2018 and Risk - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

“We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote. “Before making any public disclosure, I ensured that the affected domain was registered to prevent exploitation, mitigating any risk to MasterCard or its customers. “This typo has now been corrected.”

DNS

DNS Internet Internet Risk

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Security Affairs

DECEMBER 18, 2024

Meta has been fined 251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws. The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. ” reads the press release published by DPC.

Data breaches

Data breaches Accountability Risk Advertising

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. Security Risk Advisors SCALR XDR is both a platform, built on Microsoft Azure and a 247 monitoring service with Microsoft Sentinel. Philadelphia, Pa., Philadelphia, Pa., To learn more: [link].

Risk

Risk Penetration Testing Marketing Technology

On the Catastrophic Risk of AI

Schneier on Security

JUNE 1, 2023

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. Poses ‘Risk of Extinction,’ Industry Leaders Warn.”

Risk

Risk Artificial Intelligence Technology Internet

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

Lets explore the risks associated with Automated Driving. Contrary to the commonly used definition of an [minimal risk condition, (MRC)], which describes only a standstill, this publication expands the definition to also include degraded operation and takeovers by the vehicle operator. million people were seriously injured.

Risk

Risk Architecture Manufacturing Cybersecurity

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN

VPN Authentication Ransomware Risk

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

SecureWorld News

NOVEMBER 17, 2024

A multifaceted regulatory environment The Data Protection Act 2018, implementing the EU's GDPR, imposes significant obligations on organizations to handle personal data responsibly. This can lead to increased compliance costs, operational challenges, and potential reputational risks. of the UK's business population, 5.5

Cybersecurity

Cybersecurity Risk Healthcare Accountability

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Cyber Attacks

Credit Reporting Companies Put Customer Data at Risk

Adam Levin

MAY 19, 2021

In 2018, Experian settled a class-action lawsuit for $22 million. . Follow the three Ms: Minimize your risk: Don’t provide any more information than necessary to third-parties; be especially careful with sensitive data such as your Social Security number. The data included addresses, birthdays, and even Social Security numbers.

Risk

Risk Identity Theft Data breaches VPN

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

The Last Watchdog

MAY 31, 2022

Related: Log4J’s long-run risks. Nucleus launched in 2018 and has grown to over 50 employees. It supplies a unified vulnerability and risk management solution that automates vulnerability management processes and workflows. This kind of thing can be rectified by adopting risk-assessment principles alongside CD/CI.

Risk

Risk Digital transformation Software Technology

AppSec Cali 2018: Izar Tarandach

Adam Shostack

JANUARY 2, 2025

eg, compliance and risk requirements address incomplete requirements) We keep failing in the same way. [no description provided] I'm at the OWASP AppSec Cali event, and while there's now there'll be video , I'm taking notes: Context for the talk What fails during the development process?

Risk

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

The software giant said it learned about the weakness ( CVE-2018-8653 ) after receiving a report from Google about a new vulnerability being used in targeted attacks. “As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said.

Internet

Internet Internet Software Engineering

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. So, even if a company has good intentions, there is still a risk of your genetic data being linked to your personally identifiable information (PII). Data breaches happen to the best companies.

Insurance

Insurance Accountability Risk Data breaches

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

This is just one of many risks to our normal civilian computer supply chains. And since military software is vulnerable to the same cyberattacks as commercial software, military supply chains have many of the same risks. A 2018 GAO report expressed concern regarding the lack of secure and patchable U.S. This is not speculative.

Software

Software Cybersecurity Backups Manufacturing

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

agarwal_mohit) January 5, 2018. I think the URL is right but it seems inaccessible from other countries: [link] — Troy Hunt (@troyhunt) January 9, 2018. Security /= George blocking — Vatsalya Goel (@vatsalyagoel) January 9, 2018. The fix for this risk is HTTP Strict Transport Security or HSTS for short.

Hacking

Hacking Government Encryption Risk

SecureMySocial Issued 5th US Patent For Social Media Security Technology

Joseph Steinberg

DECEMBER 2, 2022

Patent number US 11,438,334 entitled Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security , discloses a robust invention that addresses the risks that posts to social media may pose to businesses and individuals alike. US 10,084,787 – Granted in September of 2018.

Media

Media Technology Artificial Intelligence Risk

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

The General Data Protection Regulation ( GDPR ), enacted in 2018, has set a new standard for data privacy across the European Union (EU). The Growing Risk: Why This Should Concern Global Enterprises As the regulatory environment tightens, global companies must realize that non-compliance with data protection laws can have dire consequences.

Data privacy

Data privacy Risk Surveillance Government

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “The [employee] did not request a waiver or risk acceptance from the CISO.”

Insurance

Insurance Risk Financial Services CISO

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. For the latest updates and resources, visit StopRansomware.gov.

Ransomware

Ransomware IoT Encryption Social Engineering

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Security Affairs

AUGUST 18, 2024

This highlights the significant security risks posed by using small, low-resolution fingerprint sensors. The research demonstrates that these “DeepMasterPrints” can spoof 23% of subjects at a 0.1% false match rate, and up to 77% at a 1% false match rate.

Architecture

Architecture Hacking Risk Information Security

Nearly a Year Later, Mozilla is Still Promoting OneRep

Krebs on Security

FEBRUARY 13, 2025

Launched in 2018 under the name Firefox Monitor , Mozilla Monitor also checks data from the website Have I Been Pwned? When asked to comment on the findings, Mozilla said then that although customer data was never at risk, the outside financial interests and activities of Onerep’s CEO did not align with their values.

Data breaches

Data breaches Marketing Passwords Risk

How and why deepfake videos work — and what is at risk

CSO Magazine

MARCH 18, 2021

Editor's note: This article, originally published in July, 2018, has been updated to more accurately reflect recent trends. Deepfake definition. Deepfakes are fake videos or audio recordings that look and sound just like the real thing.

Risk

Risk Software

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access. The first documented attack against a Sophos facility is the one that targeted Cyberoam in 2018.

Firmware

Firmware Government Firewall Malware

It’s Time for Vendor Security 2.0

Daniel Miessler

SEPTEMBER 17, 2021

They were in 2018—and they still are—but pointing this out always raised the same challenge: Fine, but we have to do something. is the transition from external security checks to internal risk analysis. Let’s add more detail to what we are proposing with Vendor Risk 2.0. Perform Risk Assessment Analysis.

Risk

Risk Software Data breaches Education

Due Diligence That Money Can’t Buy

Krebs on Security

SEPTEMBER 14, 2020

.” When companies wish to link up with investors, what follows involves a legal process known as “due diligence” wherein each side takes time to research the other’s finances, management, and any lurking legal liabilities or risks associated with the transaction.

Scams

Scams Cryptocurrency Accountability Technology

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. This is actually down from five of the Fortune 100 in 2018, the last time KrebsOnSecurity performed this analysis. The CSO or CISO position traditionally has reported to an executive in a technical role, such as the CTO or CIO.

CSO

CSO CISO Insurance Risk

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

SEPTEMBER 9, 2024

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry.

Encryption

Encryption Computers and Electronics Government Security Intelligence

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

The Last Watchdog

JANUARY 20, 2020

To help mitigate the risk of financial losses, more companies are turning to cyber insurance. These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. Lopez Olson What’s more, cyberattacks are one of the risks that can cripple your business the most.

Cyber Insurance

Cyber Insurance Insurance Data breaches Risk

U.S. CISA adds Microsoft.NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 5, 2025

Microsoft.NET Framework Information Disclosure Vulnerability CVE-2018-9276 (CVSS score of 7.2) Paessler PRTG Network Monitor OS Command Injection Vulnerability CVE-2018-19410 (CVSS score of 9.8) The third issue, tracked as CVE-2018-9276, is an OS command injection flaw that impacts PRTG Network Monitor before 18.2.39.

Authentication

Authentication Hacking Cybersecurity Software

How to manage the security risk of remote working

CyberSecurity Insiders

DECEMBER 20, 2021

Businesses that had never even considered letting their teams work from home were suddenly thrust into a sink or swim environment where they simply had to make it work or risk stalling their operations. The post How to manage the security risk of remote working appeared first on Cybersecurity Insiders.

Risk

Risk Identity Theft Digital transformation Data breaches

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

Based on its assessment, it reckons that at least two million Britons are at risk from routers that haven’t been updated since 2016. Most of the routers we looked at hadn’t had a security update since 2018 at the latest, with no guarantee of a new one in the near future. Local network vulnerabilities. Lack of updates.

Risk

Risk Passwords Internet Internet

Adversarial Machine Learning against Tesla's Autopilot

Schneier on Security

APRIL 4, 2019

Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research results on Black Hat USA 2017 and 2018 in a row. In addition, we also found a potential high-risk design weakness of the lane recognition when the vehicle is in Autosteer mode.

Software

Software Risk

Here's Why Your Static Website Needs HTTPS

Troy Hunt

JULY 12, 2018

The rapid adoption has been driven by a combination of ever more visible browser warnings (it was Chrome and Firefox's changes which prompted the aforementioned tipping point post), more easily accessible certificates via both Let's Encrypt and Cloudflare and a growing awareness of the risks that unencrypted traffic presents. Is it needed?

DNS

DNS Wireless Risk Banking

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

JUNE 21, 2021

He said the percentage of companies that reported already having inventoried all of their IT systems is roughly equal to the number of larger water utilities (greater than 50,000 population) that recently had to certify to the Environmental Protection Agency (EPA) that they are compliant with the Water Infrastructure Act of 2018.

Hacking

Hacking Accountability Cybersecurity Technology

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 I believe there’s pent up demand from SMBs for cost-effective services that can reduce the potentially catastrophic cyber risks they face every day. million — damages that would crush most SMBs. I’ll keep watch.

Authentication

Authentication Risk Digital transformation Passwords

The Cybersecurity Dimensions of Web Accessibility

SecureWorld News

JANUARY 27, 2025

In that case, users run the risk of misinterpreting key information, making wrong choices, or unwittingly exposing personally identifiable data. This unintended oversharing fuels risks that could otherwise be mitigated through accessible design. Take privacy settings as an example. This is a long-running story, by the way.

Cybersecurity

Cybersecurity Risk Technology Authentication

IRL Analogies Explaining Digital Concepts are Terrible

Troy Hunt

APRIL 23, 2018

link] — Troy Hunt (@troyhunt) April 19, 2018. — Bradley Geldenhuys (@bradgcoza) April 20, 2018. — Shawn Hartsock (@hartsock) April 20, 2018. — dragosr (@dragosr) April 21, 2018. — Samuel Movi (@samuelmovi) April 20, 2018. — Everything's connected (@oley) April 20, 2018.

Internet

Internet Internet Penetration Testing Hacking

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

JULY 13, 2020

Since its inception in 2018, Data Viper has billed itself as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.” database on RaidForums. 2020 DOJ document.

Hacking

Hacking Marketing Cybercrime Accountability

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Krebs on Security

DECEMBER 14, 2022

million attacks between 2018 and 2022, and attracted some 50,000 registered users. million attacks between 2018 and 2022. in announcing they are now running targeted placement ads to steer those searching for booter services toward a website detailing the potential legal risks of hiring an online attack.

DDOS

DDOS Computers and Electronics Internet Internet

On Robots Killing People

Schneier on Security

SEPTEMBER 11, 2023

In a 2018 trial, a medical robot was implicated in killing Stephen Pettitt during a routine operation that had occurred a few years earlier. and ISO 10218, emphasize inherent safe design, protective measures, and rigorous risk assessments for industrial robots. You get the picture. Those standards, with obscure names such as R15.06

Artificial Intelligence

Artificial Intelligence Technology Risk Government

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Security Affairs

APRIL 22, 2024

World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. World-Check had different owners across the years, it was originally founded as an independent company.

Risk

Risk Spyware Hacking Accountability

Extended Validation Certificates are Dead

Troy Hunt

SEPTEMBER 17, 2018

pic.twitter.com/5DpTbsfNNO — Troy Hunt (@troyhunt) May 15, 2018. pic.twitter.com/iFn98lI4Wq — Troy Hunt (@troyhunt) July 27, 2018. link] — Troy Hunt (@troyhunt) August 24, 2018. — Tony Bradley (@RealTonyBradley) August 24, 2018. — Troy Hunt (@troyhunt) February 24, 2018. Do you know?

Marketing

Marketing Encryption Phishing Banking

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicant’s credit score — the most widely used being the score developed by FICO , previously known as Fair Isaac Corporation. Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Brad Marden , superintendent of cybercrime operations for the Australian Federal Police (AFP), said their investigation into who was behind U-Admin began in late 2018, after Australian citizens began getting deluged with phishing attacks via mobile text messages that leveraged the software.

Phishing

Phishing Scams Banking Mobile

MasterCard DNS Error Went Unnoticed for Years

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Trending Sources

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

On the Catastrophic Risk of AI

Safety and Security in Automated Driving

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Credit Reporting Companies Put Customer Data at Risk

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

AppSec Cali 2018: Izar Tarandach

Microsoft Issues Emergency Fix for IE Zero Day

DNA testing company vanishes along with its customers’ genetic data

Vulnerabilities in Weapons Systems

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

SecureMySocial Issued 5th US Patent For Social Media Security Technology

Increased GDPR Enforcement Highlights the Need for Data Security

First American Financial Pays Farcical $500K Fine

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

Nearly a Year Later, Mozilla is Still Promoting OneRep

How and why deepfake videos work — and what is at risk

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

It’s Time for Vendor Security 2.0

Due Diligence That Money Can’t Buy

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Australia Threatens to Force Companies to Break Encryption

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

U.S. CISA adds Microsoft.NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

How to manage the security risk of remote working

Millions put at risk by old, out of date routers

Adversarial Machine Learning against Tesla's Autopilot

Here's Why Your Static Website Needs HTTPS

How Cyber Safe is Your Drinking Water Supply?

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Cybersecurity Dimensions of Web Accessibility

IRL Analogies Explaining Digital Concepts are Terrible

Breached Data Indexer ‘Data Viper’ Hacked

Six Charged in Mass Takedown of DDoS-for-Hire Sites

On Robots Killing People

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

Extended Validation Certificates are Dead

Scanning for Flaws, Scoring for Security

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Stay Connected