Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet 267

Internet Internet Software Engineering 267

Krebs on Security

NOVEMBER 9, 2021

Both involve weaknesses in Microsoft’s Remote Desktop Protocol (RDP, Windows’ built-in remote administration tool) running on Windows 7 through Windows 11 systems, and on Windows Server 2008-2019 systems. The flaws let an attacker view the RDP password for the vulnerable system.

Backups 316

Backups Passwords Authentication Internet 316

Krebs on Security

FEBRUARY 7, 2024

From the forum’s inception until around 2008, Djamix was one of its most active and eloquent contributors. ru at DomainTools.com reveals this address has been used to register at least 10 domain names since 2008. Some of those photos date back to 2008. “In order to ESCAPE the law, you need to KNOW the law.

Cybercrime 331

Cybercrime Accountability Identity Theft Hacking 331

Security Affairs

JANUARY 5, 2025

The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution.

Malware 139

Malware Encryption Phishing Hacking 139

Malwarebytes

JANUARY 16, 2025

PlugX has been around since at least 2008 but is under constant development. The move came after suspicion that cybercriminals groups under control of the Peoples Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers.

Malware 113

Malware DNS Internet Internet 113

Security Affairs

NOVEMBER 15, 2021

These issues impacts Windows Server 2019 and lower versions, including Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.

Authentication 142

Authentication Hacking Information Security 142

Krebs on Security

OCTOBER 26, 2021

Indeed, some of history’s largest cyberheists involved point-of-sale malware, including the 2008 breach at Heartland Payment Systems that exposed 100 million payment cards, and the 2013-2014 string of breaches at Target , Home Depot and elsewhere that led to the theft of roughly another 100 million cards.

Technology 72

Technology Retail Computers and Electronics Malware 72

Krebs on Security

JUNE 28, 2022

Launched in March 2008, AWM Proxy quickly became the largest service for crooks seeking to route their malicious Web traffic through compromised devices. com shows that in 2008 it displayed the personal information for a Dmitry Starovikov , who listed his Skype username as “lycefer.” ru , and the website web-site[.]ru

Passwords 323

Passwords Malware Internet Internet 323

Krebs on Security

SEPTEMBER 24, 2020

The flaw is present in most supported versions of Windows Server, from Server 2008 through Server 2019. CVE-2020-1472 earned Microsoft’s most-dire “critical” severity rating, meaning attackers can exploit it with little or no help from users.

Antivirus 277

Antivirus Security Intelligence Engineering Authentication 277

Krebs on Security

DECEMBER 8, 2021

According to cyber intelligence firm Intel 471 , that dark_cl0ud6@hotmail.com address has been used in conjunction with the handle “ DCReavers2 ” to register user accounts on a half-dozen English-language cybercrime forums since 2008, including Hackforums , Blackhatworld, and Ghostmarket. An advertisement for the ButterFly Bot.

Cybercrime 339

Cybercrime Ransomware Accountability Advertising 339

Krebs on Security

NOVEMBER 14, 2023

.” The final zero day in this month’s Patch Tuesday is a problem in the “Windows Cloud Files Mini Filter Driver” tracked as CVE-2023-36036 that affects Windows 10 and later, as well as Windows Server 2008 at later.

Social Engineering 330

Social Engineering Internet Internet Phishing 330

Krebs on Security

MARCH 9, 2021

For the second month in a row, Microsoft has patched scary flaws in the DNS servers on Windows Server 2008 through 2019 versions that could be used to remotely install software of the attacker’s choice. All five of the DNS bugs quashed in today’s patch batch earned a CVSS Score (danger metric) of 9.8 — almost as bad as it gets.

DNS 353

DNS Internet Internet Software 353

Krebs on Security

DECEMBER 8, 2020

Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019. The critical bits reside in updates for Microsoft Exchange Server , Sharepoint Server , and Windows 10 and Server 2016 systems.

DNS 346

DNS Backups Malware Software 346

CyberSecurity Insiders

APRIL 22, 2021

During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. But the world changes, the world evolves, and the risks change as well.

Cyber threats 141

Cyber threats Risk Cyber Risk Banking 141

Schneier on Security

FEBRUARY 13, 2021

It’s been going on since at least 2008. Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S.

Surveillance 363

Surveillance Internet Internet Government 363

Krebs on Security

JUNE 8, 2021

CVE-2021-31959 affects everything from Windows 7 through Windows 10 and Server versions 2008 , 2012 , 2016 and 2019. .” Microsoft also patched five critical bugs — flaws that can be remotely exploited to seize control over the targeted Windows computer without any help from users.

Backups 341

Backups Ransomware Cyber threats Phishing 341

Krebs on Security

DECEMBER 12, 2023

Among the critical bugs quashed this month is CVE-2023-35628 , a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Kevin Breen , senior director of threat research at Immersive Labs , said the flaw affects MSHTML , a core component of Windows that is used to render browser-based content.

Internet 295

Internet Internet Engineering Malware 295

Schneier on Security

DECEMBER 6, 2019

One quote: "The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in the East African highlands in 100,000 BC, and not to living in the New York City of 2008.".

Risk 135

Risk CSO Software 135

Krebs on Security

OCTOBER 11, 2018

10 and Server 2008, 2012, 2016 and 2019. Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Software 239

Software Internet Internet 239

Krebs on Security

MARCH 10, 2020

According to historic WHOIS records maintained by DomainTools.com (an advertiser on this site), vpleer was originally registered in 2008 to someone using the email address hm@mail.ru. Isis responds that he hasn’t owned the site for 10 years.

Accountability 357

Accountability Advertising Hacking Cybercrime 357

Bleeping Computer

MARCH 22, 2021

Windows Server 2008, and Windows Server 2012 to fix printer issues arising from the March 2021 Patch Tuesday updates. [.]. Microsoft has released out-of-band emergency updates for Windows 7, 8.1,

121

121

Krebs on Security

JUNE 1, 2023

ru in 2008. su from 2008. su from 2008. Intel 471 shows akafitis@gmail.com was used to register another O.R.Z. user account — this one on Verified[.]ru Prior to that, akafitis@gmail.com was used as the email address for the account “ Fitis ,” which was active on Exploit between September 2006 and May 2007.

Malware 315

Malware Cybercrime Software Accountability 315

Krebs on Security

JUNE 9, 2020

Perhaps most troubling of these ( CVE-2020-1301 ) is a remote code execution bug in SMB capabilities built into Windows 7 and Windows Server 2008 systems — both operating systems that Microsoft stopped supporting with security updates in January 2020. Microsoft Server Message Block or “SMB” service).

Authentication 352

Authentication Software Backups Accountability 352

Krebs on Security

DECEMBER 10, 2018

According to a statement filed with the Federal Election Commission , one of the earliest public records involving a payment to Web Listings dates back to 2008 and comes from none other than the the 2008 Hillary Clinton for President fund.

Internet 260

Internet Internet Scams Engineering 260

Krebs on Security

MAY 10, 2022

The flaw affects Windows 7 through 10 and Windows Server 2008 through 2022. CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild. Greg Wiseman , product manager for Rapid7 , said Microsoft has rated this vulnerability as important and assigned it a CVSS (danger) score of 8.1

Authentication 350

Authentication Engineering Internet Internet 350

Krebs on Security

MAY 23, 2024

md , a website launched in 2008 that chronicled the history of a 1990 armed conflict in Moldova known as the Transnistria War and the Moldo-Russian war. Cyber intelligence firm Intel 471 shows this email address is tied to the username “ dfyz ” on more than a half-dozen Russian language cybercrime forums since 2008.

DDOS 335

DDOS Internet Internet Government 335

Security Affairs

FEBRUARY 13, 2020

Windows Server 2008 R2: By default, SMBv1 is enabled in Windows Server 2008 R2. Windows Server 2008 R2: Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesLanmanServerParameters" -Name SMB1 -Type DWORD -Value 0 –Force. If it returns an SMB1 value of 0, it is disabled. (Get-WindowsFeature Get-WindowsFeature FS-SMB1).Installed

Authentication 145

Authentication Malware Advertising Hacking 145

Malwarebytes

JULY 25, 2024

Affected systems are running Windows 10 and 11 or one of the server versions (Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008.). And the affected systems are very likely to have Device Encryption enabled.

Encryption 142

Encryption Firmware Accountability Risk 142

Krebs on Security

JUNE 13, 2023

Security firm Action1 says all three bugs ( CVE-2023-32015 , CVE-2023-32014 , and CVE-2023-29363 ) can be exploited over the network without requiring any privileges or user interaction, and affected systems include all versions of Windows Server 2008 and later, as well as Windows 10 and later.

Social Engineering 273

Social Engineering System Administration Authentication Internet 273

Dark Reading

JANUARY 3, 2023

Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.

Internet 112

Internet Internet DNS 112

Krebs on Security

NOVEMBER 8, 2021

su, and that forum’s database says a user by the name “Damnating” registered with the forum in 2008 using the email address damnating@yandex.ru. Some of these nicknames go back more than a decade on Russian cybercrime forums, many of which have been hacked and relieved of their user databases over the years.

Ransomware 351

Ransomware Cybercrime System Administration Passwords 351

Krebs on Security

JUNE 3, 2019

” That vulnerability exists in Windows XP, Windows 2003, Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft did this to head off another WannaCry-like outbreak from mass-exploitation of a newly discovered flaw that Redmond called imminently “wormable.”

Ransomware 254

Ransomware Accountability Malware Government 254

Krebs on Security

JULY 13, 2021

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom , also with Automox. .” Another concerning critical vulnerability in the July batch is CVE-2021-34494 , a dangerous bug in the Windows DNS Server that earned a CVSS score (severity) of 9.8

DNS 344

DNS Engineering Internet Internet 344

Krebs on Security

FEBRUARY 11, 2020

lnk) files ( CVE-2020-0729 ) that affects Windows 8 and 10 systems, as well as Windows Server 2008-2012. Microsoft once again fixed a critical flaw in the way Windows handles shortcut (.lnk)

Backups 68

Backups Malware Internet Internet 68

Krebs on Security

FEBRUARY 14, 2024

Some of the exposed emails dated back to 2008; others were as recent as the present day. Internet with their email. Drilling down into those individual domain links revealed inboxes for each employee or user of these exposed websites. and cityoffrederickmd.gov , the website for the government of Frederick, Md.

Internet 363

Internet Internet Wireless Government 363

The Last Watchdog

JULY 6, 2023

Nuvoton was spun-off as a Winbond Electronics affiliate in July 2008 and went public in September 2010 on the Taiwan Stock Exchange (TWSE). About Nuvoton Technology: Nuvoton Technology Corporation (Nuvoton) was founded to bring innovative semiconductor solutions to the market.

Computers and Electronics 246

Computers and Electronics Marketing Technology IoT 246

Jane Frankland

MAY 30, 2025

History offers plenty examples of this, such as the 2008 global financial crisis , fueled by weak oversight in the finance sector, and the unchecked spread of disinformation across social media platforms today. When technological advancements go unchecked, they can have serious consequences. AI amplifies these risks exponentially.

Artificial Intelligence 130

Artificial Intelligence Risk Government Technology 130