SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 141

Passwords Authentication Architecture Risk 141

Security Affairs

MARCH 26, 2024

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to the China-linked group APT31. The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. According to the police, the offences were committed between autumn 2020 and early 2021.

Hacking 141

Hacking Government Technology Information Security 141

Security Affairs

OCTOBER 11, 2022

VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. Please review KB89027 for more information.”

Authentication 144

Authentication Hacking Information Security 144

Daniel Miessler

MARCH 24, 2021

Mar 24, 2021 — Thanks to Andrew R. Mar 24, 2021 — Someone mentioned that there are higher ranks of authentication out there, which I agree with, but this is specifically for everyday users. Mar 24, 2021 — We can pronounce the acronym as “Chasm”, as in, “Lets see how deep into the chasm you are…” ??.

Authentication 363

Authentication Passwords Internet Internet 363

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS 141

DNS Malware Media Encryption 141

Joseph Steinberg

JUNE 23, 2021

He has been calculated to be one of the top 3 cybersecurity influencers worldwide, and has written books ranging from Cybersecurity for Dummies to the official study guide from which many Chief Information Security Officers (CISOs) study for their certification exams. New York, NY – June 23, 2021. About Newsweek.

Artificial Intelligence 334

Artificial Intelligence CISO Technology Cybersecurity 334

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” concludes the report.

Firewall 139

Firewall Accountability Malware Authentication 139

Daniel Miessler

DECEMBER 18, 2021

From the Apache advisory: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 Look for ${event:Message} or ${ctx:*} in your log4j2 properties or xml files — d0nut (@d0nutptr) December 15, 2021. POV: you follow me pic.twitter.com/Xw33fmji1A — d0nut (@d0nutptr) December 15, 2021. Shame on me.

Internet 363

Internet Internet Information Security 363

Security Affairs

JULY 12, 2022

Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021. The post Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021? appeared first on Security Affairs. ” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing 145

Phishing Authentication Social Engineering Passwords 145

Daniel Miessler

MAY 19, 2021

Every year I like to look at Verizon’s DBIR report and see what kind of wisdom I can extract. This year they appear to have put in even more effort, so let’s get into it. The format is simple: a series of content extraction bullets, some analysis and commentary along the way, and then a quick summary of what I saw as the main takeaways.

Data breaches 192

Data breaches Social Engineering Ransomware Phishing 192

Joseph Steinberg

JANUARY 10, 2023

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum in 2021, will continue serving as a member of the premier news organization’s council in 2023. A prolific inventor of cybersecurity technology, Steinberg is also cited in over 500 US patent filings.

Artificial Intelligence 246

Artificial Intelligence CISO Technology Cybersecurity 246

Krebs on Security

OCTOBER 31, 2021

. “Such code copying is a significant source of real-world security exploits.” ” Rust has released a security advisory for this security weakness, which is being tracked as CVE-2021-42574 and CVE-2021-42694. ” Image: XKCD.com/2347/.

Software 363

Software Information Security Encryption Government 363

Joseph Steinberg

JANUARY 4, 2022

Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022. A prolific inventor of cybersecurity technology, Steinberg is also cited in over 500 US patent filings. He amassed millions of readers as a regular columnist for Forbes and Inc.

Artificial Intelligence 246

Artificial Intelligence CISO Technology Cybersecurity 246

The Hacker News

MAY 24, 2024

Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity.

CISO 133

CISO Ransomware Information Security Cybersecurity 133

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. “My team is frustrated by the permissive nature of the platform,” Carbee said. As a result, five companies eventually fixed the problem.

Banking 330

Banking Government Information Security Authentication 330

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. government shared information with the Russians about the hackers they suspected were behind Trickbot. On Sunday, Feb.

Ransomware 305

Ransomware Healthcare Cybercrime Government 305

Krebs on Security

MARCH 7, 2022

In 2020, researchers from Athens University School of Information Sciences and Technology in Greece showed (PDF) how ransomware-as-a-service offerings might one day be executed through smart contracts. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., ” Stern wrote.

Ransomware 247

Ransomware Cryptocurrency DDOS Scams 247

Krebs on Security

SEPTEMBER 15, 2021

A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number. TTEC immediately activated its information security incident response business continuity protocols, isolated the systems involved, and took other appropriate measures to contain the incident.

Ransomware 355

Ransomware Banking Cryptocurrency Media 355

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 302

Government Hacking Cyber threats Mobile 302

Security Affairs

OCTOBER 20, 2023

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE. ” reads the report published by Cisco Talos.

Authentication 142

Authentication Hacking Accountability Software 142

Security Affairs

MAY 22, 2024

According to the researchers, the malware campaign targeting MS Exchange Server has been active since at least 2021. The threat actors exploited the ProxyShell vulnerabilities ( CVE-2021-34473 , CVE-2021-34523 , and CVE-2021-31207 ) in Microsoft Exchange Server to inject an info stealer.

Malware 142

Malware Accountability Technology Internet 142

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. Archive.org’s recollection of what altugsara dot com looked like in 2021.

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Security Affairs

NOVEMBER 9, 2022

Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. Google reported the vulnerabilities to Samsung immediately after their discovery in late 2020s, and the vendor addressed them in March 2021.

Surveillance 137

Surveillance Spyware Mobile Manufacturing 137

CyberSecurity Insiders

MAY 1, 2023

Surprisingly, the analysis conducted by American law firm BakerHostetler found that victims who made ransomware payments increased in the year 2022 compared to 2021. Additionally, the average ransom amount paid last year was recorded as $600,000, up from the $511,000 payment made in 2021.

Data breaches 138

Data breaches Cyber Insurance Insurance Technology 138

Security Affairs

AUGUST 16, 2024

The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on the dark web marketplace, Slilpp. in restitution. These credentials were linked to $1.2

Banking 134

Banking Accountability Retail Mobile 134

Security Affairs

OCTOBER 9, 2023

The HelloKitty gang has been active since January 2021. In November 2021, the US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials.

Cybercrime 143

Cybercrime Ransomware DDOS Encryption 143

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication 145

Authentication Passwords Hacking Accountability 145

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches 145

Data breaches Telecommunications Cybercrime Hacking 145

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. 2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model.

InfoSec 255

InfoSec Insurance Artificial Intelligence Cybersecurity 255

The Last Watchdog

FEBRUARY 21, 2022

Related: High-profile healthcare hacks in 2021. These six areas will help improve your security program. After all, the process of security involves never-ending learning and improvement. As technology and threats evolve, so must the security organization. Be brilliant at these basics, but don’t stop there.

Healthcare 214

Healthcare Cyber Attacks Education Social Engineering 214

Daniel Miessler

APRIL 20, 2021

threat actor = someone who wants to punch you in the face threat = the punch being thrown vulnerability = your inability to defend against the punch risk = the likelihood of getting punched in the face — cje (@caseyjohnellis) April 19, 2021. Casey also added that Acceptable Risk would be being willing to get punched in the face.

Risk 335

Risk Information Security 335

Security Affairs

OCTOBER 27, 2024

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021.

Ransomware 144

Ransomware Hacking Malware Cybercrime 144

Security Affairs

FEBRUARY 15, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products.

Firewall 141

Firewall Government Malware Hacking 141

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 140

Phishing Accountability Information Security Cyber Attacks 140

Daniel Miessler

APRIL 8, 2021

— Chris Vickery (@VickerySec) April 3, 2021. — Alessandro Vernet (@avernet) April 7, 2021. Do not allow large payments of money to criminals, as it guarantees and aids future harm to others. We frown on that. Ransomware would disappear in a month. This is easy. “Disappear in a month”, he said.

Ransomware 268

Ransomware Marketing Government Information Security 268

Anton on Security

MARCH 1, 2021

All these are very hypothetical in 2021, to be sure, but what about 2025? Naturally, one may counter that chess is mathematically solvable while information security is not (by a wide, wide, wide margin). Would you still say the same? Would you still give the same advice? Sure, this argument holds water …today.

Information Security 246

Information Security Malware Cybersecurity 246

Security Affairs

APRIL 10, 2024

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches 135

Data breaches Telecommunications Identity Theft Hacking 135