrado’s systems. million for the multi-state 2014 outage. 2018 outage that lasted 65 minutes.

Telecommunications 362

Telecommunications Software 362

Schneier on Security

MAY 10, 2019

It's just not the kind of mistake you make by accident, not in 2014. A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor.

Encryption 275

Encryption 275

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input.” ” reads the advisory.

Hacking 129

Hacking Firmware Software Manufacturing 129

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 329

Marketing Spyware Surveillance Government 329

Schneier on Security

MAY 9, 2019

The article talks about evidence collected after he was identified and searched: According to the indictment, in August 2014, Mr. Hale's cellphone contact list included information for the reporter, and he possessed two thumb drives. Prosecutors said Mr. Hale had tried to delete the document from the thumb drive.

Software 253

Software 253

Krebs on Security

DECEMBER 4, 2024

In December 2023, KrebsOnSecurity identified Lenin as “ Rescator ,” the nickname used by the cybercriminal responsible for selling more than 100 million payment cards stolen from customers of Target and Home Depot in 2013 and 2014.

Cybercrime 225

Cybercrime Ransomware Cryptocurrency Government 225

Schneier on Security

NOVEMBER 24, 2023

The group­—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond.

Malware 316

Malware Government 316

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability 281

Accountability Advertising Marketing Malware 281

Krebs on Security

JUNE 10, 2022

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive. Adconion was acquired in June 2014 by Amobee , a Redwood City, Calif.

Government 314

Government Marketing Internet Internet 314

Tech Republic Security

JULY 3, 2024

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 193

Software Information Security 193

Schneier on Security

APRIL 2, 2020

This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 name, mailing address, email address, and phone number) Loyalty Account Information (e.g., linked airline loyalty programs and numbers). Preferences (e.g.,

Hacking 274

Hacking Accountability Data breaches Government 274

Schneier on Security

OCTOBER 7, 2019

The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short film about Snowden in 2014. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The second is an essay looking back at the Snowden revelations and what they mean.

Government 247

Government 247

Schneier on Security

APRIL 27, 2022

Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.

Ransomware 248

Ransomware Risk Malware Hacking 248

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.

Government 284

Government Malware Cybercrime 284

Schneier on Security

JULY 26, 2019

But while Tinley's files worked for years, they started malfunctioning around 2014. The spreadsheets included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management.

Software 240

Software Hacking 240

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities.

Malware 121

Malware Government Hacking Cybersecurity 121

Krebs on Security

JULY 9, 2024

Tyler Reguly at Forta noted that today marks the End of Support date for SQL Server 2014 , a platform that according to Shodan still has ~110,000 instances publicly available. All three bugs have been assigned a CVSS score of 9.8 (out out of 10) and indicate that a malicious packet could trigger the vulnerability.

Internet 279

Internet Internet Engineering Software 279

Schneier on Security

JANUARY 28, 2020

The NSA claims it stopped doing that in 2014 -- probably just stopped doing it in the US -- but why should it bother when the government can just get the data from Google. In 2013, we learned from Edward Snowden that the NSA does this worldwide. Its program is called CO-TRAVELLER.

Surveillance 228

Surveillance Government 228

Schneier on Security

MARCH 21, 2019

The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives.

Media 275

Media 275

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February.

Malware 355

Malware Passwords Banking Password Management 355

eSecurity Planet

MARCH 24, 2025

27, 2014, allowed an unauthenticated attacker network access via HTTP. Vulnerability analysis and exploit details The breach appears to be linked to a well-known vulnerability CVE-2021-35587 which affects Oracle Access Manager (OpenSSO Agent) in Oracle Fusion Middleware. According to FOFA data, the vulnerable endpoint, last updated on Sept.

Risk 90

Risk Passwords Hacking Encryption 90

Krebs on Security

JUNE 16, 2021

While CLOP as a moneymaking collective is fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “ TA505 ,” which MITRE ‘s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014.

Ransomware 355

Ransomware Cybercrime Malware Encryption 355

Schneier on Security

DECEMBER 13, 2018

Identifying the culprit is further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood's computer networks since 2014, said one of the sources. I used to have opinions about whether these attributions are true or not. These days, I tend to wait and see.

Hacking 226

Hacking 226

Security Affairs

DECEMBER 18, 2024

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date.

Cyber Attacks 115

Cyber Attacks Hacking Government Malware 115

Krebs on Security

FEBRUARY 7, 2024

In a retrospective post published to Livejournal in 2014 titled, “Mazafaka, from conception to the present day,” Stalker said Djamix had become a core member of the community. Those include several websites about life in and around Sochi , Russia, the site of the 2014 Winter Olympics, as well as a nearby coastal town called Adler.

Cybercrime 305

Cybercrime Accountability Identity Theft Hacking 305

Krebs on Security

NOVEMBER 20, 2019

In February 2014, KrebsOnSecurity reached out to Usatyuk’s father Peter Usatyuk , an assistant professor at the University of Illinois at Chicago. 13, 2014. “I But Usatyuk’s involvement in the DDoS-for-hire space very much predates that period. I did so because a brief amount of sleuthing on Hackforums[.]net

DDOS 220

DDOS Internet Internet Advertising 220

Security Affairs

FEBRUARY 19, 2025

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records.

Authentication 122

Authentication System Administration DNS Hacking 122

Krebs on Security

OCTOBER 26, 2021

Indeed, some of history’s largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target , Home Depot and elsewhere that led to the theft of roughly another 100 million cards.

Technology 72

Technology Retail Computers and Electronics Malware 72

Security Affairs

MARCH 5, 2025

It was established on 26 September 2014, and its headquarters are located in Gdask, Poland. The Polish Space Agency (POLSA; Polish: Polska Agencja Kosmiczna, PAK) is the space agency of Poland, administered by the Ministry of Economic Development and Technology. It is a member of the European Space Agency.

Internet 103

Internet Internet Ransomware Technology 103

Krebs on Security

FEBRUARY 4, 2021

For example, one of the most active accounts targeted in this week’s social network crackdown is the Instagram profile “ Trusted ,” self-described as “top-tier professional middleman/escrow since 2014.” Those databases show Beam was just the 12th user account created on OGUsers back in 2014.

Accountability 326

Accountability Hacking Media Mobile 326

Krebs on Security

JULY 27, 2022

“Full Delete netted ALM $1.7mm in revenue in 2014. In 2014, ALM reported revenues of $115 million. Cyber intelligence firm Intel 471 recorded a series of posts by a user with the handle “ Brutium ” on the Russian-language cybercrime forum Antichat between 2014 and 2016.

Cybercrime 61

Cybercrime Hacking Media Advertising 61

Schneier on Security

JANUARY 17, 2019

Back in 2014, Dan Geer said that that the US should corner the market on software vulnerabilities: "There is no doubt that the U.S. Many companies have bug bounty programs for those who want the exploit used for defensive purposes -- i.e., fixed -- but they pay orders of magnitude less. This is a problem.

Marketing 245

Marketing Surveillance Government Software 245

Krebs on Security

APRIL 7, 2022

The Justice Department said that in Dragonfly’s first stage between 2012 and 2014, the defendants hacked into computer networks of industrial control systems (ICS) companies and software providers, and then hid malware inside legitimate software updates for such systems. energy facilities. ” HYDRA. . ” HYDRA.

Marketing 295

Marketing Energy and Utilities Malware Ransomware 295

Schneier on Security

OCTOBER 19, 2023

Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices. Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction.

CISO 290

CISO Data breaches Government 290

Schneier on Security

DECEMBER 24, 2020

Worries about what the Chinese now knew precipitated an intelligence community-wide damage assessment surrounding the OPM and other hacks, recalled Douglas Wise, a former senior CIA official who served deputy director of the Defense Intelligence Agency from 2014 to 2016.

Hacking 363

Hacking Government 363

The Hacker News

DECEMBER 3, 2024

The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack

139

139