Schneier on Security

JULY 28, 2021

Carriers were caught in 2018 selling real-time location data to brokers , drawing the ire of Congress. The Pillar says it obtained 24 months’ worth of “commercially available records of app signal data” covering portions of 2018, 2019, and 2020, which included records of Grindr usage and locations where the app was used.

Mobile 362

Mobile Advertising Data collection Surveillance 362

Troy Hunt

MARCH 6, 2024

Back in 2018, we started making Have I Been Pwned domain searches freely available to national government cybersecurity agencies responsible for protecting their nations' online infrastructure. Today, we're very happy to welcome Germany as the 35th country to use this service, courtesy of their CERTBund department.

Government 300

Government Data breaches Cybersecurity 300

Krebs on Security

AUGUST 16, 2020

In fact, CVE-2020-1464 was first spotted in attacks used in the wild back in August 2018. The last time that August 2018 file was scanned at VirusTotal (Aug 14, 2020), it was detected as a malicious Java trojan by 28 of 59 antivirus programs. And several researchers informed Microsoft about the weakness over the past 18 months.

Antivirus 358

Antivirus Malware Software 358

Schneier on Security

MAY 2, 2024

It banned default passwords in 2018, the law taking effect in 2020. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

Passwords 315

Passwords IoT Manufacturing Telecommunications 315

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

VPN 360

VPN Passwords Software Telecommunications 360

Schneier on Security

NOVEMBER 30, 2022

Total GDPR fines are over €2 billion (EUR) since 2018. Facebook—Meta—was just fined $276 million (USD) for a data leak that included full names, birth dates, phone numbers, and location. Meta’s total fine by the Data Protection Commission is over $700 million.

260

260

Krebs on Security

JULY 23, 2020

Worse still, the DFS found, the vulnerability was discovered in a penetration test First American conducted on its own in December 2018. But in Wednesday’s filing, the DFS said First American was unable to determine whether records were accessed prior to Jun 2018.

Insurance 327

Insurance Financial Services Penetration Testing Scams 327

Security Affairs

AUGUST 18, 2024

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints.

Architecture 143

Architecture Hacking Risk Information Security 143

Krebs on Security

DECEMBER 1, 2020

“In early 2018, Vaughn demanded 1.5 Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author in 2018 for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

DDOS 264

DDOS Hacking Mobile Encryption 264

Troy Hunt

JUNE 9, 2021

TB of private data and the first sentence sets the scene: Between 2018 and 2020, a custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.) NordLocker has written about the nameless malware that stole 1.2

Malware 361

Malware 361

Krebs on Security

FEBRUARY 4, 2020

The government says Quantum Stresser had more than 80,000 customer subscriptions, and that during 2018 the service was used to conduct approximately 50,000 actual or attempted attacks targeting people and networks worldwide. and international authorities in December 2018 as part of a coordinated takedown targeting attack-for-hire services.

Internet 295

Internet Internet Government Accountability 295

Krebs on Security

SEPTEMBER 14, 2020

Curiously, in May 2018, its WHOIS ownership records switched to a new name with the same initials: one “ Jonathan Bibi ,” with an address in the offshore company haven of Seychelles. Likewise, Mr. Among those is acheterdubitcoin.org , a business that was blacklisted by French regulators in 2018 for promoting cryptocurrency scams.

Scams 345

Scams Cryptocurrency Accountability Technology 345

Adam Levin

FEBRUARY 21, 2020

Travel and hospitality industries have been a frequent target of hackers in recent years, perhaps most notably being the 2018 Marriott data breach that affected 300 million customers. The company has not yet indicated whether it would be providing credit monitoring or identity theft protection to customers affected by the breach.

Data breaches 305

Data breaches Identity Theft Passwords Technology 305

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches 63

Data breaches Accountability Risk Advertising 63

Krebs on Security

APRIL 10, 2020

Most people who who filed a tax return in 2018 and/or 2019 and provided their bank account information for a debit or credit should soon see an Economic Impact Payment direct-deposited into their bank accounts. More importantly, it appears one doesn’t really need to supply one’s AGI in 2018.

Computers and Electronics 355

Computers and Electronics Banking Accountability Scams 355

Schneier on Security

NOVEMBER 30, 2021

After planning began in mid-2018, the Long-Term Retention Lab was up and running in the second half of 2019. The warehouse stores around 3,000 pieces of hardware and software, going back about a decade.

Technology 298

Technology Engineering Software Cybersecurity 298

Schneier on Security

FEBRUARY 13, 2021

This is a follow on, with a lot more detail, to a story Bloomberg reported on in fall 2018. ”) Here’s me in 2018: Supply-chain security is an incredibly complex problem. There’s lots of detail in the article, and I recommend that you read it through. Yes, it’s plausible.

Surveillance 363

Surveillance Internet Internet Government 363

Schneier on Security

JANUARY 25, 2023

We know Cybercom did similar things in 2018 and 2020, and presumably will again in two years. . “We were doing operations well before the midterms began, and we were doing operations likely on the day of the midterms.” ” And they continued until the elections were certified, he said.

Cybersecurity 277

Cybersecurity Hacking 277

Schneier on Security

OCTOBER 13, 2021

It’s a matter of going after those with deep pockets. ” Chhabria continued, “In an effort to more effectively stamp out infringement, the plaintiffs now go after a service common to many of the infringers: Cloudflare.

Retail 308

Retail Manufacturing Internet Internet 308

Schneier on Security

NOVEMBER 5, 2024

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better.

Software 296

Software Artificial Intelligence 296

Schneier on Security

JUNE 8, 2021

A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. In 2018, a 29-country NATO exercise, Trident Juncture , that included cyberweapons was disrupted by Russian GPS jamming. This is just one of many risks to our normal civilian computer supply chains. This is not speculative. weapons systems.

Software 363

Software Cybersecurity Backups Manufacturing 363

Schneier on Security

JANUARY 5, 2024

This is me from 2018 on the potential for quantum cryptanalysis. The number of qubits that Shor’s algorithm requires to factor an n -bit number is proportional to n , while Regev’s algorithm in its original form requires a number of qubits proportional to n 1.5 —a big difference for 2,048-bit numbers.

295

295

Schneier on Security

DECEMBER 30, 2020

The antivirus firm Emsisoft found that the average requested fee has increased from about $5,000 in 2018 to about $200,000 this year. Ransomware is a decades-old idea. Today, it’s increasingly profitable and professional.

Ransomware 265

Ransomware Antivirus 265

Anton on Security

JUNE 17, 2022

For example, in my analyst days, I built a maturity model for a SOC (2018) , a SIEM deployment (2018) and vulnerability management (2017). As security orchestration, automation and response (SOAR) adoption continues at a rapid pace , security operations teams have a greater need for a structured planning approach. The one for SOAR!

Architecture 246

Architecture Technology Phishing 246

Krebs on Security

DECEMBER 16, 2021

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Cryptocurrency 354

Cryptocurrency Mobile Accountability Scams 354

Schneier on Security

OCTOBER 1, 2022

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by —at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions.

Internet 321

Internet Internet 321

Krebs on Security

SEPTEMBER 16, 2021

man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. 2018 , when the FBI joined with law enforcement partners overseas to seize 15 different booter service domains. Charles, Ill.

DDOS 326

DDOS DNS Internet Internet 326

Krebs on Security

AUGUST 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities).

Cryptocurrency 349

Cryptocurrency Malware Mobile Accountability 349

Krebs on Security

JULY 13, 2020

Since its inception in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.” database on RaidForums.

Hacking 354

Hacking Marketing Cybercrime Accountability 354

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.

Cryptocurrency 356

Cryptocurrency Phishing Accountability Cybercrime 356

Schneier on Security

DECEMBER 3, 2020

From a ZDNet article : GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization’s dependency security features and the six package ecosystems supported on the platform across October 1, 2019, to September 30, 2020, and October 1, 2018, to September 30, 2019.

Engineering 317

Engineering Software Cybersecurity 317

Schneier on Security

FEBRUARY 22, 2021

The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March.

Backups 257

Backups Technology Hacking Cybersecurity 257

Schneier on Security

OCTOBER 26, 2023

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018.

Surveillance 306

Surveillance Government Marketing 306

Adam Levin

SEPTEMBER 4, 2020

Bush in the wake of the September 11 attacks, but had been phased out by the NSA between 2018 and 2019 after disuse and technical issues had rendered the data collected unusable. . “[T]he The program was initially started without court authorization under President George W.

Surveillance 260

Surveillance Data collection Government Cybersecurity 260

Krebs on Security

DECEMBER 14, 2022

million attacks between 2018 and 2022, and attracted some 50,000 registered users. million attacks between 2018 and 2022. Colon is suspected of running the booter service securityteam[.]io. He was also charged with conspiracy and CFAA violations. The feds say the SecurityTeam stresser service conducted 1.3

DDOS 328

DDOS Computers and Electronics Internet Internet 328

Krebs on Security

JUNE 21, 2021

He said the percentage of companies that reported already having inventoried all of their IT systems is roughly equal to the number of larger water utilities (greater than 50,000 population) that recently had to certify to the Environmental Protection Agency (EPA) that they are compliant with the Water Infrastructure Act of 2018.

Hacking 343

Hacking Accountability Cybersecurity Technology 343

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. LastPass sent this notification to users earlier this week.

Passwords 304

Passwords Encryption Password Management Cryptocurrency 304