Schneier on Security

AUGUST 14, 2024

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” (..)

Insurance 327

Insurance Manufacturing Technology Data collection 327

Krebs on Security

FEBRUARY 19, 2021

The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015. According to prosecution documents, Marcu and The Shark spotted my reporting shortly after it was published in 2015, and discussed what to do next on a messaging app: The Shark: Krebsonsecurity.com See this.

Banking 329

Banking Accountability Cybercrime Mobile 329

Krebs on Security

JUNE 18, 2020

. “You can expect good things come tax time as I will have lots of profiles with verified prior year AGIs to make your refund filing 10x easier,” TheDearthStar advertised in an August 2015 message to AlphaBay members. ’ Could be $1,000 could be $100,000.” Treasury billions of dollars.

Identity Theft 360

Identity Theft Healthcare Hacking Technology 360

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Krebs on Security

JUNE 3, 2020

An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 See the video and everything.

Banking 363

Banking Advertising Mobile Marketing 363

Schneier on Security

MAY 17, 2024

Raidforums (hosted at raidforums.com and run by Omnipotent) was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022.” .” “Previously, a separate version of BreachForums (hosted at breached.vc/.to/.co

Hacking 317

Hacking Accountability Ransomware Internet 317

Krebs on Security

OCTOBER 15, 2020

The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. Dominitz said he never imagined back in 2015 when he founded Q6Cyber that we would still be seeing so many merchants dealing with magstripe-based data breaches.

Data breaches 361

Data breaches Cybercrime Retail Banking 361

Tech Republic Security

JULY 14, 2020

The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.

Identity Theft 218

Identity Theft Data breaches 218

Krebs on Security

FEBRUARY 7, 2023

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison. 12, 2023 scoop from The Wrap. There are several other studios pursuing documentaries on the Ashley Madison breach, and it’s not hard to see why.

Media 268

Media 268

Tech Republic Security

AUGUST 27, 2020

The BeagleBoyz have made off with nearly $2 billion since 2015, and they're back to attacking financial institutions after a short lull in activity.

Banking 218

Banking Government 218

Schneier on Security

OCTOBER 15, 2021

It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s We seem to have to do this every decade or so.)

Risk 355

Risk Encryption 355

Schneier on Security

OCTOBER 23, 2020

We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed. Lots of details in the report. And in this news article : At least 49 of the 50 largest U.S.

Mobile 335

Mobile Engineering Encryption 335

Security Affairs

FEBRUARY 2, 2025

” Source KrebsOnSecurity KrebsOnSecurity first wrote about the Manipulaters in May 2015 , the cybercrime group openly advertised on forums in 2015. The seizure of these domains is intended to disrupt the ongoing activity of these groups and stop the proliferation of these tools within the cybercriminal community.”

Cybercrime 109

Cybercrime Advertising Phishing Hacking 109

Krebs on Security

NOVEMBER 11, 2023

More greatest hits from Experian: 2022: Class Action Targets Experian Over Account Security 2017: Experian Site Can Give Anyone Your Credit Freeze PIN 2015: Experian Breach Affects 15 Million Customers 2015: Experian Breach Tied to NY-NJ ID Theft Ring 2015: At Experian, Security Attrition Amid Acquisitions 2015: Experian Hit With Class Action (..)

Accountability 338

Accountability Authentication Passwords Identity Theft 338

Schneier on Security

FEBRUARY 12, 2021

Despite its similarities to a Russian attack of a Ukrainian power plant in 2015, my bet is that it’s a disgruntled insider: either a current or former employee. This could have been fatal to people living downstream, if an alert operator hadn’t noticed the change and reversed it. We don’t know who is behind this attack.

Manufacturing 329

Manufacturing Firewall Media Passwords 329

Krebs on Security

OCTOBER 7, 2020

citizen who absconded from justice before being convicted on multiple counts of fraud in 2015. The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. that was part of John Davies’ 2015 fraud conviction. After eluding justice in the U.K., John Clifton Davies, a.k.a.

Banking 299

Banking Scams Government Advertising 299

Krebs on Security

JULY 29, 2020

McCoy and fellow NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale. In 2015, the major credit card associations instituted new rules that made it riskier and potentially more expensive for U.S.

Accountability 361

Accountability Banking Retail Hacking 361

Joseph Steinberg

JANUARY 4, 2021

In 2015 Google began “pausing” Flash animations , and, by late 2016, Google, Microsoft , and Apple had all announced that future versions of their web browsers would block Flash by default.

Technology 246

Technology Mobile Internet Internet 246

SecureWorld News

JANUARY 8, 2025

United Structures of America (Texas): This steel building manufacturer ceased operations in 2015. The closure was linked to a ransomware attack that severely impacted the company's operations, leaving employees and customers without warning. The message is clear: Don't wait until you're struggling to get serious about cyber resilience.

Ransomware 113

Ransomware Manufacturing Government Accountability 113

Security Affairs

JANUARY 16, 2025

The Star Blizzard group, aka “ Callisto “, Seaborgium , ColdRiver , and TA446, targeted government officials, military personnel,journalists and think tanks since at least 2015.

Accountability 122

Accountability Phishing Government Hacking 122

Troy Hunt

NOVEMBER 19, 2021

I'm giving away stickers and 3D printed logos every day to a rando who has signed up for my free book preview) Sponsored by: Redgate’s SQL Monitor: always understand the health of your SQL Server estate and avoid potential issues before they impact your business.

Wireless 306

Wireless Mobile 306

Schneier on Security

JANUARY 14, 2023

Booklist reviews A Hacker’s Mind : Author and public-interest security technologist Schneier ( Data and Goliath , 2015) defines a “hack” as an activity allowed by a system “that subverts the rules or norms of the system […] at the expense of someone else affected by the system.”

Hacking 257

Hacking Technology 257

Schneier on Security

MAY 9, 2019

In 2015, the Intercept started publishing " The Drone Papers ," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified.

Software 249

Software 249

Krebs on Security

SEPTEMBER 25, 2020

man who absconded from justice before being convicted on multiple counts of fraud in 2015. John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015. In 2015, Mr. Davies was convicted of stealing more than GBP 750,000 from struggling companies looking to restructure their debt.

Scams 249

Scams Insurance Advertising Technology 249

Security Affairs

FEBRUARY 1, 2025

“Pursuant to Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, this is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets.” Company client delivery services were not impacted by the attack.

Technology 116

Technology Ransomware Engineering Manufacturing 116

Krebs on Security

JULY 2, 2021

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw.

Firmware 363

Firmware Passwords Internet Internet 363

Troy Hunt

FEBRUARY 6, 2020

Chrome 80 has hit and that means breaking changes for a bunch of sites (if you haven't already tested your apps, you really want to do that ASAP) The Adult FriendFinder breach is now in HIBP (this is the 2016 one - the 2015 one is already in there) Sponsored by: Duo. Modern security is evolving beyond the perimeter.

264

264

Krebs on Security

MAY 26, 2020

“ Rechinu ” or “The Shark,” and his ATM company Intacash , were the subject of a three part investigation by KrebsOnSecurity published in September 2015. Tudor, a.k.a.

Government 360

Government Media 360

Schneier on Security

MARCH 4, 2021

2014-2015: China’s hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe. This allows someone with a foothold on a machine to commandeer the whole box. Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers.

System Administration 254

System Administration Government Hacking 254

Schneier on Security

APRIL 5, 2022

We allude to this kind of risk in our 2015 “ Keys Under Doormats ” paper: Third, exceptional access would create concentrated targets that could attract bad actors. Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam.

Scams 326

Scams Engineering Encryption Technology 326

Krebs on Security

FEBRUARY 13, 2025

Shelest released a lengthy statement (PDF) wherein he acknowledged maintaining an ownership stake in Nuwber , a consumer data broker he founded in 2015 around the same time he started Onerep. Onerep.com CEO and founder Dimitri Shelest, as pictured on the “about” page of onerep.com.

Data breaches 185

Data breaches Marketing Passwords Risk 185

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising 240

Advertising Antivirus Software Malware 240

Krebs on Security

JUNE 25, 2019

com via Domaintools.com shows the domain was assigned in 2015 to a company called “ Shanghai Blazefire Network Technology Co. com 2015-03-09 GODADDY.COM, LLC. That record, from April 2015, lists Chu Da’s email address as yehuo@blazefire.com. More searching points to a Yehuo user on gamerbbs[.]cn 2333youxi[.]com

Mobile 273

Mobile Technology Manufacturing Malware 273

Schneier on Security

FEBRUARY 26, 2020

The New York Times is reporting on the NSA's phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans' domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

277

277

Krebs on Security

JULY 10, 2022

2015: Experian Breach Affects 15 Million Customers. 2015: Experian Breach Tied to NY-NJ ID Theft Ring. 2015: At Experian, Security Attrition Amid Acquisitions. 2015: Experian Hit With Class Action Over ID Theft Service. More greatest hits from Experian: 2017: Experian Site Can Give Anyone Your Credit Freeze PIN.

Accountability 339

Accountability Passwords Authentication Password Management 339

Security Affairs

MARCH 5, 2025

“Pursuant to Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, this is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets.” ” reads the filing.

Technology 107

Technology Ransomware Engineering Manufacturing 107

Troy Hunt

NOVEMBER 17, 2023

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices.

Identity Theft 259

Identity Theft Government Accountability 259