2018, Internet and Risk - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. “We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote.

DNS

DNS Internet Internet Risk

On the Catastrophic Risk of AI

Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”

Risk

Risk Artificial Intelligence Technology Internet

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. There was another warning from the U.S.

Software

Software Risk Artificial Intelligence Cyber Attacks

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN

VPN Authentication Ransomware Risk

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

Internet

Internet Internet Software Engineering

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). W3Techs’ June 2018 survey shows that 35 percent of the top 10 million websites have adopted it. Related: How PKI can secure IoT.

Internet

Internet Internet Encryption Authentication

Browser Extensions: Are They Worth the Risk?

Krebs on Security

SEPTEMBER 5, 2018

From their post: “On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, For its part, Google tries to communicate the potential risk of extensions using three “alert” levels: Low, medium and high, as detailed in the screenshot below.

Risk

Risk Hacking Software Phishing

Internet Security Threats at the Olympics

Schneier on Security

FEBRUARY 12, 2018

The so-called Fancy Bear group, or APT28, began its operations in late 2017 -- according to Trend Micro and Threat Connect , two private cybersecurity firms -- eventually publishing documents in 2018 outlining the political tensions between IOC officials and World Anti-Doping Agency (WADA) officials who are policing Olympic athletes.

Internet

Internet Internet Cyber Attacks DDOS

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

The Last Watchdog

MAY 31, 2022

Related: Log4J’s long-run risks. Nucleus launched in 2018 and has grown to over 50 employees. It supplies a unified vulnerability and risk management solution that automates vulnerability management processes and workflows. This kind of thing can be rectified by adopting risk-assessment principles alongside CD/CI.

Risk

Risk Digital transformation Software Technology

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Malwarebytes

JUNE 3, 2022

Welcome to Internet Safety Month, a once-a-year event in which you, the public, are told that anywhere between three and 30 different best practices will simplify your approach to staying safe online. This year, then, for Internet Safety Month, we’re packaging our advice a little differently. Don’t make it easy for criminals.

Internet

Internet Internet Scams Passwords

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. Develop and test ransomware response plans.

Ransomware

Ransomware IoT Encryption Social Engineering

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. 13, 2018 bomb threat hoax.

DNS

DNS Internet Internet Computers and Electronics

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

“The risk level should be regarded as high: in some cases, an attack can be performed just by using a mobile phone. ” Between 2018 and 2019 the researchers assessed 28 telecom operators in Europe, Asia, Africa, and South America and verifies the presence of the vulnerabilities in the GTP protocol. Pierluigi Paganini.

Mobile

Mobile Internet Internet Advertising

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. This is just one of many risks to our normal civilian computer supply chains. A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. This is not speculative.

Software

Software Cybersecurity Backups Manufacturing

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

a consumer watchdog in the UK, recently released its findings about routers issued by UK Internet Service Providers (ISPs). Based on its assessment, it reckons that at least two million Britons are at risk from routers that haven’t been updated since 2016. Local network vulnerabilities. Lack of updates. For more steps to take, Which?

Risk

Risk Passwords Internet Internet

The Cybersecurity Dimensions of Web Accessibility

SecureWorld News

JANUARY 27, 2025

Today, the internet is the glue for areas like communication, commerce, healthcare, entertainment, and pretty much everything in between. In that case, users run the risk of misinterpreting key information, making wrong choices, or unwittingly exposing personally identifiable data. Take privacy settings as an example.

Cybersecurity

Cybersecurity Risk Technology Authentication

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

As of 2018, more than 2 million people were working abroad for U.S. International workforces can be an excellent way to find top talent, but they can introduce unique security risks. Similarly, different nations exercise varying amounts of authority over internet traffic. Restricted Internet Access. Government Monitoring.

Internet

Internet Internet Government Risk

New Book Coming in September: "Click Here to Kill Everybody"

Schneier on Security

JANUARY 5, 2018

My next book is still on track for a September 2018 publication. Risks are Becoming Catastrophic. What a Secure Internet+ Looks Like 8. How We Can Secure the Internet+ 9. How to Engender Trust on the Internet+. I'm using the word "Internet+," and I'm not really happy with it. Norton is still the publisher.

Internet

Internet Internet Government Authentication

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Cyber Risk

Cyber Risk Risk Financial Services Banking

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Krebs on Security

DECEMBER 14, 2022

million attacks between 2018 and 2022, and attracted some 50,000 registered users. million attacks between 2018 and 2022. The Justice Department says its trying to impress upon people that even buying attacks from DDoS-for-hire services can land Internet users in legal jeopardy. sx ; and Shamar Shattock , 19, of Margate, Fla.,

DDOS

DDOS Computers and Electronics Internet Internet

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

IRL Analogies Explaining Digital Concepts are Terrible

Troy Hunt

APRIL 23, 2018

As expected, the internet responded with much hilarity because no-way, no-how are any of the analogies in that video even remotely equivalent to digital piracy: And even if they were - even if you could directly compare the way both a movie and a car can be illegally obtained then yes, of course people would do it! With no malicious intent?

Internet

Internet Internet Penetration Testing Hacking

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

Russia successfully disconnected from the internet. Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. One of them is checking the integrity and security of the Internet as a result of external negative influences.”

Internet

Internet Internet DNS Surveillance

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill.

Risk

Risk Cyber Risk Cyber threats Banking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The security breach poses a major national security risk. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” China has long targeted global internet service providers and recent attacks are aligned with past operations linked to Beijing.

Mobile

Mobile Telecommunications Data breaches Hacking

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

” New York City-based cyber intelligence firm Flashpoint said the Snatch ransomware group was created in 2018, based on Truniger’s recruitment both on Russian language cybercrime forums and public Russian programming boards. ” In at least some of those recruitment ads — like one in 2018 on the forum sysadmins[.]ru

Ransomware

Ransomware Accountability Cybercrime Backups

Qualys Automates Ransomware Risk Assessment

eSecurity Planet

OCTOBER 8, 2021

Qualys this week launched a new Ransomware Risk Assessment Service that’s designed to help enterprises understand their potential exposure to ransomware and automate the process of patching any associated vulnerabilities or misconfigurations. CVE-2018-12808. August 2018. Qualys Ransomware Risk Assessment dashboard.

Ransomware

Ransomware Risk Backups Software

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 I believe there’s pent up demand from SMBs for cost-effective services that can reduce the potentially catastrophic cyber risks they face every day. million — damages that would crush most SMBs. I’ll keep watch.

Authentication

Authentication Risk Digital transformation Passwords

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

JUNE 15, 2021

nl — circa October 2018. “On top of the password re-use, the data shows a great insight into her professional and personal Internet usage,” Holden wrote in a blog post on Witte’s arrest. ” According to the DOJ, Witte had access to Trickbot for roughly two years between 2018 and 2020.

Cybercrime

Cybercrime Ransomware Passwords Banking

Photos of kids taken from spyware-ridden phones found exposed on the internet

Malwarebytes

JUNE 16, 2022

And TheTruthSpy is hardly the first of its kind to put kids’ data at risk. In 2018, a hacker going by the initials L.M. The post Photos of kids taken from spyware-ridden phones found exposed on the internet appeared first on Malwarebytes Labs. Not its first rodeo.

Spyware

Spyware Internet Internet Marketing

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

Security Affairs

DECEMBER 27, 2018

Security firm Group-IB has estimated that the market volume of illegal online sales of alcohol in Russia exceeded 30 million USD in 2018, i.e. almost 5.8 The intoxicating Internet. As a result, criminals earned around 30 million USD in 2018, i.e. 23% more than the year before. million USD (+23%) more than in 2017.

Marketing

Marketing Advertising Manufacturing Retail

This Simple Hack Could Tank Your Business

Adam Levin

JULY 24, 2020

In 2018, security researchers discovered a perfect copy of Reddit.com, one of the five most-visited sites online, under the domain name Reddit.co (.co The risk posed by this sort of hack on a business’s reputation is also worth noting. As in virtually every cyber risk, one path to risk mitigation here is education and training.

Hacking

Hacking Phishing Risk Accountability

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Security Affairs

AUGUST 28, 2018

According to the threat intelligence firm Volexity, the CVE-2018-11776 vulnerability is already being abused in malicious attacks in the wild. Just yesterday I wrote about the availability online of the exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2.

Architecture

Architecture Cryptocurrency Advertising Wireless

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

Internet address, and there’s a good chance you’ll see a paid ad show up on the first page of results warning that using such services to attack others online is illegal. “Law enforcement activity does not act as a deterrent, as individuals consider cyber crime to be low risk,” the NCA report found.

Cybercrime

Cybercrime DDOS Advertising Hacking

Swedish court suspended the ban on Huawei equipment

Security Affairs

NOVEMBER 12, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Wireless

Wireless Internet Internet Manufacturing

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Mobile

Mobile Manufacturing Internet Internet

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

The Last Watchdog

JUNE 1, 2022

In order to extract value from the Internet, data sprawl first must get reined in. Concentric got its start in 2018 to help companies solve data sprawl — from the data security and governance perspective – and has grown to 50 employees, with $22 million in venture capital backing. This has always been the case.

Unstructured Data

Unstructured Data Government Internet Internet

Aussie Telcos are Failing at Some Fundamental Security Basics

Troy Hunt

MARCH 27, 2018

pic.twitter.com/KiaGNKhaig — Troy Hunt (@troyhunt) March 1, 2018. I'm like yo my credit cards and financial information your entering into this internet system isn't even fully encrypted. pic.twitter.com/NphRX2dnCv — Geoffrey Huntley (@GeoffreyHuntley) March 27, 2018. No video recording or photos needed.

Passwords

Passwords Banking Mobile Telecommunications

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

is pushing its allies for banning Huawei, ZTE and other Chinese companies, Washington highlighted the risks for national security in case of adoption of Huawei equipment and is urging internet providers and telco operators in allied countries to ban Chinese firms.

Wireless

Wireless Internet Internet Advertising

RSAC Fireside Chat: AT&T, WillJam Ventures partner to launch new MSSP — LevelBlue

The Last Watchdog

MAY 7, 2024

Our job at Level Blue is to manage and mitigate these risks while supporting our clients’ growth and innovation while acting as a strategic extension of your team,” Lanowitz told me For a full drill down, please give the accompanying podcast a listen. AT&T Cybersecurity has long catered to large and mid-market enterprises.

Marketing

Marketing Cyber Risk Risk Cybersecurity

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

The Last Watchdog

JANUARY 9, 2024

The market has also grown by 1,600% since 2018 , displaying an interest that shows no signs of slowing. Improving best practices Cybersecurity training entails teaching the procedures for mitigating and addressing risks to computer systems. Research suggests there will be over 1.7

Technology

Technology Cybersecurity Risk Mobile

Experts Urge Rapid Patching of ‘Struts’ Bug

Krebs on Security

AUGUST 23, 2018

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. The vulnerability affects all supported versions of Struts 2. Users of Struts 2.3

Software

Software Internet Internet Risk

MasterCard DNS Error Went Unnoticed for Years

On the Catastrophic Risk of AI

Webinars

Trending Sources

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Webinars

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Microsoft Issues Emergency Fix for IE Zero Day

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

Browser Extensions: Are They Worth the Risk?

Internet Security Threats at the Olympics

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

Internet Safety Month: Avoiding the consequences of unsafe Internet practices

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Vulnerabilities in Weapons Systems

Millions put at risk by old, out of date routers

The Cybersecurity Dimensions of Web Accessibility

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

New Book Coming in September: "Click Here to Kill Everybody"

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

IRL Analogies Explaining Digital Concepts are Terrible

RuNet – Russia successfully concluded tests on its Internet infrastructure

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

A Closer Look at the Snatch Data Ransom Group

Qualys Automates Ransomware Risk Assessment

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

How Does One Get Hired by a Top Cybercrime Gang?

Photos of kids taken from spyware-ridden phones found exposed on the internet

Market volume of illegal online sales of alcohol exceeded 30 million USD in 2018 in Russia

This Simple Hack Could Tank Your Business

Scanning for Flaws, Scoring for Security

A Deep Dive Into the Residential Proxy Service ‘911’

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

UK Ad Campaign Seeks to Deter Cybercrime

Swedish court suspended the ban on Huawei equipment

Belgium telecom operators Proximus and Orange drop Huawei

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

Aussie Telcos are Failing at Some Fundamental Security Basics

Sweden bans Huawei and ZTE from building its 5G infrastructure

RSAC Fireside Chat: AT&T, WillJam Ventures partner to launch new MSSP — LevelBlue

GUEST ESSAY: The case for using augmented reality (AR) and virtual reality (VR) to boost training

Experts Urge Rapid Patching of ‘Struts’ Bug

Stay Connected