2005 and Software - Cyber Security Informer

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. federal agencies from using Kaspersky software, mandating its removal within 90 days.

Malware

Malware Antivirus Software DDOS

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Antivirus software trusts signed programs more. For some types of software, a digital signature is mandatory.”

Malware

Malware Cybercrime Software Accountability

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

The Hacker News

JULY 20, 2021

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.

Software

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

One of the most common ways PPI affiliates generate revenue is by secretly bundling the PPI network’s installer with pirated software titles that are widely available for download via the web or from file-sharing networks. An example of a cracked software download site distributing Glupteba. Image: Google.com. and starovikov[.]com.

Passwords

Passwords Malware Internet Internet

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

OCTOBER 18, 2023

ABE has undergone significant theoretical advancements since 2005. And when it comes to cloud collaboration, ABE holds promise to help improve both security and operational efficiencies — in everything from rapid software development to global supply chains to remote work scenarios.

Encryption

Encryption Surveillance Internet Internet

Only 5% of total info stored across the world is secure

CyberSecurity Insiders

AUGUST 11, 2021

Therefore, experts predict that the software and hardware business that is needed to protect information systems will see a rise from $130 billion in 2022 to $170.3 What’s interesting is the fact that the law enforcement in US could only detect 11,792 cyber attacks on companies and government agencies between 2005- June’20.

Cyber Attacks

Cyber Attacks Marketing Passwords Government

Millions of Windows machines affected by ancient printer vulnerability

Malwarebytes

JULY 22, 2021

The most surprising about this find is probably that the vulnerability apparently has existed since 2005 and was only found 16 years later. The vulnerability has been listed as CVE-2021-3438 and it is a potential buffer overflow in the software drivers that can be abused to achieve an escalation of privilege.

Software

Software Firmware Manufacturing Engineering

Capital One Data Theft Impacts 106M People

Krebs on Security

JULY 30, 2019

“The largest category of information accessed was information on consumers and small businesses as of the time they applied for one of our credit card products from 2005 through early 2019,” the statement continues. The tip that alerted Capital One to its data breach.

Data breaches

Data breaches Small Business Media Accountability

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

MARCH 9, 2020

Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last. Digital transformation is leading to more intensive use of the cloud, faster development of software to support it, and the growth of the IoT.

IoT

IoT Technology Digital transformation Engineering

Experts devised a new attack to bypass Microsoft PatchGuard

Security Affairs

MAY 31, 2021

The PatchGuard, also known as Kernel Patch Protection, is a software protection utility that has been designed to forbid the kernel of 64-bit versions of Windows OS from being patched in order to prevent rootkit infections or the execution of malicious code at the kernel level.

Hacking

Hacking Malware Software Information Security

A deep-dive on Pluck CMS vulnerability CVE-2023-25828

Security Boulevard

MAY 8, 2023

The software has been maintained since 2005 when it was first released under the name CMSsystem, and has received 53 stars since migrating to GitHub in 2014. Pluck is a PHP-based content management system (CMS) used to set up and manage websites.

Authentication

Authentication Software Cybersecurity

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

The Security Ledger

NOVEMBER 3, 2021

We talk with Casey Ellis, founder and CTO of BugCrowd about how the market for software bugs has changed since the first bug bounty programs emerged nearly 20 years ago, and what’s hot in bug hunting in 2021. Today, however, bug bounty programs are part and parcel of the software industry. Click the icon below to listen.

Software

Software Manufacturing IoT Cyber Attacks

SAML: Still Going Strong After Two Decades

eSecurity Planet

MARCH 26, 2022

In 2005, the open standard consortium OASIS released SAML 2.0 Read more : Best Privileged Access Management (PAM) Software. Application and software developers are responsible for establishing the necessary backend database and protocol for storing and accepting user account credentials. In 2005, OASIS released 2.0,

Authentication

Authentication Mobile Accountability Firewall

10KBLAZE exploits could affect 9 out of 10 SAP installs of more than 50k customers

Security Affairs

MAY 2, 2019

The good news is that most recent versions of SAP software are configured by default to drop unauthorized connections, Since 2005, SAP is providing instructions on how to configure an ACL for the Message Server. Experts pointed out that the problem could impact many SAP products, including S/4HANA and NetWeaver Application Server (AS).

Cyber Attacks

Cyber Attacks Advertising Architecture Risk

Capital One discovered more customers’ SSNs exposed in 2019 hack

Security Affairs

APRIL 3, 2021

Paige Thompson is a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016. The security breach data breach took place on March 22nd and 23rd, the hacker accessed information of customers who had applied for a credit card between 2005 and 2019. Law enforcement arrested the hacker Paige A.

Hacking

Hacking Data breaches Banking Small Business

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Security Affairs

NOVEMBER 24, 2022

The experts pointed out that Boa has been discontinued since 2005. ” Microsoft experts explained that despite Boa being discontinued in 2005, many vendors across a variety of IoT devices and popular software development kits (SDKs) continue to use it. ” reads the report published by Microsoft. Pierluigi Paganini.

IoT

IoT Firmware Software Risk

Critical bug in WINRAR affects all versions released in the last 19 years

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years. dll library in 2005.

Advertising

Advertising Software Hacking

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. It’s notable that open-source software vulnerabilities comprise just one of several paths ripe for malicious manipulation. Related: The exposures created by API profileration.

Firewall

Firewall Internet Internet Digital transformation

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Security Affairs

JULY 20, 2021

The discovery was casually made several months ago, while experts were configuring a brand new HP printer, and noticed that an old printer driver from 2005 called SSPORT.SYS was triggering an alert by Process Hacker. ” reads the analysis published by SentinelOne. .” ” reads the analysis published by SentinelOne.

Encryption

Encryption Accountability Software Hacking

Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw

Security Affairs

SEPTEMBER 14, 2021

HP is releasing software updates to mitigate the potential vulnerabilities.” The flaw impacts a driver used by the OMEN Gaming Hub software that is pre-installed on HP OMEN systems, which allows to control and optimize settings, including device GPU, fan speeds, CPU overclocking, and memory. sys developed by OpenLibSys.

Software

Software Firmware Hacking Information Security

The Appsec Landscape in 2023

Adam Shostack

JANUARY 2, 2025

2023 brings new challenges and new opportunities for software companies, and all companies are now software companies. Over the next few years, you should expect regulation to cover more software more stringently. Its the measure twice, cut once of software. External changes will be driving appsec in 2023. OMB-M-22-18.)

Engineering

Engineering Software Architecture Manufacturing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Spur tracks SocksEscort as a malware-based proxy offering, which means the machines doing the proxying of traffic for SocksEscort customers have been infected with malicious software that turns them into a traffic relay. Wiremo sells software and services to help website owners better manage their customer reviews.

Malware

Malware VPN Internet Internet

Capital One data breach: hacker accessed details of 106M customers before its arrest

Security Affairs

JULY 30, 2019

“A former Seattle technology company software engineer was arrested today on a criminal complaint charging computer fraud and abuse for an intrusion on the stored data of Capital One Financial Corporation, announced U.S. Thompson (33) is suspected to be responsible for the data breach.

Data breaches

Data breaches Computers and Electronics Small Business Banking

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a critical flaw in SAP Commerce. The issue affects SAP Commerce versions 1808, 1811, 1905, 2005, 2011. ” reads the advisory published by NIST.

Engineering

Engineering Software Hacking Information Security

Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Security Affairs

FEBRUARY 25, 2019

A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a target computer. dll library in 2005. The flaw is an “Absolute Path Traversal” issue a third-party library, called UNACEV2.DLL,

Malware

Malware Advertising Software Hacking

Security Principles in 2023

Adam Shostack

JANUARY 2, 2025

In 2005, my view of security engineering was centered on adversarial reviews. Your (software) is not (principle) enough! Weve learned its hard to get software right, and the principle seems to lead people to re-invent the wheel. (I Principles are an excellent tool for that. I think the worst faring is Least Common Mechanism.

Engineering

Engineering Education Software Internet

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Malwarebytes

DECEMBER 5, 2022

In the late 90s, the Microsoft operating system (OS) Windows 98 had a supportive piece of software that would find security patches for the OS so that users could then download those patches and deploy them to their computers. That software was simply called Windows Update. But Windows Update had two big problems.

System Administration

System Administration Software Education

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

MAY 3, 2021

And since 2005 or so, one area of focus has been on sharpening the math formulas that make attribute-based encryption possible. That said, it may not be well-suited, in its current form, to achieve the level of security needed in an environment where companies rely on multi-cloud and hybrid cloud networks and wide-open software development.

Encryption

Encryption Retail Digital transformation Authentication

Update now! Chrome fixes more security issues

Malwarebytes

OCTOBER 21, 2021

A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap. Heap buffer overflow.

Engineering

Engineering Software Risk

Canadian Flair Airlines left user data leaking for months

Security Affairs

SEPTEMBER 26, 2023

Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and database credentials. According to SimilarWeb, the website attracts 3.2 million monthly visitors.

Identity Theft

Identity Theft Phishing Internet Internet

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

APRIL 24, 2019

Allen is a widely respected thought leader on this topic, having launched Shared Assessments in 2005 as an intel-sharing and training consortium focused on third-party risks. AI offers opportunities, but also problems in terms of trying to assess a particular device or a particular software program,” Allen observed.

Risk

Risk Technology IoT Digital transformation

Attacks against game companies are up. But why?

SC Magazine

JUNE 25, 2021

A young woman plays on the Electronic Arts (EA) newest product “Sims2 – Nightlife” at a Computer Gaming Convention on August 18, 2005 in Leipzig, Germany. Photo by Andreas Rentz/Getty Images). Additionally, EA Sports titles in particular are notorious for recycling much of their code from older versions of the franchise.

Computers and Electronics

Computers and Electronics Media Marketing Cryptocurrency

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

To boost productivity, they must leverage cloud infrastructure and participate in agile software development. The software giant’s intent was to make it more convenient and efficient for system administrators to perform Windows upkeep. Related: How ‘PAM’ improves authentication. SMBs today face a daunting balancing act.

Accountability

Accountability Passwords Hacking Cyber Risk

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

MARCH 19, 2019

The earliest SIEMs cropped up around 2005 or so. Fundamentally, SIEMs collect event log data from internet traffic, as well as corporate hardware and software assets. Led by the likes of Splunk, LogRhythm, IBM and Exabeam, the global SIEM market is expected to grow to over $5 billion annually in 2022.

Big data

Big data Internet Internet IoT

Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw

Malwarebytes

JUNE 9, 2021

Cisco has issued a patch for a vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software, that could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition.

Software

Software Engineering Authentication

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. Formed in 1965, Greylock Partners has a long history of investing in enterprise and consumer software for seed and early-stage and beyond. AllegisCyber Capital.

Cybersecurity

Cybersecurity Technology Marketing Healthcare

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

FEBRUARY 21, 2020

It can be as granular as a microservice in a software container connecting to a mobile app, for instance. The CA/Browser Forum , an industry standards body founded in 2005, accelerated initiatives to drive better practices and guidelines. Each one of these digital hookups requires PKI and a digital certificate to ensure authentication.

Digital transformation

Digital transformation Authentication Internet Internet

‘Name:Wreck’ is the latest collision between TCP/IP and the standards process

SC Magazine

APRIL 12, 2021

By the researchers’ count, there have been at least 14 instances since the year 2000 where DNS message compression has caused vulnerabilities in a wide variety of products – everything from Cisco IP phones in 2005 to various TCP/IP stacks discovered as part of Amnesia:33 and Ripple20.

DNS

DNS Internet Internet Media

GUEST ESSAY: AntiguaRecon – A call to train and promote the next generation of cyber warriors

The Last Watchdog

MARCH 28, 2023

Over my career, I have created three non-profits and two SaaS for profits, one of which I sold in 2005. I did this with one of my previous jobs running Agile software teams and it worked quite well. The program operated for five years and was covered by the Washington Post and a number of other news outlets. How can you help?

Education

Education Social Engineering Phishing Cybersecurity

Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack

eSecurity Planet

SEPTEMBER 8, 2021

Those unsure of the version they’re running can use software composition analysis (SCA) tools like JFrog’s Xray to determine the version in use and whether artifacts are affected by the vulnerability. http-response deny if { res.hdr_cnt(content-length) gt 1 }. Increasingly Common Web Architecture. New Use for Old Attack Technique.

Architecture

Architecture Firewall Authentication Software

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

The Last Watchdog

JANUARY 7, 2019

Initially introduced in 2005, CVSS is a framework for rating the severity of security vulnerabilities in software. The global cybersecurity community is keenly aware of these developments and earnest discussions are underway about how to deal with the attendant security exposures.

IoT

IoT Digital transformation Accountability Risk

Top 20 Cybersecurity Companies You Need to Know in 2025

eSecurity Planet

MARCH 21, 2025

Palo Alto Networks Best protection against network, endpoint, and remote asset attacks Headquarters: Santa Clara, California Founded: 2005 Annual Revenue: $7.52 The reliable products perform well in testing and customer satisfaction rankings, which also helps place Barracuda in our list of top tools and software for SMBs.

Cybersecurity

Cybersecurity Firewall Marketing Encryption

Michael Hull (Big Boom Design) – WordPress Community Interview

SiteLock

AUGUST 27, 2021

Because we’re active in the community, we often see just a handful of individuals getting noticed regularly when there other active users, developers and business owners doing great things with the software. Every WordPress user has a story. Why We Interviewed Michael Hull. I met Michael in the PreCamp session of WordCamp Asheville 2016.

Marketing

Marketing Internet Internet Software

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1989 — Trojan Horse Software — A diskette claiming to be a database of AIDS information is mailed to thousands of AIDS researchers and subscribers to a UK computer magazine. Using the info, he steals a piece of NASA software. He is captured in 1991. 1998-2007 — Max Butler — Max Butler hacks U.S. retailer (Polo Ralph Lauren).

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Trending Sources

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

The Link Between AWM Proxy & the Glupteba Botnet

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

Only 5% of total info stored across the world is secure

Millions of Windows machines affected by ancient printer vulnerability

Capital One Data Theft Impacts 106M People

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

Experts devised a new attack to bypass Microsoft PatchGuard

A deep-dive on Pluck CMS vulnerability CVE-2023-25828

Episode 229: BugCrowd’s Casey Ellis On What’s Hot In Bug Hunting

SAML: Still Going Strong After Two Decades

10KBLAZE exploits could affect 9 out of 10 SAP installs of more than 50k customers

Capital One discovered more customers’ SSNs exposed in 2019 hack

Threat actors exploit discontinues Boa web servers to target critical infrastructure

Critical bug in WINRAR affects all versions released in the last 19 years

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw

The Appsec Landscape in 2023

Who and What is Behind the Malware Proxy Service SocksEscort?

Capital One data breach: hacker accessed details of 106M customers before its arrest

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Security Principles in 2023

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

Update now! Chrome fixes more security issues

Canadian Flair Airlines left user data leaking for months

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

Attacks against game companies are up. But why?

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw

Top VC Firms in Cybersecurity of 2022

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

‘Name:Wreck’ is the latest collision between TCP/IP and the standards process

GUEST ESSAY: AntiguaRecon – A call to train and promote the next generation of cyber warriors

Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

Top 20 Cybersecurity Companies You Need to Know in 2025

Michael Hull (Big Boom Design) – WordPress Community Interview

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Stay Connected