Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT 128

IoT InfoSec Data collection Encryption 128

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

Troy Hunt

NOVEMBER 25, 2020

Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet. The vulnerability is the result of weak encryption used by TP-Link. HA has a Let's Encrypt add-on.

IoT 363

IoT Firmware Risk Manufacturing 363

SecureList

OCTOBER 12, 2023

The loader starts its activities by loading an encrypted payload from another file that should be present in the same directory. The loaded data are then decoded using XOR, where the XOR key is generated using an unusual technique. The code is similar to the standard loader – variant VLC A.

Encryption 139

Encryption Passwords Malware Firewall 139

Malwarebytes

AUGUST 3, 2021

Claiming to offer end-to-end encryption, when they were using something called transport encryption in places. They later had to clarify that they meant data was encrypted at Zoom endpoints. In theory, the company could access the data but said they don’t directly access it. The numbers game.

Encryption 105

Encryption Data collection Accountability Media 105

Malwarebytes

JANUARY 18, 2021

Simply by having to explain the differences between forms of messaging, data collection is thrown into sharp relief. That is to say, you may not have known prior to this how much…or little…your favourite apps collect. The data collection genie is out of the bottle, and yet it may not matter too much.

Data collection 75

Data collection Encryption Accountability Passwords 75

SecureList

MAY 28, 2024

in their infrastructure, while the rest discovered they had been infiltrated via a third party only after data leakage or encryption. Access is set up using a certificate or a login/password pair, and in rare cases multi-factor authentication is added. In other cases, they used data that was stolen before the incident began.

VPN 123

VPN Accountability Passwords Antivirus 123

SecureList

APRIL 22, 2024

54112" Krong is a proxy that encrypts the data transmitted through it using the XOR function. Code snippet for deciphering received data This allows Krong to hide the contents of the traffic to evade detection. 0.85.4.369 is used for creating archives ( T1560.002 Archive Collected Data: Archive via Library ).

VPN 141

VPN Passwords Encryption Malware 141

Identity IQ

JUNE 3, 2021

Email messages that are not properly encrypted. Geo-location data while browsing from a smartphone. Passwords you enter, particularly on websites that do not connect through HTTPS. The data can come in handy when the government authorities are aiming to identify criminal activities. Downloaded files.

VPN 95

VPN Internet Internet Encryption 95

Security Boulevard

JANUARY 16, 2024

Use a secure (encrypted) email provider Which secure email provider should you use? Put into context, it would make little sense to use a privacy-oriented browser and all the features such a browser may have to offer, but continue to reuse passwords across online accounts. Use private search engines Which search engines should you use?

Accountability 111

Accountability Engineering Passwords Internet 111

eSecurity Planet

MARCH 17, 2023

Managed Detection and Response Product Guide Top MDR Services and Solutions Encryption Full disk encryption, sometimes called whole disk encryption, is a data encryption approach for both hardware and software that involves encrypting all disk data, including system files and programs.

Network Security 120

Network Security Penetration Testing Firewall Software 120

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. rar archive files.

Ransomware 98

Ransomware Antivirus Malware Banking 98

Malwarebytes

AUGUST 3, 2022

According to security researcher Anurag Sen , who discovered the open database, the messages were stored unencrypted, and the database itself was not locked behind a password. It also houses hundreds of gigabytes of data and is hosted on a Huawei cloud server in China. Zack Whittaker, TechCrunch.

Internet 97

Internet Internet Data collection Technology 97

McAfee

JANUARY 28, 2020

Don’t reuse passwords. Password reuse is a common problem, especially in consumer cloud services. When using a cloud service for the first time, it’s easy to think that if the data you are using in that particular service isn’t confidential, then it doesn’t matter if you use your favorite password. One password….

Passwords 71

Passwords Mobile VPN Identity Theft 71

SecureList

APRIL 5, 2023

We filled in the login and password fields in the screenshot below. As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made. An OTP (one-time password) bot is another service available by subscription. The page typically contains nothing besides that form.

Phishing 144

Phishing Marketing Scams Accountability 144

SecureList

NOVEMBER 23, 2021

Facebook (now Meta) moved towards more privacy for its users as well, providing end-to-end encrypted backups in WhatsApp and removing the facial recognition system in its entirety from Facebook. Governments are wary of the growing big tech power and data hoarding, which will lead to conflicts – and compromises.

Government 124

Government Internet Internet Technology 124

SecureList

AUGUST 8, 2022

It combines network scanning, vulnerability search and exploitation, password attack, and other functionality. After gaining domain administrator privileges, the attackers searched for and exfiltrated documents and other files that contained the attacked organization’s sensitive data to their servers hosted in different countries.

Malware 105

Malware Phishing Passwords Data collection 105

SecureList

OCTOBER 7, 2022

The traffic originated from a suspicious library loaded into the memory of a domain controller server and registered as a Windows password filter, which has access to plain-text passwords to administrative accounts. The files were designed to be executed in a pre-defined order, and some of them were AES128-encrypted.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

eSecurity Planet

OCTOBER 20, 2023

Encryption protects data both in transit and at rest. Data loss prevention ( DLP ) prevents unwanted data transfers. Data Loss Prevention (DLP): DLP tools monitor and manage data flows in order to avoid illegal sharing or leaking of sensitive data.

Backups 120

Backups Firewall Encryption Architecture 120

eSecurity Planet

SEPTEMBER 9, 2024

They communicate with the central control system, allowing data collection and remote control over long distances. These networks enable data exchange between PLCs, RTUs, SCADA systems, and HMIs. Encryption and secure communication protocols: Protecting data in transit between ICS components.

Firmware 109

Firmware Encryption Manufacturing Risk 109

Webroot

JANUARY 27, 2025

Here are some common examples: Health data : Information stored in a patient portal, online pharmacy, or health insurance website. Financial data : Details of your bank account, 401K fund, or IRA. Apps : Data collected by various applications you use.

Data privacy 55

Data privacy Backups Antivirus Encryption 55

Security Affairs

FEBRUARY 3, 2022

The xPack backdoor is a.NET loader that fetches and executes AES-encrypted payloads, it supports multiple commands. The decryption password is provided as a command-line argument (Base64 encoded string), and the xPack backdoor can run as a standalone application or as a service (xPackSvc variant).

Manufacturing 98

Manufacturing Malware Data collection Encryption 98

SecureWorld News

JANUARY 4, 2024

From an information security department's perspective, the more data collected on employee actions, the more effectively potential incidents can be investigated. On the flip side, employees often lack access to the data collected by UAM solutions. This is particularly relevant for remote workers.

Data collection 128

Data collection Surveillance Artificial Intelligence Risk 128

Malwarebytes

AUGUST 3, 2022

According to security researcher Anurag Sen , who discovered the open database, the messages were stored unencrypted, and the database itself was not locked behind a password. It also houses hundreds of gigabytes of data and is hosted on a Huawei cloud server in China. Zack Whittaker, TechCrunch.

Internet 73

Internet Internet Data collection Mobile 73

SecureList

OCTOBER 25, 2023

It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket, all using custom encrypted archives. During these scans, it collects a range of sensitive information from all active users.

Malware 145

Malware DNS Encryption Ransomware 145

Cytelligence

DECEMBER 8, 2023

It heightens our awareness of extensive data collection about us, revealing potential uses and instigating concerns about potential misuse. Privacy policies from these tech giants, while intricate, are crucial in understanding the data collected and its uses. The impact of Big Tech on privacy is multifaceted.

Data collection 59

Data collection Ransomware Advertising Risk 59

Troy Hunt

DECEMBER 20, 2017

Here I had 13m of their customer records (including plain text passwords, thank you very much) that someone had sent me. Or how about CloudPets who exposed a Mongo DB of data collected from teddy bears with microphones in them (yes, you read that right). Doing the Right Thing is (Often) Hard.

Data breaches 234

Data breaches Risk Accountability Data collection 234

SC Magazine

MARCH 10, 2021

For example: passwords being typed or posted, specific motions or commands used to activate control systems to open or unlock doors, etc.”. At the very least, there should have been some form of multi-factor authentication or password vault to protect the [server] account. Of course, for some institutions, this is not practical.

Surveillance 129

Surveillance IoT Accountability Passwords 129

SecureList

MARCH 13, 2025

powershell ntdsutil.exe "'ac i ntds'" 'ifm' "'create full temp'" q q Additionally, manual PowerShell commands were observed for dumping data from these locations. Data Collection and Exfiltration Another new tool in Head Mare’s arsenal was a script running wusa.exe. doc" --include "*.docx" pdf" --include "*.xls"

Energy and Utilities 79

Energy and Utilities Software Accountability Phishing 79

Cisco Security

AUGUST 26, 2022

Data collected from Umbrella can then be routed to Sumo’s Cloud SIEM, where it is then automatically normalized and applied to our rule’s engine. Dashlane is a password manager that now supports Duo using Duo SSO. End users can easily access Dashlane and their passwords with SSO from Duo. Read more here. Sumo Logic.

Firewall 145

Firewall Authentication Passwords Threat Detection 145

IT Security Guru

JULY 28, 2023

Employee Education and Awareness : Human error remains a leading cause of data breaches. SMBs should invest in comprehensive training programs to educate employees about data security best practices, such as strong password management, recognising phishing attempts, and secure file handling.

Data breaches 95

Data breaches Risk Education Telecommunications 95

eSecurity Planet

MAY 19, 2023

It involves verifying credentials such as usernames and passwords, before granting access to applications. Encryption: This protects sensitive data by converting it into a coded form that can only be accessed or decrypted with the appropriate key. The tougher to steal, the better.

Software 104

Software Risk Encryption Marketing 104

eSecurity Planet

SEPTEMBER 5, 2024

A VPN (Virtual Private Network) routes your internet traffic through an encrypted tunnel, shielding your data from hackers and ensuring your online activities remain private and secure. Improved Security on Public Wi-Fi Public Wi-Fi networks are vulnerable to cyberattacks, making it easy for hackers to intercept your data.

VPN 57

VPN Encryption Internet Internet 57

CyberSecurity Insiders

OCTOBER 11, 2022

Cybercriminals are driven by financial motives to amass data collection. Data infiltration can occur at any part of a company’s life cycle, making continuous testing in DevOps crucial for security success. The constant threat of data infiltration looms over employees’ heads daily. Using weak passwords.

Cybersecurity 52

Cybersecurity Passwords Scams Phishing 52

SiteLock

AUGUST 27, 2021

Seems like a nasty piece of malware that had managed to get past security encrypted all the documents so that they were no longer accessible. Keep data collection to a minimum. A simple mistake by a careless or busy employee is all it takes. If you don’t need it, don’t ask for it.

Identity Theft 52

Identity Theft Accountability Data collection Firewall 52

Security Boulevard

APRIL 18, 2023

The older version uses plain text HTTP protocol, while the newer variant searches for OpenSSH DLLs in the infected system to establish encrypted HTTPS connections to its command and control. Remember to keep your software up-to-date, use strong passwords, and be wary of suspicious emails or messages. dll, libeay32.dll, dll, libssl-1_1.dll,

Malware 97

Malware Data collection Cyber threats Encryption 97

Security Boulevard

MAY 15, 2024

Even apps that collect PHI information protected by HIPAA may still share/use your information that doesn't fall under HIPAA protections. Mental health apps collect a wealth of personal information Naturally, data collected by apps falling under the "mental health" umbrella varies widely (as do the apps that fall under this umbrella.)

Advertising 52

Advertising Insurance Accountability Data Analyst 52