2022 Workshop on Economics and Information Security (WEIS)
Schneier on Security
JUNE 27, 2022
I did not attend WEIS this year , but Ross Anderson was there and liveblogged all the talks.
This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Schneier on Security
JUNE 27, 2022
I did not attend WEIS this year , but Ross Anderson was there and liveblogged all the talks.
Joseph Steinberg
JANUARY 4, 2022
Cyber Security Expert, Joseph Steinberg, who joined Newsweek’s Expert Forum last year, will continue serving as a member throughout 2022. The post Cyber Security Expert Joseph Steinberg To Serve On Newsweek Expert Forum In 2022 appeared first on Joseph Steinberg: CyberSecurity, Privacy, & Artificial Intelligence (AI) Advisor.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
OCTOBER 14, 2022
This is a current list of where and when I am scheduled to speak: I’m speaking at the World Ethical Data Forum , online, October 26-28, 2022. I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.
Schneier on Security
NOVEMBER 14, 2022
This is a current list of where and when I am scheduled to speak: I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022. The list is maintained on this page.
Schneier on Security
SEPTEMBER 20, 2023
The number of unfilled jobs leveled off in 2022, and remains at 3.5 And this is nothing that can be fixed by a newbie taking a six-month information security boot camp. […] Most entry-level roles tend to be quite specific, focused on one part of the profession, and are not generalist roles.
Security Affairs
APRIL 22, 2024
Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.
Daniel Miessler
DECEMBER 24, 2022
If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series.
Krebs on Security
NOVEMBER 4, 2022
” In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.
Krebs on Security
APRIL 27, 2023
This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. “My team is frustrated by the permissive nature of the platform,” Carbee said. Akiri said he notified the Washington D.C. ”
Security Affairs
APRIL 25, 2024
CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Krebs on Security
OCTOBER 20, 2022
On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations.
Krebs on Security
OCTOBER 20, 2023
In an interview with KrebsOnSecurity, Okta’s Deputy Chief Information Security Officer Charlotte Wylie said Okta initially believed that BeyondTrust’s alert on Oct. Maiffret said BeyondTrust followed up with Okta on Oct. 2 was not a result of a breach in its systems. But she said that by Oct.
Krebs on Security
SEPTEMBER 24, 2022
A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog , which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.”
Krebs on Security
APRIL 20, 2023
3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.
Security Affairs
MAY 23, 2024
Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Security Affairs
SEPTEMBER 11, 2024
“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” ” reads the advisory published by the company. High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Critical) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Schneier on Security
AUGUST 8, 2022
NIST was poised to make final algorithm selections in 2022, with a plan to have a draft standard available for public comment in 2023. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force. Cryptanalysis over the competition was brutal.
Security Affairs
JUNE 21, 2024
French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities.
Security Affairs
DECEMBER 4, 2024
Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.
Security Affairs
JUNE 27, 2024
in April 2022. Technical details and PoC exploit code are publicly available since August 2022. Linux Kernel Flaw CVE-2022-2586 (CVSS score of 7.8) White hat hackers demonstrated an exploit for this issue during the Pwn2Own Vancouver 2022. is a code injection issue in the Jai-Ext open source project. and 1.3.12.
Krebs on Security
DECEMBER 19, 2024
The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. ” Orn advertising Araneida Scanner in Feb. 2023 on the forum Cracked.
Security Affairs
JANUARY 15, 2025
released in October 2022. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” ” reported Heise Security.
Security Affairs
FEBRUARY 13, 2025
In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware.
Security Affairs
MAY 21, 2024
Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.
Krebs on Security
JANUARY 24, 2023
In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. “Thanks to you, we are now developing in the field of information security and anonymity!,” But that action did not name any defendants. Kloster’s blog enthused. “We
Security Affairs
DECEMBER 6, 2023
CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2022-22071 was included in our May 2022 public bulletin. Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks.
Security Affairs
JANUARY 23, 2024
The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “ In November 2022, Medibank announced that personal data belonging to around 9.7M
Daniel Miessler
SEPTEMBER 12, 2021
It might be that it’s time for a bigger adjustment than ever for 2022. Instead, start with the purpose of the project and the output you want it to produce for a defined audience, and then look at the data, and then the list. In doing the first two, be willing to completely reconsider the list. A reframing.
Krebs on Security
JULY 21, 2023
A review of the executives pages published by the 2022 list of Fortune 100 companies found only four — BestBuy , Cigna , Coca-Cola , and Walmart — that listed a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) in their highest corporate ranks.
Security Affairs
MAY 15, 2024
From March 2022 until March 2023, a separate version of BreachForums (hosted at breached.vc/.to/.co) The BreachForums hacking forum was launched in 2022 after the law enforcement authorities seized RaidForums as a result of Operation TOURNIQUET. According to the statement published by law enforcement on the site breachforums.ic3.gov
Security Affairs
JUNE 5, 2024
In August 2022, Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. Microsoft reported the issue to TikTok in February 2022, and the company quickly addressed it.
Security Affairs
JANUARY 4, 2025
networks since the summer of 2022. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett). critical infrastructure sectors.“
Security Affairs
JANUARY 30, 2024
in August 2022. “This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: [link] and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal() (CVE-2022-39046, an “uninitialized memory [read] from the heap”).”
Security Affairs
NOVEMBER 20, 2023
3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts. According to court documents, on November 18, 2022, Garrison launched the attack against the betting site, obtaining access to approximately 60,000 user accounts.
Daniel Miessler
JUNE 28, 2022
1/10 — Dave Kennedy (@HackingDave) June 17, 2022. We have brand new candidates lacking "hands on" experience coming into the workforce and finding it extremely difficult to find a job. One can absolutely argue that it isn’t Mangacorn’s responsibility to fix this, but that’s the problem isn’t it?
Security Affairs
MARCH 7, 2024
The figure marks a 22% surge in reported losses compared to 2022. In 2023, the FBI IC3 received a record number of complaints, totaling 880,418, which represents a nearly 10% increase in complaints received compared to 2022. billion in 2022 to $4.57 billion in 2023. billion in 2023 (+38%). billion in losses.
Security Affairs
MARCH 10, 2025
authorities seized $23M in crypto linked to a $150M Ripple wallet theft, experts believe the incident is linked to the 2022 LastPass breach. authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. ” reads the complaint. ” However.
Security Affairs
APRIL 9, 2024
BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022. After the repository containing the open-source tool was taken down in September 2022, it has since been cloned and modified by other threat actors.
Security Affairs
OCTOBER 4, 2023
action in network access logs presence of /setup/setupadministrator.action in an exception message in atlassian-confluence-security.log in the Confluence home directory In September 2022, threat actors were observed targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign.
Krebs on Security
DECEMBER 1, 2022
“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. But the company said there is no reason to believe the phishers they warned about are exploiting any of the issues reported by Pyle.
Security Affairs
OCTOBER 27, 2024
The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022. in March 2022. Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was arrested on October 8, 2021, while he was trying to enter Poland.
Security Affairs
JANUARY 12, 2025
The group NoName57 has been active since March 2022 and has targeted government and critical infrastructure organizations worldwide. In September 2022, Avast researchers observed the group using the Bobik botnet to launch DDoS attacks. NoName057(16) uses multiple tools to carry out their attacks.
Krebs on Security
NOVEMBER 16, 2023
In November 2022, Kivimäki was charged with attempting to extort money from the Vastaamo Psychotherapy Center. ” Antti Kurittu is an information security specialist and a former criminal investigator. “This sends an important message: online crime does not pay.
Security Affairs
OCTOBER 12, 2024
Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content