2011 - Cyber Security Informer

The Story of the 2011 RSA Hack

Schneier on Security

MAY 27, 2021

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come.

Hacking

Hacking Authentication Cybersecurity

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. The post XDSpy APT remained undetected since at least 2011 appeared first on Security Affairs.

Malware

Malware Phishing Passwords Government

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Security Affairs

APRIL 30, 2019

Bloomberg obtained Vodafone’s security briefing documents from 2009 and 2011 and spoke with people involved in the situation. Bloomberg revealed that once discovered the backdoors in home routers in 2011, Vodafone asked Huawei to address them. But it was 2011. ” reported the AFP. ” continues bloomberg.

Internet

Internet Internet Advertising Software

Webinars

The Power of Storytelling in Risk Management

ERM Program Fundamentals for Success in the Banking Industry

MORE WEBINARS

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Malware

Malware Mobile Scams Backups

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Pierluigi Paganini.

Authentication

Authentication Passwords Advertising Software

MVP Award 12

Troy Hunt

JULY 6, 2022

11 years now, wow 😲 It's actually 11 and a bit because it was April Fool's Day in 2011 that my first MVP award came through. At the time, I referred to myself as "The Accidental MVP" as I'd no expectation of an award, it just came from me being me.

Passwords

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

AWMproxy, the storefront for renting access to infected PCs, circa 2011. In 2011, researchers at Kaspersky Lab showed that virtually all of the hacked systems for rent at AWM Proxy had been compromised by TDSS (a.k.a An example of a cracked software download site distributing Glupteba. Image: Google.com.

Malware

Malware Passwords Hacking Internet

Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security

Dark Reading

JANUARY 10, 2023

Rashid reflects on the monumental Black Hat 2011 moment when Jay Radcliffe showed how to hack his insulin pump. Hacking to kill: Dark Reading's Fahmida Y.

Hacking

US sends million-dollar scammer to prison for four years

Graham Cluley

MARCH 29, 2023

31-year-old Solomon Ekunke Okpe, of Lagos, was a member of a gang that devised and executed a variety of scams - including business email compromise (BEC), romance scams, working-from-home scams, and more - between December 2011 and January 2017. Read more in my article on the Hot for Security blog.

Scams

How to survive below the cybersecurity poverty line

CSO Magazine

JANUARY 30, 2023

It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not.

Cybersecurity

Empire of Hackers launched by CIA targets China

CyberSecurity Insiders

MAY 7, 2023

The fact that the surveillance being conducted by the CIA through “Empire of Hackers” can be traced back to 2011 raises questions about the ethics of governments spying on their citizens, politicians, and other governments.

Cyber Attacks

Cyber Attacks Surveillance Cybersecurity Government

Identifying the Person Behind Bitcoin Fog

Schneier on Security

MAY 3, 2021

The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve.

Cryptocurrency

Cryptocurrency Accountability

Securing Kafka in Modern Application Environments | Identify Apache Kafka Security Vulnerabilities | Contrast Security

Security Boulevard

APRIL 10, 2023

By early 2011 it was made open-source. According to enlyft there are approximately 50,192 companies that use Apache and the number has proliferated rapidly. Apache Kafka was originally developed by LinkedIn and was built for website activity tracking, capturing all the clicks, actions, or inputs on a website.

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme

The Hacker News

MAY 28, 2022

He joined the gang in August 2011 and remained a member for A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization.

Cybercrime

RailYatri Data Breach Leaves Over 30 Million Users Exposed

Heimadal Security

FEBRUARY 22, 2023

Founded in 2011, RailYatri is an Indian travel marketplace endorsed by the […] The post RailYatri Data Breach Leaves Over 30 Million Users Exposed appeared first on Heimdal Security Blog. An online database of private information has been released, and it is thought the breach occurred late in December 2022.

Data breaches

Data breaches Government Cybersecurity

All White Hat hackers exempted from US CFAA Prosecution

CyberSecurity Insiders

MAY 20, 2022

In September 2011, an amendment was made to the bill under the Personal Data Privacy and Security Act of 2011. . NOTE- CFAA was drafted and implied to protect IT assets operated by the federal government and centralized financial institutes. Later, the bill was given a fair scope to make amendments following the 2001 terrorist act.

Data privacy

Data privacy Cybersecurity Hacking Government

I've Joined the 1Password Board of Advisers

Troy Hunt

OCTOBER 29, 2020

Since that date in 2011, I doubt there's been a single day I haven't used 1Password to log into a website, fill in my credit card details or refer to other notes stored securely within the product.

Password Management

Password Management Passwords Software Accountability

Chinese state hackers breached over a dozen US pipeline operators

Bleeping Computer

JULY 21, 2021

Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. [.].

Phishing

The Full Story of the Stunning RSA Hack Can Finally Be Told

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Hacking

Hacking Cybersecurity Government

NIST Finally Retires SHA-1, Kind Of

Dark Reading

DECEMBER 15, 2022

SHA-1 was deprecated in 2011. NIST has set the hashing algorithm's final retirement date to Dec. 31, 2030.

14 UK schools suffer cyberattack, highly confidential documents leaked

CSO Magazine

JANUARY 6, 2023

One folder marked ‘passports’ contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked ‘contract’ contains contractual offers made to staff alongside teaching documents on muscle contractions.

Data breaches

Data breaches Cybercrime Ransomware Hacking

Top 10 Cloud Penetration Testing Companies in 2023

Security Boulevard

DECEMBER 8, 2022

The World Quality Report, released by HP, Capgemini, and Sogeti, presents the insight that the figure of companies comprising a full-fledged testing center has elevated from a mere 4% in 2011 to a dramatic 26% in 2014. This time, a crucial portion of VAPT testing budgets have gone to a kind of penetration testing featuring […].

Penetration Testing

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

The Hacker News

MAY 21, 2021

26, 2011 and Feb. India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug.

Cyber Attacks

Cyber Attacks Data breaches Hacking

El Chapo's Encryption Defeated by Turning His IT Consultant

Schneier on Security

JANUARY 16, 2019

his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. Impressive police work : In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I.

Encryption

Chinese Hackers Are Now Using the Nimbda Loader and a New Form of the Yahoyah Trojan

Heimadal Security

JUNE 23, 2022

Since 2011, Tropic Trooper has been operating with the goal of targeting organizations in the public sector, the healthcare industry, the transportation sector, and the high technology sector. What Happened?

Healthcare

Healthcare Technology Cybersecurity

Google CEO suggests AI Guardrails instead of 6 months pause

CyberSecurity Insiders

APRIL 10, 2023

The ex-chairman who led the office between 2001 to 2011 said that America needs to draw a line between AI development, its usage, and the negative effects involved during and after the emerging technologies.

Artificial Intelligence

Artificial Intelligence Cybersecurity Technology

Apple Audio Code has severe vulnerabilities affecting millions of smart phone devices

CyberSecurity Insiders

APRIL 24, 2022

Apple’s Audio Codec that was developed in 2004 and made as open source software since 2011 is reportedly filled with severe security vulnerabilities that could trigger panic among Android users.

Cyber Attacks

Cyber Attacks Cybersecurity Software Manufacturing

The Center for Cyber Safety and Education Evolves Its Mission Statement

CyberSecurity Insiders

FEBRUARY 21, 2023

The Center for Cyber Safety and Education , the charitable foundation of (ISC)² founded in 2011, aims to grow the cybersecurity profession and its positive impact on the world by raising awareness, building a diverse pipeline of cybersecurity professionals and activating a more secure digital world.

Education

Education Cyber threats Cybersecurity

Why is ‘Juice Jacking’ Suddenly Back in the News?

Security Boulevard

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about "juice jacking," a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Another Side Channel in Intel Chips

Schneier on Security

SEPTEMBER 16, 2019

Not that serious, but interesting : In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory.

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

The Hacker News

MARCH 25, 2022

government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S.

Hacking

Hacking Cybersecurity Government

Blockchain security companies tackle cryptocurrency theft, ransom tracing

CSO Magazine

OCTOBER 25, 2022

Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 According to data from the Rekt leaderboard , cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance.

Cryptocurrency

Cryptocurrency Scams Hacking Technology

Patch Tuesday June 2022 – Microsoft Releases Several Chromium Security Updates

Heimadal Security

JUNE 14, 2022

This month’s Patch Tuesday has brought us some improvements and fixes for issues associated with Microsoft Edge Stable Channel (Version 102.0.1245.39), which incorporates the latest Security Updates of the Chromium project for CVE-2022-2011, CVE-2022-2010, CVE-2022-2008, and CVE-2022-2007.

BH EU 2022 and BSides London

Javvad Malik

DECEMBER 12, 2022

Andy and I had met at the first BSides back in 2011, and we decided to recreate the photo we took back then. I pushed my way past the throngs of attendees and made it through the revolving doors just before Andy (@Sirjester) could enter. Time flies when you’re having BSides fun.

Cybersecurity

Cybersecurity Social Engineering Engineering

US charges hacker for breaching brokerage accounts, securities fraud

Bleeping Computer

MAY 11, 2022

Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000. [.].

Account Security

Account Security Cybercrime Accountability

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

The Hacker News

SEPTEMBER 29, 2021

Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset for Windows, macOS, and Linux

Spyware

Spyware Firmware Malware

The password hall of shame (and 10 tips for better password security)

CSO Magazine

APRIL 15, 2021

The six-digit sequence has also ranked high on other lists over the years; SplashData, which has come up with lists using similar methodology, found "123456" in second place in 2011 and 2012; it then jumped up to number one where it stayed every year right through 2019. To read this article in full, please click here

Passwords

Passwords Data breaches

What is FedRAMP POAM? FedRAMP Compliance and Certification Explained

Security Boulevard

JANUARY 15, 2023

The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of commercial cloud services by the federal government and contractors supporting agencies.

Risk

Risk Government Technology

Four Members of APT40 Indicted by the U.S. Department of Justice

Heimadal Security

JULY 20, 2021

They were charged with several hacking crimes that unfolded between 2011 and 2018 where they targeted state entities, universities, and enterprises. 4 members belonging to APT40, a hacking group supported by the Chinese government, were indicted yesterday by the U.S. DOJ (Department of Justice).

Hacking

Hacking Government Phishing Cybersecurity

US indicts members of Chinese-backed hacking group APT40

Bleeping Computer

JULY 19, 2021

Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [.].

Hacking

Hacking Government

Compliance with NITTF, CNSSD 504 Using Workforce Cyber Security vs. User Activity Monitoring

Security Boulevard

FEBRUARY 3, 2022

The National Insider Threat Task Force (NITTF) was established by Executive Order in 2011. Insider threats have long been recognized as a problem by the Federal Government.

Threat Detection

Threat Detection Government

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

SEPTEMBER 9, 2022

Last week, Google rolled out emergency fixes to address a vulnerability, tracked as CVE-2022-3075 , in the Chrome web browser that is being actively exploited in the wild.

Ransomware

Ransomware Hacking Passwords Cybersecurity

Garmin Devices and Services Taken Offline By Ransomware Attack

Adam Levin

JULY 24, 2020

Recent reports have confirmed that the outage was caused by WastedLocker, a ransomware often used to specifically target and disrupt business operations, and closely associated with Evil Corp, the hacking group behind a $100 million crime spree that began in 2011.

Ransomware

Ransomware Hacking Data breaches

$5.2 Billion Worth of Bitcoin Transactions Related to Ransomware

Heimadal Security

OCTOBER 18, 2021

As reported by BleepingComputer, after reviewing 2,184 SARs (Suspicious Activity Reports) issued between January 1, 2011, and June 30, 2021, FinCEN discovered 177 CVC (convertible virtual currency) wallet addresses used for ransomware-related payments, amounting to […]. The post $5.2

Ransomware

Ransomware Cybersecurity

The Story of the 2011 RSA Hack

XDSpy APT remained undetected since at least 2011

Webinars

Trending Sources

Vodafone discovered backdoors in Huawei equipment. But it was 2011.

Webinars

Why is ‘Juice Jacking’ Suddenly Back in the News?

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

MVP Award 12

The Link Between AWM Proxy & the Glupteba Botnet

Black Hat Flashback: The Deadly Consequences of Weak Medical Device Security

US sends million-dollar scammer to prison for four years

How to survive below the cybersecurity poverty line

Empire of Hackers launched by CIA targets China

Identifying the Person Behind Bitcoin Fog

Securing Kafka in Modern Application Environments | Identify Apache Kafka Security Vulnerabilities | Contrast Security

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme

RailYatri Data Breach Leaves Over 30 Million Users Exposed

All White Hat hackers exempted from US CFAA Prosecution

I've Joined the 1Password Board of Advisers

Chinese state hackers breached over a dozen US pipeline operators

The Full Story of the Stunning RSA Hack Can Finally Be Told

NIST Finally Retires SHA-1, Kind Of

14 UK schools suffer cyberattack, highly confidential documents leaked

Top 10 Cloud Penetration Testing Companies in 2023

Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

El Chapo's Encryption Defeated by Turning His IT Consultant

Chinese Hackers Are Now Using the Nimbda Loader and a New Form of the Yahoyah Trojan

Google CEO suggests AI Guardrails instead of 6 months pause

Apple Audio Code has severe vulnerabilities affecting millions of smart phone devices

The Center for Cyber Safety and Education Evolves Its Mission Statement

Why is ‘Juice Jacking’ Suddenly Back in the News?

Another Side Channel in Intel Chips

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

Blockchain security companies tackle cryptocurrency theft, ransom tracing

Patch Tuesday June 2022 – Microsoft Releases Several Chromium Security Updates

BH EU 2022 and BSides London

US charges hacker for breaching brokerage accounts, securities fraud

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit

The password hall of shame (and 10 tips for better password security)

What is FedRAMP POAM? FedRAMP Compliance and Certification Explained

Four Members of APT40 Indicted by the U.S. Department of Justice

US indicts members of Chinese-backed hacking group APT40

Compliance with NITTF, CNSSD 504 Using Workforce Cyber Security vs. User Activity Monitoring

CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

Garmin Devices and Services Taken Offline By Ransomware Attack

$5.2 Billion Worth of Bitcoin Transactions Related to Ransomware

Stay Connected