Security Affairs

SEPTEMBER 22, 2024

GreyNoise Intelligence firm warns of a mysterious phenomenon observed since January 2020, massive waves of spoofed traffic called Noise Storms. GreyNoise Intelligence has been tracking a mysterious phenomenon since January 2020 consisting of massive waves of spoofed traffic, tracked by the experts as ‘Noise Storms.’

DDOS 140

DDOS Internet Internet Cyber threats 140

Tech Republic Security

OCTOBER 1, 2024

A report from insurer QBE predicts that the world will experience 211 significant cyber attacks this year, marking a 105% increase over four years.

Cyber Attacks 195

Cyber Attacks Insurance Artificial Intelligence 195

Tech Republic Security

APRIL 18, 2024

Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.

Malware 203

Malware Big data Data breaches Ransomware 203

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 309

Hacking Social Engineering Phishing Scams 309

Schneier on Security

FEBRUARY 10, 2021

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019.

Ransomware 335

Ransomware Cryptocurrency 335

Troy Hunt

NOVEMBER 2, 2020

pic.twitter.com/YUJIqgYNXf — Troy Hunt (@troyhunt) November 1, 2020 Beautiful day out! Hope I'm not just jeolous or the Twitter AI — elconas.de (@BugBuster666) November 1, 2020 In my mind I'm hearing this person in his best Ricky Gervais voice grumbling "but I don't f **g like boats"! Just one screen?

Data breaches 346

Data breaches InfoSec Media Technology 346

Troy Hunt

OCTOBER 28, 2020

— NordVPN (@NordVPN) October 23, 2020 Ah, tricky! That and slashed zeros, and maybe a warning popup for URLs visually similar to (but different from) popular ones, would go a long way to mitigate it — Jon (@heeerrresjonny) October 25, 2020 So. That’s how [link] became [link]. — Bartek ?wierczy?ski Poor Googie!

Phishing 361

Phishing Password Management Passwords Internet 361

Krebs on Security

FEBRUARY 9, 2021

Windows Server users also should be aware that Microsoft this month is enforcing the second round of security improvements as part of a two-phase update to address CVE-2020-1472 , a severe vulnerability that first saw active exploitation back in September 2020.

DNS 339

DNS Backups Software Phishing 339

Troy Hunt

JUNE 1, 2020

closed or ia idk | BLM (@pjnkmin) May 31, 2020 Just to be clear: there's not necessarily a direct link between whoever put the video above together and the data now doing the rounds and attribution is tricky once you get a bunch of different people under different accounts and pseudonyms all flying the "Anonymous" banner.

Hacking 364

Hacking Passwords Data breaches Accountability 364

Troy Hunt

AUGUST 7, 2020

link] — Junade Ali (@IcyApril) August 5, 2020 This tweet isn't entirely accurate; it was all Junade's idea and he designed the k-anonymity implementation for HIBP's Pwned Passwords. I asked on Twitter earlier today, and it's, well, extensive: Chromium — Isaac Weaver (@IsaacjWeaver) August 7, 2020 Wordpress.

Passwords 363

Passwords Architecture Data breaches Internet 363

Schneier on Security

NOVEMBER 20, 2020

The attackers extensively use DLL side-loading in this campaign, and were also seen leveraging the ZeroLogon vulnerability that was patched in August 2020. Interesting details about the group’s tactics. News article.

Malware 344

Malware 344

Schneier on Security

FEBRUARY 15, 2021

More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.

Technology 339

Technology Hacking Software 339

Krebs on Security

DECEMBER 14, 2020

released between March 2020 and June 2020.” In its own advisory, FireEye said multiple updates poisoned with a malicious backdoor program were digitally signed with a SolarWinds certificate from March through May 2020, and posted to the SolarWindws update website. HF 5 through 2020.2.1, ”

Hacking 364

Hacking Antivirus Software Accountability 364

Schneier on Security

JANUARY 6, 2022

jump over 2020 (23.6 DuckDuckGo has had a banner year : And yet, DuckDuckGo. The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% That’s big.

Engineering 339

Engineering Internet Internet 339

Krebs on Security

APRIL 6, 2021

Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. 2020) was not in HaveIBeenPwned, but then again Facebook claims to have more than 2.7 A cybercrime forum ad from June 2020 selling a database of 533 Million Facebook users. According to a Jan.

Mobile 360

Mobile Accountability Passwords Authentication 360

Krebs on Security

AUGUST 14, 2020

It’s unclear when the intruders first breached R1’s networks, but the ransomware was unleashed more than a week ago, right around the time the company was set to release its 2nd quarter financial results for 2020. R1 RCM declined to discuss the strain of ransomware it is battling or how it was compromised.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

Schneier on Security

MAY 2, 2024

It banned default passwords in 2018, the law taking effect in 2020. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

Passwords 315

Passwords IoT Manufacturing Telecommunications 315

Schneier on Security

FEBRUARY 4, 2022

Lindsey Graham (R-SC) have re-introduced the EARN IT Act , an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition. Senators have reintroduced the EARN IT Act, requiring social media companies (among others) to administer a massive surveillance operation on their users: A group of lawmakers led by Sen.

Surveillance 330

Surveillance Backups Media Technology 330

Schneier on Security

AUGUST 29, 2023

The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office.

Identity Theft 295

Identity Theft Technology Software 295

Schneier on Security

MARCH 16, 2022

The creation date for the all the weak keys was 2020 or later. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The weak Canon keys are tracked as CVE-2022-26351.

Manufacturing 313

Manufacturing Encryption 313

Schneier on Security

JUNE 15, 2021

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire.

Risk 310

Risk 310

Schneier on Security

APRIL 3, 2024

The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of disclosures about Google’s practices that shed light on how much data the tech giant siphons from its users­—even when they’re in private-browsing mode.

Data collection 305

Data collection 305

Troy Hunt

APRIL 9, 2020

link] — Troy Hunt (@troyhunt) March 31, 2020 And so it is with posts about the dangers of 5G. NagatoDharma) April 2, 2020 I enjoyed Zombieland, but not once did I stop and think "here's a guy who looks like he'd know a thing or two about voltage-gated calcium channel activation exacerbating viral replication". " #COVID?19

Mobile 364

Mobile Media Scams Technology 364

Krebs on Security

APRIL 18, 2022

Conti ravaged the healthcare sector throughout 2020, and leaked internal chats from the Conti ransomware group show the gang had access to more than 400 healthcare facilities in the U.S. alone by October 2020. In June 2021, the HSE’s director general said the recovery costs for that attack were likely to exceed USD $600 million.

Healthcare 317

Healthcare Ransomware Cybersecurity Malware 317

Troy Hunt

JUNE 9, 2021

TB of private data and the first sentence sets the scene: Between 2018 and 2020, a custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.) NordLocker has written about the nameless malware that stole 1.2

Malware 361

Malware 361

Troy Hunt

NOVEMBER 25, 2020

How are you getting around it, or just banning anyone from touching physical switches? :) — Adam Fowler (@AdamFowler_IT) August 13, 2020 Those lights are Atom WiZ Connected RGB LEDs and they talk directly to the Wi-Fi network. We have one over every switch that we don’t want used they come in colors or clear.

IoT 348

IoT Firmware Media Marketing 348

Schneier on Security

JANUARY 5, 2021

The government’s emphasis on election defense, while critical in 2020, may have diverted resources and attention from long-brewing problems like protecting the “supply chain” of software. There is also no indication yet that any human intelligence alerted the United States to the hacking. We know at minimum they had access Oct.

Hacking 338

Hacking System Administration Software Surveillance 338

Schneier on Security

AUGUST 14, 2023

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity. […] The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S.

Hacking 225

Hacking Cybersecurity 225

Krebs on Security

NOVEMBER 22, 2021

billion in losses tied to cybercrime in 2020, and BEC fraud and romance scams alone accounted for nearly 60 percent of those losses. Source: FBI/IC3 2020 Internet Crime Report. percent in 2019 to 33 percent in 2020, according to the National Bureau of Statistics.

Scams 304

Scams Cybercrime Banking Identity Theft 304

Schneier on Security

MAY 3, 2023

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020, but didn’t realize what they detected—and so ignored it. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped.

System Administration 240

System Administration Software Engineering Internet 240

Krebs on Security

MAY 11, 2021

” Another curious bug fixed this month is CVE-2020-24587 , described as a “Windows Wireless Networking Information Disclosure Vulnerability.” You’ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.”

Wireless 316

Wireless Internet Internet Backups 316

Krebs on Security

MARCH 1, 2022

Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 22, 2020, the U.S. By late October 2020, Conti’s network of infected systems had grown to include 428 medical facilities throughout the United States. On Sunday, Feb.

Ransomware 305

Ransomware Healthcare Cybercrime Government 305

Krebs on Security

DECEMBER 18, 2020

7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication.” National Security Agency (NSA) warned on Dec.

Software 362

Software Authentication Hacking Government 362

Troy Hunt

NOVEMBER 22, 2020

link] — Troy Hunt (@troyhunt) April 25, 2020 In my mind, the answer would be simple: "Just buy X, plug it in and you're good to go". pic.twitter.com/miD8WdfUvM — Troy Hunt (@troyhunt) August 26, 2020 What follows is my journey down that very deep, very dark rabbit hole from which I thought I'd never emerge.

IoT 361

IoT Firmware Manufacturing Internet 361