SecureList

MARCH 31, 2021

2020 was challenging for everyone: companies, regulators, individuals. As a result, 2020 was extremely eventful in terms of digital threats, in particular those faced by financial institutions. In 2020, the group tried its hand at the big extortion game with the VHD ransomware family. Key findings. to 13.21%.

Banking 144

Banking Phishing Malware Mobile 144

Digital Shadows

MARCH 17, 2025

it earned a spot on the Cybersecurity and Infrastructure Security Agency (CISA) list of the 15 most exploited flaws from 2020 to 2022. Whether driven by concerns over downtime or simply underestimating the risk of older vulnerabilities, this lack of urgency leaves systems exposed to attack. Rated CVSS 9.8,

VPN 133

VPN Authentication Ransomware Risk 133

The Last Watchdog

MAY 24, 2021

In 2020, it saw 193 billion credential stuffing attacks globally, with 3.4 Meanwhile, threat actors’ siege on web applications surged 62 percent in 2020 vs. 2019: Akamai observed nearly 6.3 Q: The scale of ‘attacks’ in 2020 is astronomical: 6.3 I’ve known Ragan for a long time and greatly respect his work. It is astronomical.

Financial Services 178

Financial Services Passwords Media Accountability 178

Security Affairs

AUGUST 28, 2020

Cisco addressed ten high-risk vulnerabilities in NX-OS software, including some issues that could lead to code execution and privilege escalation. Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation.

Software 139

Software Risk Advertising Authentication 139

SecureWorld News

NOVEMBER 12, 2024

This advisory highlights specific vulnerabilities and offers guidance to mitigate risks for software developers and end-user organizations. CVE-2023-27350 (PaperCut MF/NG): Allows a malicious cyber actor to chain an authentication bypass vulnerability with the abuse of built-in scripting functionality to execute code.

Software 111

Software Passwords Cyber threats Risk 111

SecureWorld News

FEBRUARY 13, 2025

Real-world cases of deepfake attacks Financial fraud : In 2020, a Hong Kong-based multinational firm lost $25 million when an employee was tricked into making wire transfers. Key risks posed by deepfakes Deepfake attacks can be broadly classified into three categories.

Social Engineering 83

Social Engineering Authentication Identity Theft Education 83

Security Affairs

DECEMBER 7, 2020

The US National Security Agency has published a security alert warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from their targets. The post Russia-linked hackers actively exploit CVE-2020-4006 VMware flaw, NSA warns appeared first on Security Affairs.

System Administration 138

System Administration Authentication Hacking Cybersecurity 138

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. To measure the level of the cybersecurity risk associated with gaming, we investigated several types of threats. Pandemic-related statistics cover the period of January 2020 through June 2021.

Mobile 141

Mobile Adware Malware Phishing 141

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking 135

Hacking Mobile Risk Cyber Attacks 135

Thales Cloud Protection & Licensing

JANUARY 28, 2020

January 28, 2020 marks the 13th iteration of Data Privacy Day. Fortunately, organizations can minimize the risk of these types of attacks by exercising key management. The post How to Keep Your Information Safe for Data Privacy Day 2020 appeared first on Data Security Blog | Thales eSecurity.

Data privacy 150

Data privacy Unstructured Data Encryption Identity Theft 150

Cisco Security

NOVEMBER 18, 2022

Often security researchers and security teams focus on threats to software and the risks associated with authenticating and managing users. As the threat landscape evolves and exposure to risk changes, organizations need to review their threat exposure and consider if current mitigations are sufficient for their needs. .

Risk 145

Risk Telecommunications Internet Internet 145

The Last Watchdog

MARCH 4, 2020

First, the identities of any two digital entities – a sensor and a control server, for instance, or even a microservice and a container — must be authenticated, and, second, the data exchanged between any two such digital instances must be encrypted. What we’re seeing is pretty basic things around authentication.

IoT 157

IoT Authentication Internet Internet 157

eSecurity Planet

JANUARY 22, 2021

Last month’s passage of the IoT Cybersecurity Improvement Act of 2020 means all IoT devices used by government agencies will soon have to comply with strict NIST standards. In May 2020, NIST released two foundational documents that serve as a foundation for the newly created guidelines. Guidance for Manufacturers.

IoT 145

IoT Cybersecurity Manufacturing Government 145

Krebs on Security

FEBRUARY 8, 2021

Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. Qbot) — to harvest one-time codes needed for multi-factor authentication. 2020 blog post on an ongoing Qakbot campaign that was first documented three months earlier by Check Point Research. .

Phishing 334

Phishing Scams Banking Mobile 334

Security Affairs

JULY 2, 2020

Apache Guacamole allows users within an organization to remotely access their desktops simply using a web browser post an authentication process. In particular, all versions of Guacamole that were released before January 2020 are using vulnerable versions of FreeRDP.” ” reads the report published by CheckPoint.

Hacking 142

Hacking Risk System Administration Authentication 142

SecureWorld News

NOVEMBER 6, 2024

Google moved away from VPNs, instead using device-based authentication and continuous access verification, ensuring that each access request is authenticated. To gain support, highlight how Zero Trust mitigates current threats like the SolarWinds supply chain attack in 2020, which exposed vulnerabilities in traditional defenses.

Social Engineering 103

Social Engineering Authentication Architecture Ransomware 103

CyberSecurity Insiders

MAY 10, 2023

According to the Insurance Information Institute , there was a 45-percent increase in identity theft in 2020, and the rapid digital transformation that took place during 2020 would not have helped improve this figure. Authentication also reduces the overall likelihood of compromising information.

Authentication 109

Authentication Insurance Identity Theft Digital transformation 109

Security Affairs

MAY 1, 2020

“On April 27, 2020, the Wordfence Threat Intelligence team discovered a Cross-Site Request Forgery(CSRF) vulnerability in Ninja Forms , a WordPress plugin with over 1 million installations.” April 27, 2020 19:24 UTC – We provide full disclosure to the plugin’s developer as per their Responsible Security Disclosure Policy.

Risk 140

Risk Advertising Firewall Accountability 140

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. That’s down from 53 percent that did so in 2018, Okta found.

Mobile 344

Mobile Phishing Authentication Accountability 344

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT 362

IoT Firmware Risk Manufacturing 362

Krebs on Security

MARCH 30, 2021

A security professional at Ubiquiti who helped the company respond to the two-month breach beginning in December 2020 contacted KrebsOnSecurity after raising his concerns with both Ubiquiti’s whistleblower hotline and with European data protection authorities. ” Ubiquiti has not responded to repeated requests for comment. .

Accountability 280

Accountability IoT Passwords Firmware 280

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk 128

Risk DDOS Data breaches Encryption 128

Krebs on Security

MARCH 23, 2022

Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” “Observed actions have included DEV-0537 answering common recovery prompts such as “first street you lived on” or “mother’s maiden name” to convince help desk personnel of authenticity. .

Social Engineering 336

Social Engineering Accountability Mobile Passwords 336

Jane Frankland

JANUARY 7, 2021

Lesson 1: Gaining more freedom My first lesson came almost as soon as the clock struck January 1st, 2020, when I felt a compulsion to clean, clear, let go of, and renovate my home. I looked at the risk I’d taken. This is when you’re authentic. I had no idea what was going on. I went to that point of closure. There was no drama.

CISO 189

CISO Cybersecurity Education Banking 189

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence 140

Security Intelligence Authentication Advertising Passwords 140

eSecurity Planet

FEBRUARY 23, 2022

These are not uncommon risks. The devices themselves can’t be secured, but that doesn’t mean we can’t use basic IT techniques to reduce our security risks. As recently as 2020, 83% of medical imaging devices ran on operating systems that no longer receive updates. This includes 73% of IV pumps and most laboratory devices.

Risk 132

Risk Healthcare IoT Firewall 132

The Last Watchdog

APRIL 14, 2022

billion in annual losses during 2020, resulting from 19,369 incidents. DMARC email authentication is also helpful to prove the sender is legitimate, and two-factor authentication (or multi-factor authentication) can reduce the risk an email account is compromised. Prevention is the cure.

Phishing 247

Phishing Accountability Scams Social Engineering 247

eSecurity Planet

SEPTEMBER 1, 2021

Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Here we’ll discuss the most significant risks posed by 5G, how U.S. Table of Contents What Are the Cybersecurity Risks of 5G? How is 5G Different?

Risk 137

Risk Cybersecurity IoT Wireless 137

Security Affairs

OCTOBER 12, 2020

The agencies warn of risk to elections information housed on government networks. According to the Alert (AA20-283A), advanced persistent threat (APT) actors are exploiting multiple legacy vulnerabilities in combination with a the recently discovered Zerologon vulnerability (CVE-2020-1472). ” reads the report.

VPN 145

VPN Government Authentication Advertising 145

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. SolarWinds subsequently disclosed to the SEC that threat actors inserted Sunburst into the Orion updates issued to customers between March and June 2020.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords 145

Passwords Authentication Advertising Software 145

The Last Watchdog

JULY 7, 2021

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019. In 2020, criminals started to process their lists differently.

Accountability 257

Accountability Mobile Passwords Authentication 257

The Last Watchdog

SEPTEMBER 25, 2023

million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association. Nonprofits are equally at risk, and often lack cybersecurity measures. The average cost of a cybersecurity breach was $4.45

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Security Affairs

OCTOBER 6, 2020

The Zerologon vulnerability, tracked as CVE-2020-1472 , is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 137

Authentication Advertising Architecture Cyber Attacks 137

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. ” reads the advisories published by Microsoft.

Advertising 145

Advertising Firewall Education Engineering 145

The Last Watchdog

NOVEMBER 9, 2020

IoT risks have been a low-priority, subset concern. A candy store for hackers A recent Forrester workforce survey showed that by mid 2020, 58 percent of corporations worldwide had at least half of their employees working from home, where an average of 11 devices lurk — connected to the internet.

IoT 279

IoT Healthcare Internet Internet 279

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 75

Firewall Hacking Malware Passwords 75