2020, Authentication and Internet - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. Caturegli said the domains all resolve to Internet addresses at Microsoft.

DNS

DNS Internet Internet Risk

Microsoft Patch Tuesday, August 2020 Edition

Krebs on Security

AUGUST 11, 2020

The most concerning of these appears to be CVE-2020-1380 , which is a weaknesses in Internet Explorer that could result in system compromise just by browsing with IE to a hacked or malicious website. More information on CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available here.

Backups

Backups Internet Internet Malware

Microsoft Patch Tuesday, April 2020 Edition

Krebs on Security

APRIL 14, 2020

Near the top of the heap is CVE-2020-1020 , a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks. Further reading: Qualys breakdown on April 2020 Patch Tuesday. SANS Internet Storm Center on Patch Tuesday.

Backups

Backups Software Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Microsoft Patch Tuesday, Sept. 2020 Edition

Krebs on Security

SEPTEMBER 8, 2020

The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication.

Software

Software Backups Authentication Internet

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

JANUARY 13, 2020

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. Equally concerning, a flaw in crypt32.dll

Internet

Internet Internet Software Media

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet. We spoke at RSA 2020.

Authentication

Authentication Cloud Migration Accountability Digital transformation

No, I Won't Link to Your Spammy Article

Troy Hunt

APRIL 6, 2020

The Ultimate Tor Browser Guide for 2020 The Best VPN for China 2020 How to know if someone is watching you on your camera 5 Ways to Stay Protected from Advanced Phishing Threats How to Access Windows Remote Desktop Over the Internet What We Need To Know About Bluetooth Security The Best Internet Browser for 2020 Two-Factor Authentication: ?What

Advertising

Advertising Internet Internet VPN

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Security Affairs

FEBRUARY 27, 2020

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. ” reported BleepingComputer.

Internet

Internet Internet Authentication Advertising

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking

Hacking Social Engineering Phishing Scams

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. 2020) was not in HaveIBeenPwned, but then again Facebook claims to have more than 2.7 A cybercrime forum ad from June 2020 selling a database of 533 Million Facebook users. According to a Jan.

Mobile

Mobile Accountability Passwords Authentication

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Security Affairs

OCTOBER 16, 2020

The Tripwire VERT security team spotted almost 800,000 SonicWall VPN appliances exposed online that are vulnerable to the CVE-2020-5135 RCE flaw. Security experts from the Tripwire VERT security team have discovered 795,357 SonicWall VPN appliances that were exposed online that are vulnerable to the CVE-2020-5135 RCE flaw.

VPN

VPN Firewall Advertising Internet

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Security Affairs

MARCH 16, 2020

Organizations are delaying in patching Microsoft Exchange Server flaw (CVE-2020-0688) that Microsoft fixed with February 2020 Patch Day updates. Organizations are delaying in patching Microsoft Exchange Server flaw ( CVE-2020-0688 ) that Microsoft fixed with February 2020 Patch Day updates. Pierluigi Paganini.

Advertising

Advertising Authentication Internet Internet

Announcing the winners of the 2020 GCP VRP Prize

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large.

Engineering

Engineering Accountability Authentication Internet

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

“In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting — with the end goal of monetizing the access.” authenticate the phone call before sensitive information can be discussed.

VPN

VPN Social Engineering Authentication Engineering

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising

Advertising InfoSec Government Healthcare

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

The Last Watchdog

MAY 24, 2021

Some instructive fresh intelligence about how cyber attacks continue to saturate the Internet comes to us from Akamai Technologies. Akamai, which happens to be the Hawaiian word for “smart,” recently released its annual State of the Internet security report. In 2020, it saw 193 billion credential stuffing attacks globally, with 3.4

Financial Services

Financial Services Passwords Media Accountability

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication.” National Security Agency (NSA) warned on Dec. ” Indeed, the NSA’s Dec.

Software

Software Authentication Hacking Government

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc cc @CNCSgovpt @sirpedrotavares pic.twitter.com/1bDK3BtYeE — abuse.ch (@abuse_ch) June 12, 2020. About the author Pedro Tavares.

Internet

Internet Internet Malware Banking

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. I’m referring to the Public Key Infrastructure, or PKI, and the underlying TLS/SSL authentication and encryption protocols. “If What we’re seeing is pretty basic things around authentication.

IoT

IoT Authentication Internet Internet

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. Qbot) — to harvest one-time codes needed for multi-factor authentication. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research.

Phishing

Phishing Scams Banking Mobile

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

The victim, through no fault of their own, has been the target of numerous angry tweets designed to ridicule their role in internet security and suggest they are incapable of performing their duty. — NordVPN (@NordVPN) October 23, 2020 Ah, tricky! Been a lot of "victim blaming" going on these last few days. — Bartek ?wierczy?ski

Phishing

Phishing Password Management Passwords Internet

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

I spoke with Maurice Côté, VP Business Solutions, and Martin Lemay, CISO, of Devolutions , at the RSA 2020 Conference in San Francisco recently. Poorly implemented authentication can also lead to network breaches and compliance headaches. Each connection needs to be authenticated and privileges enforced. That’s our goal.”

Authentication

Authentication Risk Digital transformation Passwords

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. Related: Top execs call for facial recognition to be regulated. 1 use case is remote access.”.

Authentication

Authentication Digital transformation Passwords Password Management

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising

Advertising Government Healthcare Education

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

2019 that wasn’t discovered until April 2020. NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

billion Internet of Things (IoT) devices. Last month’s passage of the IoT Cybersecurity Improvement Act of 2020 means all IoT devices used by government agencies will soon have to comply with strict NIST standards. In May 2020, NIST released two foundational documents that serve as a foundation for the newly created guidelines.

IoT

IoT Cybersecurity Manufacturing Government

Gaming-related cyberthreats in 2020 and 2021

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile

Mobile Adware Malware Phishing

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. Source: DZone’s Edge Computing and IoT, 2020 . A Safer Internet of Things.

Internet

Internet Internet IoT Software

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. SSL/TLS certs). ” Caturegli said setting up an email server record for memrtcc.ad

DNS

DNS Internet Internet Authentication

Identity Fraud Losses Soared to $56 Billion in 2020, Javelin Researchers Find

Hot for Security

MARCH 24, 2021

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report. As consumers relied increasingly on digital payment products during 2020, identity fraud scams kept pace with this shift in behavior, the report reveals.

Scams

Scams Accountability Authentication Internet

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia. ”

Accountability

Accountability Hacking Authentication Marketing

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

Security Affairs

JUNE 23, 2021

In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135 , in SonicWall Network Security Appliance (NSA) appliances. This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”. Pierluigi Paganini.

VPN

VPN Firewall Firmware Authentication

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

The internet of things (IoT) is widening the sphere of physical security as smart devices connected to business systems via the internet may be located outside of established secure perimeters. One such measure is to authenticate the users who can access the server.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. mail server responds “OK” = successful access).

Accountability

Accountability Authentication Passwords Hacking

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

The documents were available without authentication to anyone with a Web browser. “Respondent’s own analysis demonstrated that during this 11-month period, more than 350,000 documents were accessed without authorization by automated ‘bots’ or ‘scraper’ programs designed to collect information on the Internet.

Insurance

Insurance Financial Services Penetration Testing Scams

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. 22, 2020, when cryptocurrency wallet company Ledger acknowledged that someone had released the names, mailing addresses and phone numbers for 272,000 customers. TARGETED PHISHING.

Passwords

Passwords Password Management Phishing Scams

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication

Authentication Passwords Mobile Accountability

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile

Mobile Phishing Authentication Accountability

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

MARCH 28, 2019

The author of Mirai used a sledgehammer to kill a fly: the DDoS bombardment was so large that it also wiped out Dyn , a UK-based internet performance vendor. The Spamhaus attacker, for instance, noticed that there were literally millions of domain name system (DNS) resolvers that remained wide open all over the internet. Beyond DDoS.

DDOS

DDOS IoT DNS Internet

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote. In short, anything accessible from the internet should be given extra attention.

Ransomware

Ransomware Risk Internet Internet

12 Million Zacks accounts leaked by cybercriminal

Malwarebytes

FEBRUARY 14, 2025

The most recent data in this database is from May 2020. This breach is also being publicly shared on the internet. This would be the 2nd (hacked back in 2020) major data breach for Zacks. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Accountability

Accountability Data breaches Passwords Phishing

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. The Twitter hackers largely pulled it off by brute force, writes Wired on the July 15, 2020 hack.

Social Engineering

Social Engineering Phishing Engineering Accountability

MasterCard DNS Error Went Unnoticed for Years

Microsoft Patch Tuesday, August 2020 Edition

Webinars

Trending Sources

Microsoft Patch Tuesday, April 2020 Edition

Webinars

Microsoft Patch Tuesday, Sept. 2020 Edition

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

No, I Won't Link to Your Spammy Article

Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

When Low-Tech Hacks Cause High-Impact Breaches

Are You One of the 533M People Who Got Facebooked?

Almost 800,000 SonicWall VPN appliances online are vulnerable to CVE-2020-5135

Most organizations have yet to fix CVE-2020-0688 Microsoft Exchange flaw

Announcing the winners of the 2020 GCP VRP Prize

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw

SHARED INTEL: Akamai reports web attack traffic spiked 62 percent in 2020 — all sectors hit hard

VMware Flaw a Vector in SolarWinds Breach?

TroyStealer – A new info stealer targeting Portuguese Internet users

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Humans are Bad at URLs and Fonts Don’t Matter

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

The IoT Cybersecurity Act of 2020: Implications for Devices

Gaming-related cyberthreats in 2020 and 2021

The Internet of Things Is Everywhere. Are You Secure?

Local Networks Go Global When Domain Names Collide

Identity Fraud Losses Soared to $56 Billion in 2020, Javelin Researchers Find

Sendgrid Under Siege from Hacked Accounts

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

Gift Card Gang Extracts Cash From 100k Inboxes Daily

NY Charges First American Financial for Massive Data Leak

The Life Cycle of a Breached Database

Multi-Factor Authentication Best Practices & Solutions

How 1-Time Passcodes Became a Corporate Liability

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

12 Million Zacks accounts leaked by cybercriminal

The Original APT: Advanced Persistent Teenagers

Stay Connected