Schneier on Security

MARCH 9, 2021

WannaCry was a 2017 cyberattack, based on a NSA-discovered and Russia-stolen-and-published Windows vulnerability. Even if we assume that the report is self-serving to the company that wrote it, and that the statistic is not generally representative, this is still a disaster. The number should be 0%.

Technology 358

Technology Software Malware 358

Krebs on Security

JULY 1, 2021

Equifax’s 2017 megabreach that exposed the personal and financial details of 145.5 million Americans may have shocked the public, but it did little to stop more than a million employers from continuing to sell Equifax their employee payroll data, Bloomberg found in late 2017. Intuit’s FAQ on the changes is here.

Small Business 359

Small Business Financial Services Government Media 359

Schneier on Security

MARCH 4, 2021

Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers. Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe (CVE-2017-0005), and fixed it in a bumper March update. Lots of news articles about this.

System Administration 250

System Administration Government Hacking 250

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 269

Malware Ransomware Authentication 269

Schneier on Security

JUNE 21, 2019

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. That meant the malware could directly tamper with every installed app.

Firmware 266

Firmware Manufacturing Malware Mobile 266

Schneier on Security

FEBRUARY 16, 2021

It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner.

Advertising 296

Advertising Malware 296

Schneier on Security

DECEMBER 7, 2021

Since 2017, someone is running about a thousand — 10% of the total — Tor servers in an attempt to deanonymize the network: Grouping these servers under the KAX17 umbrella, Nusenu says this threat actor has constantly added servers with no contact details to the Tor network in industrial quantities, operating servers in the realm of hundreds (..)

347

347

Schneier on Security

FEBRUARY 10, 2023

A recent example comes from the 2017 Tax Cuts and Jobs Act. companies avoided paying nearly US$200 billion in taxes in 2017 alone. That same 2017 U.S. That 2017 earned income tax bug for military families hasn’t yet been fixed. The 2017 tax law capped income tax deductions for property taxes.

Hacking 241

Hacking Artificial Intelligence Government Software 241

Zero Day

JANUARY 9, 2025

If you have an older MacOS device lying around, why not install Linux to give it a new life?

122

122

Daniel Miessler

MARCH 24, 2021

Related posts: My RSA 2017 Recap. Try not to skip steps, i.e., it’s best to make the move to unique, quality passwords stored in a manager before you add 2FA. Thanks to Troy Hunt, Anton Chuvakin, and Tim Dierks for spawning the idea for this. The Real Internet of Things: Details and Examples.

Authentication 363

Authentication Passwords Internet Internet 363

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack.

Identity Theft 270

Identity Theft Data breaches Data collection Hacking 270

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Cryptocurrency 355

Cryptocurrency Phishing Accountability Cybercrime 355

Penetration Testing

JANUARY 23, 2025

The Qualys Threat Research Unit has unveiled an extensive campaign involving a new variant of the infamous Mirai The post CVE-2024-7029 and CVE-2017-17215 Exploited in Latest Murdoc Botnet Attacks appeared first on Cybersecurity News.

Cybersecurity 54

Cybersecurity Malware 54

Krebs on Security

AUGUST 27, 2019

“On August 20, 2019, we learned from a third party of a data exposure that impacts a subset of customers of our Cloud WAF product who had accounts through September 15, 2017,” wrote Heli Erickson , director of analyst relations at Imperva.

Cybersecurity 253

Cybersecurity Firewall Passwords Data breaches 253

Krebs on Security

MAY 7, 2021

The company’s website says Hempton has been around since 2017, but the domain name was only registered in late November 2020. This 2017 story from New Zealand financial news site interest.co.nz Kulikova deleted Bernard’s former companies from her LinkedIn profile shortly after last year’s series). Hemptonllp[.]com

Scams 301

Scams Cryptocurrency Advertising Marketing 301

Schneier on Security

FEBRUARY 3, 2022

. “Everyone thinks their data is the messiest in the world, and mine maybe is because it’s taken from people who don’t want us to have it, frankly,” said Herrera’s immediate predecessor at the NSA, the computer scientist Deborah Frincke, during a 2017 talk at Stanford.

Big data 285

Big data Surveillance Technology Data collection 285

Schneier on Security

DECEMBER 17, 2020

One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471.

Software 360

Software Passwords Cybercrime Government 360

Schneier on Security

JANUARY 25, 2022

billion in business interruption losses from the Notpetya cyber attack of 2017 which were claimed against “all risks” property re/insurance policies providing coverage for losses resulting from destruction or corruption of computer data and software. Merck suffered US$1.4

Insurance 188

Insurance Cyber Attacks Government Malware 188

Krebs on Security

AUGUST 14, 2020

Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space. R1 RCM declined to discuss the strain of ransomware it is battling or how it was compromised. Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray.

Ransomware 362

Ransomware Healthcare Insurance Phishing 362

Krebs on Security

FEBRUARY 4, 2020

That’s interesting because the article in question was actually a 2017 KrebsOnSecurity story about a mobile app tied to a competing booter service that happened to share some of the same content as Quantum Stresser. Attorney Adam Alexander.

Internet 294

Internet Internet Government Accountability 294

Schneier on Security

DECEMBER 18, 2020

This SAML forgery technique has been known and used by cyber actors since at least 2017.

Authentication 362

Authentication Hacking Accountability Cybersecurity 362

Krebs on Security

JUNE 7, 2022

But these dangerous hoaxes can quickly turn deadly: In March 2019, 26-year-old serial swatter Tyler Barriss was sentenced to 20 years in prison for making a phony emergency call to police in late 2017 that resulted in the shooting death of an innocent Kansas resident.

Cybercrime 318

Cybercrime Internet Internet Web Fraud 318

Krebs on Security

MARCH 8, 2019

In the wake of Equifax’s epic 2017 data breach impacting some 148 million Americans, many people did freeze their credit files at the big three in response. This has been the reality for years, and was so well before Equifax announced its big 2017 breach. Consumers in every U.S. But Equifax has changed a few things since then.

Accountability 276

Accountability Identity Theft Passwords Authentication 276

Joseph Steinberg

DECEMBER 2, 2022

US 9,813,419 – Granted in November of 2017. Those patents, all of which are entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhances Security , bear the following numbers and issue dates: 1. US 9,374,374 – Granted in June of 2016. US 10,771,464 – Granted in September 2020.

Media 267

Media Technology Artificial Intelligence Risk 267

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime 262

Cybercrime DDOS Advertising Hacking 262

Schneier on Security

JUNE 25, 2020

Back in 2017, I catalogued nineteen security and privacy guideline documents for the Internet of Things. We hope that our work provides a basis for the community to build on in order to better understand best practices, identify and reach consensus on specific practices, and then find ways to motivate relevant stakeholders to follow them.

IoT 253

IoT Manufacturing Internet Internet 253

Krebs on Security

NOVEMBER 8, 2020

Homicide detectives said they originally thought the man found June 14, 2017 in a torched SUV on a logging road in Squamish, British Columbia was a local rock climber known to others in the area as a politically progressive vegan named Jesse James. in 1999, according to news reports. Davis Wolfgang Hawke.

Banking 358

Banking Government Technology 358

The Hacker News

MAY 7, 2024

A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017. Alexander Vinnik, 44, was charged in January 2017 and taken into custody in Greece in July 2017. He was subsequently extradited to the U.S. in August 2022.

Cryptocurrency 113

Cryptocurrency 113

Krebs on Security

JANUARY 22, 2025

This is interesting given a comment on Caturegli’s LinkedIn post from an ex-Cloudflare employee who linked to a report he co-authored on a similar typo domain apparently registered in 2017 for organizations that may have mistyped their AWS DNS server as “ awsdns-06.ne ne ” instead of “ awsdns-06.net.”

DNS 350

DNS Internet Internet Risk 350

Troy Hunt

NOVEMBER 22, 2019

For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo data breach which exposed 126M accounts, one of which was my own.

Data breaches 360

Data breaches Technology Software Accountability 360

Krebs on Security

JULY 20, 2021

Levashov was arrested in 2017 while in Barcelona, Spain with his family. According to a lengthy April 2017 story in Wired.com , he got caught because he violated a basic security no-no : He used the same log-in credentials to both run his criminal enterprise and log into sites like iTunes.

Antivirus 328

Antivirus Cybercrime Identity Theft Scams 328

Adam Shostack

JANUARY 2, 2025

[no description provided] (Today) Wednesday, May 24th, 2017 at 1:00 PM EDT (17:00:00 UTC), Chris Wysopal and I are doing a SANS webcast, " Choosing the Right Path to Application Security." I'm looking forward to it, and hope you can join us!

130

130

The Hacker News

MARCH 15, 2024

Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. The approach combines speculative execution and race conditions.

Architecture 139

Architecture 139

Krebs on Security

MARCH 9, 2023

That Facebook profile is no longer active, but back in January 2017, the administrator of WorldWiredLabs posted that he was considering adding certain Android mobile functionality to his service. ’s Companies House shows that in 2017 Mr. Zanko became an officer in a company called Godbex Solutions LTD.

DNS 284

DNS Cybercrime Passwords Accountability 284

Adam Shostack

JANUARY 2, 2025

Unfiltered Fervor: The Rush to Get Off the Water Grid , Nellie Bowles, NYTimes, Dec 29, 2017.) People dont even realize that because all their waters dead, so they never see it turn green. So those things turning the water green? Apparently, not bugs, but features. Features.

130

130

Schneier on Security

AUGUST 21, 2023

China has been doing this every year since 2017.) I was a big fan of DARPA’s AI capture-the-flag event in 2016 , and am happy to see that DARPA is again inciting research in this area.

Cybersecurity 206

Cybersecurity Small Business Government Software 206

Krebs on Security

APRIL 7, 2022

The other indictment named Russians affiliated with a skilled hacking group known as “Triton” or “Trisis,” which infected a Saudi oil refinery with destructive malware in 2017, and then attempted to do the same to U.S. energy facilities. and international companies and entities, including U.S. ” HYDRA. .

Marketing 281

Marketing Energy and Utilities Malware Ransomware 281