Krebs on Security

MAY 18, 2020

” From 2013 to 2016, upO was a major player on Exploit[.]in For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. in in late 2016, complaining that RedBear was refusing to pay a debt owed to him.

Malware 322

Malware Cybercrime Ransomware Marketing 322

Schneier on Security

JANUARY 11, 2021

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice.

Data collection 342

Data collection Accountability 342

CSO Magazine

MAY 23, 2023

On May 4, 2023, Sullivan was sentenced to three years of probation for felony obstruction and misprision for not reporting a 2016 breach at rideshare and delivery company Uber that threatened to expose the data of 600,000 drivers and the personal information associated with 57 million riders.

CSO 127

CSO CISO Cybercrime Cybersecurity 127

Schneier on Security

OCTOBER 19, 2023

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices.

CISO 257

CISO Data breaches Government 257

Schneier on Security

MAY 20, 2024

In 2016, IBM bought Resilient Systems, the startup I was a part of. IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar.

Cybersecurity 279

Cybersecurity 279

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 344

Telecommunications Architecture Mobile Hacking 344

Schneier on Security

JUNE 28, 2019

If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Today is my last day at IBM. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job.

Technology 275

Technology 275

Tech Republic Security

JULY 28, 2020

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

Data privacy 218

Data privacy 218

Schneier on Security

FEBRUARY 26, 2020

in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla.,

259

259

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

215

215

Schneier on Security

JULY 20, 2021

Citizen Lab has been researching and reporting on its actions since 2016. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.” ” This isn’t the first time NSO Group has been in the news.

Hacking 363

Hacking Spyware Manufacturing Software 363

Krebs on Security

JANUARY 8, 2019

Last week, KrebsOnSecurity heard from a reader who’d just purchased a copy of Microsoft Office 2016 Professional Plus from a seller on eBay for less than $4. Let’s call this Red Flag #1, as a legitimately purchased license of Microsoft Office 2016 is still going to cost between $70 and $100.

Software 256

Software Passwords Accountability Web Fraud 256

Troy Hunt

FEBRUARY 25, 2020

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. The last time that happened in 2016, the error rate peaked at about a third of all requests. was there more traffic back then?

Data breaches 275

Data breaches Accountability 275

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising 308

Advertising Cybercrime System Administration Hacking 308

Tech Republic Security

SEPTEMBER 17, 2021

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.

Ransomware 207

Ransomware 207

Schneier on Security

APRIL 19, 2021

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities.

Software 299

Software Hacking 299

Schneier on Security

AUGUST 13, 2020

politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" ­ deliberate attempts to direct moral judgement against their target.

Hacking 250

Hacking Cybersecurity 250

Schneier on Security

NOVEMBER 11, 2022

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

Surveillance 223

Surveillance 223

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016.

Wireless 253

Wireless Manufacturing Encryption Hacking 253

Schneier on Security

NOVEMBER 1, 2018

To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. This is not surprising : This year, I bought two more machines to see if security had improved.

Hacking 257

Hacking 257

Troy Hunt

MAY 15, 2020

Met at the 6th National Pro Bono Conference in Ottawa in September 2016 Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration. — Troy Hunt (@troyhunt) November 15, 2016 So, mark me down for another data breach of my own personal info. It feels like a CRM.

Data breaches 363

Data breaches InfoSec 363

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. They will receive direct inputs from our environment, in all the forms I thought about in 2016. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars.

Internet 322

Internet Internet IoT Banking 322

Krebs on Security

FEBRUARY 5, 2020

Mathew Marulla began leasing a Ford Focus electric vehicle in 2013, but turned the car back in to Ford at the end of his lease in 2016. Out of curiosity, Marulla decided to check if his old MyFordMobile.com credentials from 2016 still worked.

Mobile 309

Mobile Engineering Internet Internet 309

Krebs on Security

MARCH 22, 2021

Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. In 2016, financial reality once again would catch up with the company’s leadership when Norse abruptly ceased operations and was forced to lay off most of its staff. Remember Norse Corp. ,

Surveillance 300

Surveillance Computers and Electronics Internet Internet 300

Schneier on Security

MAY 8, 2019

Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In summary: if we know the version of MS Office of a target system (e.g. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.

Antivirus 254

Antivirus Engineering Malware 254

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 317

IoT DDOS Internet Internet 317

Troy Hunt

FEBRUARY 6, 2020

Chrome 80 has hit and that means breaking changes for a bunch of sites (if you haven't already tested your apps, you really want to do that ASAP) The Adult FriendFinder breach is now in HIBP (this is the 2016 one - the 2015 one is already in there) Sponsored by: Duo. Modern security is evolving beyond the perimeter.

261

261

Krebs on Security

MARCH 10, 2020

Firsov also tweeted about competing in and winning several “capture the flag” hacking competitions, including the 2016 and 2017 CTF challenges at Positive Hack Days (PHDays), an annual security conference in Moscow. Isis’ profile on antichat. ” A Google Translate version of that advertisement is here (PDF).

Accountability 310

Accountability Advertising Hacking Cybercrime 310

Krebs on Security

JULY 7, 2021

” In a blog post , Microsoft’s Security Response Center said it was delayed in developing fixes for the vulnerability in Windows Server 2016 , Windows 10 version 1607 , and Windows Server 2012. “After installing such updates, delegated admin groups like printer operators can only install signed printer drivers.

Backups 356

Backups Software Engineering 356

Schneier on Security

FEBRUARY 2, 2023

In 2016, DARPA ran a similarly styled event for artificial intelligence (AI). In 2016, none of the Cyber Grand Challenge teams used modern machine learning techniques. People train for months. Winning is a big deal. One hundred teams entered their systems into the Cyber Grand Challenge. Some things we can infer.

Artificial Intelligence 317

Artificial Intelligence Technology Software Hacking 317

Adam Levin

FEBRUARY 18, 2019

The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Media 248

Media Technology Government 248

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered.

Firmware 268

Firmware Manufacturing Malware Mobile 268

Joseph Steinberg

NOVEMBER 17, 2021

Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs. ” About Sepio Systems.

Cybersecurity 362

Cybersecurity Artificial Intelligence Government Information Security 362

Troy Hunt

MAY 19, 2024

Every single week since the 23rd of September in 2016 regardless of location, health, stress and all sorts of other crazy things that have gone on in my life for nearly the last 8 years now, I've done a video. This is the 400th time I've sat down in front of the camera and done one of these videos.

Data breaches 253

Data breaches 253

Krebs on Security

JUNE 25, 2019

com — were seen as early as 2016 as distribution points for the Hummer Trojan , a potent strain of Android malware often bundled with games that completely compromises the infected device. com 2016-02-18 ALIBABA CLOUD COMPUTING (BEIJING) CO., At least another five of the domains registered to tosaka1027@gmail.com — 99youx[.]com

Mobile 257

Mobile Technology Manufacturing Malware 257

Schneier on Security

OCTOBER 9, 2019

A botnet attack on German telecommunications company Deutsche Telekom in late 2016 that knocked out about 1 million customers' routers also appears to have come from the data center in Traben-Trarbach, Brauer said.

Telecommunications 232

Telecommunications Marketing Hacking 232

Troy Hunt

JANUARY 20, 2024

— Troy Hunt (@troyhunt) November 15, 2016 Spam lists are the same kettle of fish in that once you learn you're in one, I can't provide you any further info about where it came from and there's no recourse available to you.

Data breaches 257

Data breaches Passwords 257