Schneier on Security

JANUARY 16, 2024

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.

301

301

Krebs on Security

MAY 18, 2020

” From 2013 to 2016, upO was a major player on Exploit[.]in For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. For roughly one year beginning in 2016, Lebron was a top moderator on Exploit. in in late 2016, complaining that RedBear was refusing to pay a debt owed to him.

Malware 352

Malware Cybercrime Ransomware Marketing 352

Schneier on Security

MAY 3, 2024

TEDxPSU 2010: “ Reconceptualizing Security ” TEDxCambridge 2013: “ The Battle for Power on the Internet ” TEDMed 2016: “ Who Controls Your Medical Data ?” I have spoken at several TED conferences over the years. ” I’m putting this here because I want all three links in one place.

Internet 291

Internet Internet 291

Lohrman on Security

JULY 25, 2021

Vincent Hoang became the CISO in Hawaii in 2016. In this interview, Vince shares his journey and cyber priorities in protecting the Aloha State, particularly among the challenges presented by COVID-19.

CISO 297

CISO Government Cybersecurity 297

Schneier on Security

JANUARY 11, 2021

In 2016, WhatsApp gave users a one-time ability to opt out of having account data turned over to Facebook. If you’re a WhatsApp user, pay attention to the changes in the privacy policy that you’re being forced to agree with. Now, an updated privacy policy is changing that. Come next month, users will no longer have that choice.

Data collection 358

Data collection Accountability 358

Krebs on Security

FEBRUARY 4, 2025

to , and vDOS , a DDoS-for-hire service that was shut down in 2016 after its founders were arrested. According to the cyber intelligence firm Intel 471 , a user named Finndev registered on multiple cybercrime forums, including Raidforums [ seized by the FBI in 2022 ], Void[.]to The email address used for those accounts was f.grimpe@gmail.com.

eCommerce 206

eCommerce Cybercrime Accountability Passwords 206

Krebs on Security

JULY 18, 2022

The 911 user interface, as it existed when the service first launched in 2016. net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. .

VPN 352

VPN Computers and Electronics Antivirus Software 352

Penetration Testing

APRIL 10, 2025

Yesterday, we reported that the April 2025 cumulative security update KB5002700 for Microsoft Office 2016 has triggered widespread application crashes. Initially, it was assumed that Microsoft would resolve the […] The post Microsoft Releases Emergency Fix for Office 2016 Update Crashes appeared first on Daily CyberSecurity.

Cybersecurity 69

Cybersecurity Technology 69

Schneier on Security

OCTOBER 19, 2023

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the company’s data security and privacy practices.

CISO 271

CISO Data breaches Government 271

Schneier on Security

MAY 20, 2024

In 2016, IBM bought Resilient Systems, the startup I was a part of. IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar.

Cybersecurity 293

Cybersecurity 293

Schneier on Security

OCTOBER 22, 2021

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures.

Telecommunications 359

Telecommunications Architecture Mobile Hacking 359

Krebs on Security

MARCH 11, 2025

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016. Although still used by millions, security support for these products ended more than a year ago, and mainstream support ended years ago.

System Administration 225

System Administration Engineering Internet Internet 225

Security Affairs

OCTOBER 15, 2024

released in 2016.” Most websites have been or will soon be automatically updated to the latest version. “During an internal security audit, we found a vulnerability with the Contact Form feature in Jetpack ever since version 3.9.9, ” reads the advisory.

Hacking 126

Hacking 126

Schneier on Security

JUNE 28, 2019

If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Today is my last day at IBM. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job.

Technology 279

Technology 279

Schneier on Security

FEBRUARY 26, 2020

in June 2016 and of the November 2016 attack at Ohio State University by a man who drove his car into people and slashed at them with a machete. The report cited two investigations in which the National Security Agency produced reports derived from the program: its analysis of the Pulse nightclub mass shooting in Orlando, Fla.,

273

273

Krebs on Security

JANUARY 8, 2019

Last week, KrebsOnSecurity heard from a reader who’d just purchased a copy of Microsoft Office 2016 Professional Plus from a seller on eBay for less than $4. Let’s call this Red Flag #1, as a legitimately purchased license of Microsoft Office 2016 is still going to cost between $70 and $100.

Software 275

Software Passwords Accountability Web Fraud 275

Troy Hunt

FEBRUARY 25, 2020

Back in 2016, I wrote a blog post about the Martin Lewis Money show featuring HIBP and how it drove an unprecedented spike of traffic to the service, ultimately knocking it offline for a brief period of time. The last time that happened in 2016, the error rate peaked at about a third of all requests. was there more traffic back then?

Data breaches 291

Data breaches Accountability 291

Schneier on Security

APRIL 19, 2021

The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security. Azimuth specialized in finding significant vulnerabilities.

Software 324

Software Hacking 324

Schneier on Security

OCTOBER 5, 2023

Countries trying to influence each other’s elections entered a new era in 2016, when the Russians launched a series of social media disinformation campaigns targeting the US presidential election. Every US national election from 2016 has brought with it an additional country attempting to influence the outcome.

Media 326

Media Artificial Intelligence Accountability Internet 326

Schneier on Security

NOVEMBER 11, 2022

Here in 2022, we have a newly declassified 2016 Inspector General report—”Misuse of Sigint Systems”—about a 2013 NSA program that resulted in the unauthorized (that is, illegal) targeting of Americans. Given all we learned from Edward Snowden, this feels like a minor coda.

Surveillance 240

Surveillance 240

Tech Republic Security

JULY 8, 2021

Patches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.

216

216

Schneier on Security

AUGUST 13, 2020

politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the "simulation of scandal" ­ deliberate attempts to direct moral judgement against their target.

Hacking 266

Hacking Cybersecurity 266

Krebs on Security

JUNE 22, 2022

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “ Stanx ,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator. ” the post enthuses.

Advertising 320

Advertising Cybercrime System Administration Hacking 320

Tech Republic Security

SEPTEMBER 17, 2021

Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.

Ransomware 215

Ransomware 215

Security Affairs

NOVEMBER 24, 2024

PopeyeTools was a dark web marketplace specializing in selling stolen credit cards and cybercrime tools, facilitating fraud and illicit online activities since 2016. The defendants are charged with conspiracy to commit access device fraud, trafficking access devices, and solicitation of another person to offer access devices.

Cybercrime 127

Cybercrime Cryptocurrency Banking Accountability 127

Schneier on Security

MARCH 3, 2020

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016.

Wireless 269

Wireless Manufacturing Encryption Hacking 269

Krebs on Security

JULY 26, 2023

.” In December 2021, Bloomberg reported that Sachkov was alleged to have given the United States information about the Russian “ Fancy Bear ” operation that sought to influence the 2016 U.S. Fancy Bear is one of several names (e.g., presidential election.

Cybersecurity 234

Cybersecurity Cybercrime Media Hacking 234

Schneier on Security

MAY 8, 2019

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government.

Hacking 256

Hacking Government 256

Krebs on Security

MARCH 22, 2021

Norse imploded rather suddenly in 2016 following a series of managerial missteps and funding debacles. In 2016, financial reality once again would catch up with the company’s leadership when Norse abruptly ceased operations and was forced to lay off most of its staff. Remember Norse Corp. ,

Surveillance 328

Surveillance Computers and Electronics Internet Internet 328

Krebs on Security

FEBRUARY 5, 2020

Mathew Marulla began leasing a Ford Focus electric vehicle in 2013, but turned the car back in to Ford at the end of his lease in 2016. Out of curiosity, Marulla decided to check if his old MyFordMobile.com credentials from 2016 still worked.

Mobile 335

Mobile Engineering Internet Internet 335

Troy Hunt

MAY 15, 2020

Met at the 6th National Pro Bono Conference in Ottawa in September 2016 Met on 15-17 October 2001 in Vancouver for the Luscar/Obed/Coal Valley arbitration. — Troy Hunt (@troyhunt) November 15, 2016 So, mark me down for another data breach of my own personal info. It feels like a CRM.

Data breaches 363

Data breaches InfoSec 363

Security Boulevard

OCTOBER 31, 2024

Cyberattacks during the 2016 U.S. presidential election exposed vulnerabilities in voter databases across 21 states, marking a stark warning about the fragility of our electoral systems. The post Defending Democracy From Cyber Attacks in 2024 appeared first on Security Boulevard.

Cyber Attacks 72

Cyber Attacks Security Awareness Cybersecurity 72

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT 345

IoT DDOS Internet Internet 345

Krebs on Security

MARCH 10, 2020

Firsov also tweeted about competing in and winning several “capture the flag” hacking competitions, including the 2016 and 2017 CTF challenges at Positive Hack Days (PHDays), an annual security conference in Moscow. Isis’ profile on antichat. ” A Google Translate version of that advertisement is here (PDF).

Accountability 342

Accountability Advertising Hacking Cybercrime 342

Schneier on Security

MAY 8, 2019

Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In summary: if we know the version of MS Office of a target system (e.g. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.

Antivirus 268

Antivirus Engineering Malware 268

Schneier on Security

DECEMBER 15, 2023

In 2016, I wrote about an Internet that affected the world in a direct, physical manner. They will receive direct inputs from our environment, in all the forms I thought about in 2016. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars.

Internet 323

Internet Internet IoT Banking 323

Security Affairs

APRIL 2, 2025

The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab who considered it the most advanced mobile threat seen to the date of the discovery. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware 118

Malware Cryptocurrency Mobile Firmware 118