2019 and Technology - Cyber Security Informer

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

SEPTEMBER 23, 2020

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. Tyler Technologies declined to say how the intrusion is affecting its customers.

Technology

Technology Ransomware Software Government

Intel is Maintaining Legacy Technology for Security Research

Schneier on Security

NOVEMBER 30, 2021

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. After planning began in mid-2018, the Long-Term Retention Lab was up and running in the second half of 2019. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Technology

Technology Engineering Software Cybersecurity

Report on Paragon Spyware

Schneier on Security

MARCH 25, 2025

Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. We also note 2024 warnings sent by Meta to several individuals in the same organizational cluster, including a Paragon victim, suggesting the need for further scrutiny into other surveillance technology deployed against these individuals.

Spyware

Spyware Surveillance Technology

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

OCTOBER 18, 2024

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later). Microsoft has dubbed the flaw “HM Surf.”

Adware

Adware Spyware Mobile Technology

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches

Data breaches Identity Theft Accountability Technology

On Vulnerability-Adjacent Vulnerabilities

Schneier on Security

FEBRUARY 15, 2021

From a MIT Technology Review article : Soon after they were spotted, the researchers saw one exploit being used in the wild. In September 2019, another similar vulnerability was found being exploited by the same hacking group. Microsoft issued a patch and fixed the flaw, sort of.

Technology

Technology Hacking Software

Google Mending Another Crack in Widevine

Krebs on Security

OCTOBER 26, 2020

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney , Hulu and Netflix to prevent their content from being pirated.

Software

Software Technology Mobile Media

Evolving VPN giant: CyberGhost Acquired PIA [2019]

SecureBlitz

APRIL 11, 2024

In a move that could significantly alter the landscape, Kape Technologies, the owner of the popular VPN service CyberGhost, has announced its intention to acquire Private […] The post Evolving VPN giant: CyberGhost Acquired PIA [2019] appeared first on SecureBlitz Cybersecurity.

VPN

VPN Technology Cybersecurity Internet

How the Dark Web enables access to corporate networks

Tech Republic Security

JULY 28, 2021

The number of ads selling access to corporate networks has continued to increase from 2019 to 2020 and into 2021, says Positive Technologies.

Technology

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

FEBRUARY 28, 2020

The commission said it took action in response to a May 2018 story broken by The New York Times , which exposed how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials.

Wireless

Wireless Mobile Technology

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Schneier on Security

JUNE 24, 2022

Nothing in that letter is out of the ordinary, and is in line with what I wrote about blockchain in 2019. But that’s nothing inherent in blockchain technology—that’s just a bunch of bad design choices bitcoin made. But the core technology is absolutely not useless. ” I have yet to see one.

Cryptocurrency

Cryptocurrency Technology Scams Government

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report. While VPNs are a useful way to achieve some privacy online, this report highlights the importance of due diligence when choosing a technology provider.

VPN

VPN Mobile Government Technology

TP-Link faces US national security probe, potential ban on devices

Malwarebytes

DECEMBER 19, 2024

In doing this, TP-Link managed to grow their market share to 60% of the US retail market for WiFi systems and SOHO routersfrom 10% in 2019. Because of TP-Link’s original founding in China, claims have been made of a so-called “Huawei playbook, referring to allegations that Huawei Technologies Co.

Marketing

Marketing Retail Technology Wireless

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

M&A invariably creates technology gaps that bad actor’s prey upon. According to a report from Protenus and DataBreaches.net, over 41 million patient records were breached in 2019, almost tripling healthcare industry breaches from the prior year. Patient data exposures. The data was found for sale on the dark web.

Healthcare

Healthcare Technology Architecture IoT

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. Marrapese documented his findings in more detail here.

IoT

IoT Firewall Manufacturing Computers and Electronics

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

APRIL 29, 2024

The commission said it took action in response to a May 2018 story broken by The New York Times , which exposed how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials.

Wireless

Wireless Mobile Technology

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.”

Hacking

Hacking Cybercrime Advertising Data breaches

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

billion in 2019. Corvus found that while services that scan and filter incoming email for malicious threats can catch many ransomware lures, an estimated 75 percent of healthcare companies do not use this technology. R1 RCM Inc. Formerly known as Accretive Health Inc. Chicago-based R1 RCM brought in revenues of $1.18

Ransomware

Ransomware Healthcare Insurance Phishing

Evaluating the NSA's Telephony Metadata Program

Schneier on Security

AUGUST 12, 2019

Finally, in March 2019 it was reported that the NSA had decided to completely abandon the program and not seek its renewal as it is due to sunset in late 2019. The second emerged in June 2018 when the NSA announced the purging of three years' worth of CDR records for "technical irregularities."

Surveillance

Surveillance Architecture Encryption Technology

National Security Risks of Late-Stage Capitalism

Schneier on Security

MARCH 1, 2021

For a while, in 2019, the update server’s password for SolarWinds’s network management software was reported to be “solarwinds123.” When national security is compromised by high-flying technology companies that fob off cybersecurity risks onto their customers, something similar is at work.

Risk

Risk Government Marketing Software

Cybersecurity for the Public Interest

Schneier on Security

MAY 3, 2019

It's an impassioned debate, acrimonious at times, but there are real technologies that can be brought to bear on the problem: key-escrow technologies, code obfuscation technologies, and backdoors with different properties. Public-interest technology isn't new. We need public-interest technologists.

Cybersecurity

Cybersecurity Technology Government Internet

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

” The FCC tweet also provided a link to the agency’s awareness page on juice jacking , which was originally published in advance of the Thanksgiving Holiday in 2019 but was updated in 2021 and then again shortly after the FBI’s tweet was picked up by the news media. This scam is referred to as juice jacking.”

Mobile

Mobile Software Backups Technology

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

On of the researchers credited — EXPMON — said on Twitter that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.

Software

Software Engineering Internet Internet

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The deal is expected to close in the second half of 2019, pending an antitrust review by the U.S. ”

Banking

Banking Accountability Passwords Technology

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

DECEMBER 2, 2020

The hack was acknowledged by the forum’s current administrator, who assured members that their passwords were protected with a password obfuscation technology that was extremely difficult to crack. OGUsers was hacked at least twice previously, in May 2019 and again in March 2020.

Accountability

Accountability Hacking Scams Media

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

DECEMBER 10, 2020

In 2019, TSYS was acquired by financial services firm Global Payments Inc. But according to Fabian Wosar , chief technology officer at computer security firm Emsisoft , Conti typically only publishes data from victims that refuse to negotiate a ransom payment. NYSE:GPN ]. “We regret any inconvenience this issue may have caused.

Ransomware

Ransomware Financial Services Cyber threats Banking

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

SecureWorld News

OCTOBER 23, 2024

Securities and Exchange Commission (SEC) announced Tuesday that it has fined four companies $7 million for misleading statements about their cybersecurity incidents, particularly concerning the high-profile 2019 SolarWinds hack. Check Point Software Technologies Ltd., Check Point Software Technologies Ltd. Unisys Corp.,

Cybersecurity

Cybersecurity Risk Hacking Software

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

JUNE 27, 2019

based PCM [ NASDAQ:PCMI ] is a provider of technology products, services and solutions to businesses as well as state and federal governments. Sources say PCM discovered the intrusion in mid-May 2019. El Segundo, Calif. PCM has nearly 4,000 employees, more than 2,000 customers, and generated approximately $2.2

Hacking

Hacking Retail Technology Government

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. Salt Typhoon is a China-linked APT group active since at least 2019. In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers.

Mobile

Mobile Telecommunications Data breaches Hacking

MGM Data Breach Ten Times Larger Than Initially Reported

Adam Levin

JULY 15, 2020

The discovery of a database for sale on the dark web suggests the 2019 data breach of MGM Resorts was significantly larger than initially reported. It contains the personal information of more than 142 million guests of MGM hotels, according to technology reporting site ZDNet. million.

Data breaches

Data breaches Cybercrime Accountability Technology

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

JUNE 21, 2021

The ISAC found when it comes to IT systems tied to “operational technology” (OT) — systems responsible for monitoring and controlling the industrial operation of these utilities and their safety features — just 30.5 percent of utilities have identified all IT-networked assets, with an additional 21.7

Hacking

Hacking Accountability Cybersecurity Technology

Tech CEO Sentenced to 5 Years in IP Address Scheme

Krebs on Security

OCTOBER 17, 2023

based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Amir Golestan , the 40-year-old CEO of the Charleston, S.C. Canada, and parts of the Caribbean. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn’t already sold.

Internet

Internet Internet VPN Marketing

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

The Last Watchdog

JULY 10, 2023

Related: Using ‘Big Data’ to improve health and well-being But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law. Optical technology can enable us to control energy consumption so we can support increasing capacity and increasing bandwidth,” Gomi summarizes.

Energy and Utilities

Energy and Utilities Technology Internet Internet

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

The Last Watchdog

AUGUST 12, 2024

This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. AppSec technology security-hardens software at the coding level. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.

Software

Software Technology Mobile Cybersecurity

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

APRIL 15, 2019

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. On Friday, Apr. “A total of 44.4

Insurance

Insurance Healthcare Technology Cyber threats

Ransomware Bites 400 Veterinary Hospitals

Krebs on Security

NOVEMBER 19, 2019

“The support center was scheduled to be closed on Friday Oct 25, 2019 due to poor air quality caused by wildfires to the north,” said the source, who asked to remain anonymous. The technology team continues to set up interim workstations at each affected hospital while they prepare to rebuild servers.”

Ransomware

Ransomware Technology Malware Software

Cybersecurity Firm Imperva Discloses Breach

Krebs on Security

AUGUST 27, 2019

based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of Web-based software applications. Redwood Shores, Calif.-based Earlier today, Imperva told customers that it learned on Aug.

Cybersecurity

Cybersecurity Firewall Passwords Data breaches

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts the making of telemarketing calls through the use of automatic telephone dialing systems and artificial or prerecorded voice messages.

Mobile

Mobile Marketing Consumer Protection Wireless

The Doghouse: Crown Sterling

Schneier on Security

SEPTEMBER 5, 2019

The company sells "TIME AI," "the world's first dynamic 'non-factor' based quantum AI encryption software," "utilizing multi-dimensional encryption technology, including time, music's infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs." Parts of it remain on the Internet.

Encryption

Encryption Artificial Intelligence Healthcare Technology

A Basic Timeline of the Exchange Mass-Hack

Krebs on Security

MARCH 8, 2021

. “We never got a ‘real’ confirmation of the zero-day before the patch was released,” said Dubex’s Chief Technology Officer Jacob Herbst. 2, Microsoft patched four flaws in Exchange Server 2013 through 2019. How long have the vulnerabilities exploited here been around?

Hacking

Hacking Technology Software

Sounding the Alarm on Emergency Alert System Flaws

Krebs on Security

AUGUST 12, 2022

A Digital Alert Systems EAS encoder/decoder that Pyle said he acquired off eBay in 2019. Pyle said he started acquiring old EAS equipment off of eBay in 2019, and that he quickly identified a number of serious security vulnerabilities in a device that is broadly used by states and localities to encode and decode EAS alert signals.

Firmware

Firmware Manufacturing Passwords Software

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. ISO/IEC 27017:2015 – Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Marketing

Marketing InfoSec Risk Technology

Orcus RAT Author Charged in Malware Scheme

Krebs on Security

NOVEMBER 13, 2019

On Monday the Royal Canadian Mounted Police (RCMP) announced it had charged Revesz with operating an international malware distribution scheme under the company name “Orcus Technologies.” “I got raided [and] within the first 5 minutes they mention Orcus to me,” complained one customer on Hackforums[.]net,

Malware

Malware Advertising Marketing System Administration

Microsoft Releases Final Cumulative Update for Exchange Server 2019 – Here’s What’s New in CU15

Penetration Testing

FEBRUARY 11, 2025

Microsoft announced the release of the 2025 H1 Cumulative Update (CU15) for Exchange Server 2019, marking the final The post Microsoft Releases Final Cumulative Update for Exchange Server 2019 Heres Whats New in CU15 appeared first on Cybersecurity News.

Cybersecurity

Cybersecurity Technology

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Intel is Maintaining Legacy Technology for Security Research

Trending Sources

Report on Paragon Spyware

Unauthorized data access vulnerability in macOS is detailed by Microsoft

New Atrium Health data breach impacts 585,000 individuals

On Vulnerability-Adjacent Vulnerabilities

Google Mending Another Crack in Widevine

Evolving VPN giant: CyberGhost Acquired PIA [2019]

How the Dark Web enables access to corporate networks

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

On the Dangers of Cryptocurrencies and the Uselessness of Blockchain

Popular VPNs are routing traffic via Chinese companies, including one with link to military

TP-Link faces US national security probe, potential ban on devices

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

P2P Weakness Exposes Millions of IoT Devices

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Evaluating the NSA's Telephony Metadata Program

National Security Risks of Late-Stage Capitalism

Cybersecurity for the Public Interest

Why is ‘Juice Jacking’ Suddenly Back in the News?

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Credit Union Sues Fintech Giant Fiserv Over Security Claims

Account Hijacking Site OGUsers Hacked, Again

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

Breach at Cloud Solution Provider PCM Inc.

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

MGM Data Breach Ten Times Larger Than Initially Reported

How Cyber Safe is Your Drinking Water Supply?

Tech CEO Sentenced to 5 Years in IP Address Scheme

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency

Experts: Breach at IT Outsourcing Giant Wipro

Ransomware Bites 400 Veterinary Hospitals

Cybersecurity Firm Imperva Discloses Breach

Robocall Legal Advocate Leaks Customer Data

The Doghouse: Crown Sterling

A Basic Timeline of the Exchange Mass-Hack

Sounding the Alarm on Emergency Alert System Flaws

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Orcus RAT Author Charged in Malware Scheme

Microsoft Releases Final Cumulative Update for Exchange Server 2019 – Here’s What’s New in CU15

Stay Connected