Krebs on Security

JANUARY 20, 2020

Preston was featured in the 2016 KrebsOnSecurity story DDoS Mitigation Firm Has History of Hijacks , which detailed how the company he co-founded — BackConnect Security LLC — had developed the unusual habit of hijacking Internet address space it didn’t own in a bid to protect clients from attacks.

DDOS 344

DDOS Internet Internet System Administration 344

Krebs on Security

MAY 18, 2020

” From 2013 to 2016, upO was a major player on Exploit[.]in For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. in in late 2016, complaining that RedBear was refusing to pay a debt owed to him.

Malware 348

Malware Cybercrime Ransomware Marketing 348

Lohrman on Security

JULY 25, 2021

Vincent Hoang became the CISO in Hawaii in 2016. In this interview, Vince shares his journey and cyber priorities in protecting the Aloha State, particularly among the challenges presented by COVID-19.

CISO 291

CISO Government Cybersecurity 291

Schneier on Security

JANUARY 11, 2021

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice.

Data collection 361

Data collection Accountability 361

Schneier on Security

OCTOBER 19, 2023

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices.

CISO 290

CISO Data breaches Government 290

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 219

System Administration Engineering Internet Internet 219

Krebs on Security

FEBRUARY 4, 2025

to , and vDOS , a DDoS-for-hire service that was shut down in 2016 after its founders were arrested. According to the cyber intelligence firm Intel 471 , a user named Finndev registered on multiple cybercrime forums, including Raidforums [ seized by the FBI in 2022 ], Void[.]to The email address used for those accounts was f.grimpe@gmail.com.

eCommerce 201

eCommerce Cybercrime Accountability Passwords 201

Schneier on Security

MAY 20, 2024

In 2016, IBM bought Resilient Systems, the startup I was a part of. IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar.

Cybersecurity 313

Cybersecurity 313

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 362

Telecommunications Architecture Mobile Hacking 362

Security Affairs

OCTOBER 15, 2024

released in 2016.” Most websites have been or will soon be automatically updated to the latest version. “During an internal security audit, we found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, ” reads the advisory.

Hacking 128

Hacking 128

Schneier on Security

JUNE 28, 2019

If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Today is my last day at IBM. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job.

Technology 279

Technology 279

Schneier on Security

FEBRUARY 26, 2020

in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla.,

277

277

Schneier on Security

APRIL 19, 2021

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities.

Software 334

Software Hacking 334

Krebs on Security

JANUARY 8, 2019

Last week, KrebsOnSecurity heard from a reader who’d just purchased a copy of Microsoft Office 2016 Professional Plus from a seller on eBay for less than $4. Let’s call this Red Flag #1, as a legitimately purchased license of Microsoft Office 2016 is still going to cost between $70 and $100.

Software 272

Software Passwords Accountability Web Fraud 272

Schneier on Security

NOVEMBER 11, 2022

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

Surveillance 244

Surveillance 244

Schneier on Security

AUGUST 13, 2020

politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" ­ deliberate attempts to direct moral judgement against their target.

Hacking 272

Hacking Cybersecurity 272

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

216

216

Tech Republic Security

JULY 28, 2020

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

Data privacy 218

Data privacy 218

Security Affairs

NOVEMBER 24, 2024

PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016. The defendants are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person to offer access devices.

Cybercrime 130

Cybercrime Cryptocurrency Banking Accountability 130

Schneier on Security

JULY 20, 2021

Citizen Lab has been researching and reporting on its actions since 2016. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.” ” This isn’t the first time NSO Group has been in the news.

Hacking 364

Hacking Spyware Manufacturing Software 364

Troy Hunt

FEBRUARY 25, 2020

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. The last time that happened in 2016, the error rate peaked at about a third of all requests. was there more traffic back then?

Data breaches 279

Data breaches Accountability 279

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising 316

Advertising Cybercrime System Administration Hacking 316

Tech Republic Security

SEPTEMBER 17, 2021

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.

Ransomware 214

Ransomware 214

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016.

Wireless 274

Wireless Manufacturing Encryption Hacking 274

Schneier on Security

NOVEMBER 1, 2018

To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. This is not surprising : This year, I bought two more machines to see if security had improved.

Hacking 276

Hacking 276

Schneier on Security

MAY 8, 2019

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government.

Hacking 264

Hacking Government 264

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. They will receive direct inputs from our environment, in all the forms I thought about in 2016. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars.

Internet 335

Internet Internet IoT Banking 335

Schneier on Security

MAY 8, 2019

Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In summary: if we know the version of MS Office of a target system (e.g. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.

Antivirus 274

Antivirus Engineering Malware 274

Krebs on Security

MARCH 22, 2021

Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. In 2016, financial reality once again would catch up with the company’s leadership when Norse abruptly ceased operations and was forced to lay off most of its staff. Remember Norse Corp. ,

Surveillance 321

Surveillance Computers and Electronics Internet Internet 321

Troy Hunt

MAY 15, 2020

Met at the 6th National Pro Bono Conference in Ottawa in September 2016 Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration. — Troy Hunt (@troyhunt) November 15, 2016 So, mark me down for another data breach of my own personal info. It feels like a CRM.

Data breaches 363

Data breaches InfoSec 363

Krebs on Security

FEBRUARY 5, 2020

Mathew Marulla began leasing a Ford Focus electric vehicle in 2013, but turned the car back in to Ford at the end of his lease in 2016. Out of curiosity, Marulla decided to check if his old MyFordMobile.com credentials from 2016 still worked.

Mobile 329

Mobile Engineering Internet Internet 329

Security Boulevard

OCTOBER 31, 2024

Cyberattacks during the 2016 U.S. presidential election exposed vulnerabilities in voter databases across 21 states, marking a stark warning about the fragility of our electoral systems. The post Defending Democracy From Cyber Attacks in 2024 appeared first on Security Boulevard.

Cyber Attacks 72

Cyber Attacks Security Awareness Cybersecurity 72

Security Affairs

FEBRUARY 25, 2025

is a Java deserialization vulnerability in the Apache BlazeDS library in Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier. An attacker can exploit the vulnerability to achieve arbitrary code execution.

Hacking 99

Hacking Cybersecurity Risk Cybercrime 99

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 340

IoT DDOS Internet Internet 340

Krebs on Security

MARCH 10, 2020

Firsov also tweeted about competing in and winning several “capture the flag” hacking competitions, including the 2016 and 2017 CTF challenges at Positive Hack Days (PHDays), an annual security conference in Moscow. Isis’ profile on antichat. ” A Google Translate version of that advertisement is here (PDF).

Accountability 337

Accountability Advertising Hacking Cybercrime 337

Security Affairs

NOVEMBER 12, 2024

Its name comes from the 2016 merger of two companies: Ahold (Dutch) and Delhaize Group (Belgian), which both have origins in the 1800s. Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company.

eCommerce 117

eCommerce Cyber Attacks Retail Hacking 117

Troy Hunt

FEBRUARY 6, 2020

Chrome 80 has hit and that means breaking changes for a bunch of sites (if you haven't already tested your apps, you really want to do that ASAP) The Adult FriendFinder breach is now in HIBP (this is the 2016 one - the 2015 one is already in there) Sponsored by: Duo. Modern security is evolving beyond the perimeter.

264

264