2011, Authentication and Information Security

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

But instead of using this information for the sole purpose of improving security, Twitter profited by allowing advertisers to use this data to target individuals. This action violated a 2011 FTC order that prohibited the social media site from misrepresenting its privacy and security practices. FTC Chair Lina M.

Advertising

Advertising Media Accountability Account Security

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. ” continues the report.

Malware

Malware Authentication Software Accountability

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

Security Affairs

DECEMBER 17, 2021

“A malicious actor with network access to UEM can send their requests without authentication and may exploit this issue to gain access to sensitive information.” and above 2011 Workspace ONE UEM patch 20.11.0.40 and above 2011 Workspace ONE UEM patch 20.11.0.40 ” reads the analysis published by VMware.

Authentication

Authentication Hacking Software Information Security

More than 3,000 Openfire servers exposed to attacks using a new exploit

Security Affairs

AUGUST 24, 2023

released in 2011.” The webshell can then be accessed, without authentication, exploiting the traversal. Any version released before then is not vulnerable, and these older versions make up nearly 25% of the internet-facing Openfire servers. Of those, the most popular version is 3.7.1,released ” adds the company.

Internet

Internet Internet Engineering Authentication

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Security Affairs

AUGUST 23, 2019

Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. ” read the security advisory published by Lenovo. Everyone is a member of Authenticated Users, this means that everyone could access those files.

Hacking

Hacking Advertising Authentication Software

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

Security Affairs

JULY 17, 2020

Iran-linked Charming Kitten group, (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. continues IBM.

Advertising

Advertising Media Authentication Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. “ DePriMon is a powerful, flexible and persistent tool designed to download a payload and execute it, and to collect some basic information about the system and its user along the way.”

Malware

Malware Telecommunications Advertising Encryption

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

An attempted attack requires user authentication.” The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. ” The issue affects OfficeScan versions XG SP1, XG (Non-SP GM build), 11.0 SP1 for Windows. ” reported ZDNet.

Antivirus

Antivirus Hacking Advertising Media

Introducing our new CISO Advisor, Pam Lindemeon

Cisco Security

AUGUST 3, 2021

Pam joins us with 25 years experience in the IT industry, with her most recent role being Deputy Chief Information Security Officer at Anthem, Inc. I took an active role in understanding what the Security team were trying to achieve, and how my work and my team could help them.

CISO

CISO Technology Information Security Cybersecurity

Op Wocao – China-linked APT20 was able to bypass 2FA

Security Affairs

DECEMBER 23, 2019

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. The APT20 group has been active since at least 2011, but experts did not associate any campaign with this threat actors between 2016 and 2017. “Operation Wocao (??

VPN

VPN Hacking Software Advertising

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

The leak also included the JWT secret key, another type of token, which is usually used for authentication. As reported in 2011, the company fell victim to two cyberattacks, which are suspected to be part of an espionage attempt. Knowing them, a threat actor could be able to hijack the session and therefore the account.

Manufacturing

Manufacturing Media Accountability Risk

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

OCTOBER 6, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. . In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets.”

Accountability

Accountability Passwords Advertising Government

Chicago students lose data to ransomware attackers

Malwarebytes

MAY 23, 2022

You can also combine remote services with multifactor authentication. A common ransomware pitfall is leaving remote services unsecured. Provide a limit on password guess attempts for remote desktops. Avoid strange attachments. Booby-trapped Word/Excel documents are a big threat in these realms, especially where Macros are concerned.

Ransomware

Ransomware Backups Data breaches Education

Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

Security Affairs

JANUARY 27, 2021

CVE-2021-3156 Sudo vulnerability has allowed any local user to gain root privileges on Unix-like operating systems without authentication. sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.

Authentication

Authentication Passwords Hacking Information Security

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Vamosi: At Black Hat USA 2011, hacker Jay Radcliffe demonstrated before a live audience how he could hack his own personal insulin pump.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Vamosi: At Black Hat USA 2011, hacker Jay Radcliffe demonstrated before a live audience how he could hack his own personal insulin pump.

Healthcare

Healthcare Hacking InfoSec Software

Iran-linked APT42 is behind over 30 espionage attacks

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Surveillance

Surveillance Social Engineering Phishing Government

Iran-linked Phosphorous APT hacked emails of security conference attendees

Security Affairs

OCTOBER 29, 2020

“We recommend people evaluate the authenticity of emails they receive about major conferences by ensuring that the sender address looks legitimate and that any embedded links redirect to the official conference domain. ” suggest Microsoft. Saudi Arabia, and Iraq.

Hacking

Hacking Security Intelligence Accountability Advertising

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

Clear Text authentication still exists in 2023 Although not directly related to malware infection, we did discover a few other interesting findings during our threat hunt, including numerous examples of clear text traffic disclosing email credentials or authentication session cookies for variety of applications.

Wireless

Wireless DNS Mobile Technology

Top 6 Rootkit Threats and How to Protect Yourself

eSecurity Planet

NOVEMBER 7, 2022

The ZeroAccess botnet, discovered in 2011, hit systems hard with fraudulent advertising clicks and Bitcoin mining malware, infecting at least 9 million computers worldwide. Schultz and Edward Ray and their chapter of the Information Security Management Handbook, Sixth Edition, Volume 2 for some expert guidance. Prevention.

Firmware

Firmware Malware Antivirus Firewall

ChatGPT: Cybersecurity friend or foe?

Malwarebytes

MAY 21, 2023

Why ChatGPT security concerns are both overblown and valid Artificial intelligence (AI) was once a science fiction cautionary tale—stories consistently warned against designing machines capable of surpassing human ingenuity. The program can help close the security knowledge gap by assisting in employee training.

Cybersecurity

Cybersecurity Artificial Intelligence Social Engineering Engineering

Cyber Security Informer

Twitter Fined $150 Million for Misuse of 2FA User Data

Palo Alto Networks addresses tens of serious issues in PAN-OS

Trending Sources

YTStealer info-stealing malware targets YouTube content creators

VMware fixes critical SSRF flaw in Workspace ONE UEM Console

More than 3,000 Openfire servers exposed to attacks using a new exploit

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Iran-linked APT35 accidentally exposed 40 GB associated with their operations

DePriMon downloader uses a never seen installation technique

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Introducing our new CISO Advisor, Pam Lindemeon

Op Wocao – China-linked APT20 was able to bypass 2FA

Key aerospace player Safran Group leaks sensitive data

Iran-linked Phosphorus group hit a 2020 presidential campaign

Chicago students lose data to ransomware attackers

Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Iran-linked APT42 is behind over 30 espionage attacks

Iran-linked Phosphorous APT hacked emails of security conference attendees

Black Hat USA 2023 NOC: Network Assurance

Top 6 Rootkit Threats and How to Protect Yourself

ChatGPT: Cybersecurity friend or foe?

Stay Connected