Schneier on Security

JUNE 8, 2021

A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. In 2018, a 29-country NATO exercise, Trident Juncture , that included cyberweapons was disrupted by Russian GPS jamming. This is just one of many risks to our normal civilian computer supply chains. This is not speculative. weapons systems.

Software 364

Software Cybersecurity Backups Manufacturing 364

Security Affairs

AUGUST 18, 2024

Boffins demonstrated the vulnerability of fingerprint recognition systems to dictionary attacks using ‘MasterPrints, ‘which are fingerprints that can match multiple other prints.

Architecture 140

Architecture Hacking Risk Information Security 140

Security Affairs

FEBRUARY 26, 2025

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework.

Data collection 103

Data collection Spyware Media Surveillance 103

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. Improved operational security, including disrupting firewall telemetry to hinder detection and minimize their digital footprint.

Firmware 120

Firmware Government Firewall Malware 120

Krebs on Security

DECEMBER 3, 2018

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. ” Concerned that his own information was similarly exposed, Sheehy contacted Jared parent company Signet Jewelers and asked them to fix the data exposure.

Retail 252

Retail Identity Theft Scams Media 252

Malwarebytes

NOVEMBER 12, 2024

In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. For some people it’s their cheapest chance of finding out whether they are affected by some genetic disorder. In 2020, Ancestry was acquired by investment firm Blackstone for $4.7

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

FEBRUARY 5, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-45195 (CVSS score of 9.8) Microsoft.NET Framework Information Disclosure Vulnerability CVE-2018-9276 (CVSS score of 7.2)

Authentication 64

Authentication Hacking Cybersecurity Software 64

Security Affairs

MARCH 20, 2025

The use of popular instant messaging apps on both mobile and desktop devices broadens the attack surface, creating uncontrolled information exchange channels that bypass security measures. DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Schneier on Security

OCTOBER 13, 2020

“We vigorously protect the privacy of our users while supporting the important work of law enforcement,” Google’s director of law enforcement and information security Richard Salgado told us. ” Here’s another example of what seems to be about data leading to a false arrest.

Surveillance 363

Surveillance Wireless Accountability Architecture 363

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

DECEMBER 4, 2024

Nearly $100M in cryptocurrency was traded on the platform from 2018-2024, with operators taking 1-5% commissions. .” According to the German authorities, Crimenetwork had 100 sellers and 100,000 users, primarily German-speaking.

Cybercrime 113

Cybercrime Cryptocurrency Hacking Internet 113

Security Affairs

APRIL 2, 2025

.” To protect against malware, experts recommend buying smartphones from authorized distributors and installing security solutions like Kaspersky for Android immediately. In March 2018, security researchers at Antivirus firmDr.Web discovered that 42 models of low-cost Android smartphones were shipped with the Android.Triada.231

Malware 100

Malware Cryptocurrency Mobile Firmware 100

Krebs on Security

NOVEMBER 21, 2018

“This is not even Information Security 101, this is Information Security 1, which is to implement access control,” Weaver said. But they seemed to have overlooked this rather glaring security problem. “It seems like the only access control they had in place was that you were logged in at all. .

Accountability 279

Accountability Authentication Identity Theft Advertising 279

Security Affairs

DECEMBER 3, 2024

According to the Gazeta Wyborcza daily, the spyware was used to spy on the phone of Jacek Karnowski, mayor of the city of Sopot, in 2018-2019. The PiS government admitted having used the spyware, but pointed out the Pegasus was never used against political opponents.

Spyware 117

Spyware Government Surveillance Hacking 117

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks.

CSO 241

CSO CISO Insurance Risk 241

The Last Watchdog

JANUARY 6, 2022

Yet, according to the study by the Ponemon Institute, the number of insider leaks has increased by 47 percent in 2020 compared to 2018. But they have more disadvantages than benefits if we talk about ensuring information security. The global threat intelligence market size was estimated at $10.9 billion by 2025.

Marketing 279

Marketing Software Surveillance Information Security 279

Krebs on Security

DECEMBER 6, 2023

The new Network and Information Security Directive (NIS2), which EU member states have until October 2024 to implement, requires registrars to keep much more accurate WHOIS records, and to respond within as little as 24 hours to WHOIS data requests tied everything from phishing, malware and spam to copyright and brand enforcement.

Internet 292

Internet Internet Phishing Scams 292

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom.

Architecture 107

Architecture Internet Internet Malware 107

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software 132

Software Architecture Media Engineering 132

Security Affairs

MAY 30, 2024

ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The experts noticed that a portion of the CVE-2018-4404 exploit is likely borrowed from the Metasploit framework. The flaw resides in WebKit and impacts macOS version 10.13.3

Spyware 136

Spyware Malware Surveillance Mobile 136

Security Affairs

DECEMBER 23, 2024

from April 29, 2018, to May 10, 2020). NSO Group has been requested to provide details regarding the complete functionality of the pertinent spyware, covering the period one year before the alleged attack through one year after the alleged attack (i.e.,

Spyware 108

Spyware Surveillance Software Hacking 108

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance 332

Insurance Risk Financial Services CISO 332

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP.

Passwords 136

Passwords Hacking Information Security 136

Security Affairs

DECEMBER 16, 2024

Development traces back to at least 2018. “As security improvements make zero-click and other remote spyware attacks prohibitively expensive or unfeasible, authorities may increasingly turn to infecting devices with spyware through physical access to a device. At this time, the origin of NoviSpy remains unclear.

Spyware 105

Spyware Surveillance Technology Mobile 105

Security Affairs

DECEMBER 6, 2024

These compromised accounts contained sensitive information on patients and employees, including Social Security numbers, bank account details, access credentials, and treatment/diagnosis information. Affected individuals were notified in September.

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Security Affairs

DECEMBER 26, 2024

The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. The malware maintains persistence using a cron job that downloads a shell script from “hailcocks[.]ru.”

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Security Affairs

DECEMBER 19, 2022

CVE-2018-0125 (CVSS score of 9.8) – A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. .

Wireless 145

Wireless VPN Software Hacking 145

Security Affairs

MARCH 3, 2025

CVE-2018-8639 (CVSS score of 7.8) – an elevation of privilege vulnerability that impacts Windows when the Win32k component fails to properly handle objects in memory. ” reads the advisory. “To exploit this vulnerability, an attacker would first have to log on to the system.

Small Business 59

Small Business Authentication Hacking Accountability 59

Daniel Miessler

SEPTEMBER 29, 2020

SafetyDetectives reports the average cost of a ransomware-caused downtime incident has risen from $46,800 in 2018, to $141,000 in 2019, to $283,800 in 2020. My rough scribble of how ransomware sophistication surpassed our defensive capabilities somewhere around 2018.

Ransomware 246

Ransomware Government Social Engineering Small Business 246

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) X through 3.3.4.

Hacking 133

Hacking Risk Cybersecurity Information Security 133

Krebs on Security

APRIL 14, 2019

The price is € 250 + €500 secure deposit. As security deposit needs to be added ,discount needs to be applied please follow the airbnb link” (which goes to the fake Airbnb page).

Scams 271

Scams Advertising Accountability Phishing 271

Security Affairs

JUNE 17, 2024

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020. 1, 2018, the indictment states.” District Court in Chicago.”

Marketing 129

Marketing Cryptocurrency DDOS Scams 129

Security Affairs

NOVEMBER 1, 2021

A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes. ” explained Vladimir Kononovich, Senior Specialist of ICS Security at Positive Technologies. Both issues received a CVSSv3.0 score of 6.8. ” continues the post.

Hacking 136

Hacking Firmware Encryption Manufacturing 136

Security Affairs

NOVEMBER 18, 2024

In 2018, data breach exposed personal information of up to 2 million customers. In March 2020, threat actors gained access to T-Mobile customers and employee personal info. In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers.

Mobile 113

Mobile Telecommunications Data breaches Hacking 113

Krebs on Security

NOVEMBER 7, 2019

In November 2018, I was honored to give the keynote at a conference held by the Health Information Sharing and Analysis Center (H-ISAC) , a non-profit that promotes the sharing of cyber threat information and best practices in the healthcare sector.

Data breaches 276

Data breaches Healthcare Ransomware Cyber threats 276

Security Affairs

OCTOBER 7, 2021

The threat actors have been targeting the above industries since at least 2018. “Assessments as to the identity of the operators and authors of ShellClient resulted in the identification of a new Iranian threat actor dubbed MalKamak that has operated since at least 2018 and remained publicly unknown thus far.”

Telecommunications 142

Telecommunications Malware Hacking Information Security 142

Security Affairs

MARCH 2, 2024

from April 29, 2018, to May 10, 2020). In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide. In September 2018, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

Spyware 143

Spyware Surveillance Software Architecture 143