Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile 341

Mobile Software Backups Technology 341

The Last Watchdog

FEBRUARY 24, 2022

Yes, and that is what Sony exactly lost when they were hacked and the personal info of every one of its customers leaked in 2011. All risks are not equal; some are potentially more damaging than others. Huge sum, right? Related: Supply-chain hacks prove worrisome.

Penetration Testing 233

Penetration Testing Hacking Backups IoT 233

Security Affairs

APRIL 22, 2024

World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. World-Check had different owners across the years, it was originally founded as an independent company.

Risk 141

Risk Spyware Hacking Accountability 141

Malwarebytes

JUNE 13, 2022

Four of the seven issues have been rated as high risk. CVE-2022-2011 : Use after free in ANGLE. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs. Chrome 102.0.5005.115 is due to roll out over the coming days/weeks. The vulnerabilities. CVE-2022-2007 : Use after free in WebGPU.

Risk 98

Risk Engineering Authentication 98

Security Affairs

SEPTEMBER 9, 2022

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Passwords 137

Passwords Hacking Ransomware Risk 137

Krebs on Security

FEBRUARY 7, 2024

The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. As well as the cost of my services.” ” WHO IS DJAMIX?

Cybercrime 348

Cybercrime Accountability Identity Theft Hacking 348

Security Affairs

NOVEMBER 17, 2020

I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. I’ll continue to spread awareness, information sharing is a pillar of any cyber security strategy, spreading and sharing the information on cyber threats is possible to mitigate the risk of exposure. Nine years together!

Cyber threats 134

Cyber threats Government Hacking Risk 134

Malwarebytes

APRIL 6, 2022

It was rife during the earthquake and tsunami of 2011 , with bogus Red Cross websites and email addresses set up to part people from their money. The tactics used match those deployed in 2011, and pretty much every other major catastrophe. There are things you can do to lessen the risk from awful scams such as the above.

Scams 134

Scams Cryptocurrency Backups Phishing 134

CyberSecurity Insiders

AUGUST 17, 2021

To deteriorate the cyber risk, Pearson filed an annual review report in July 2019 saying there was a significant possibility of student Dobs and email addresses stolen in the cyber attack, when it actually knew that the records were indeed stolen. web-based software that helps in keeping a track of student academic performance.

Data breaches 120

Data breaches Education Cyber Risk Cyber Attacks 120

Jane Frankland

JUNE 20, 2023

Since 2011, I’ve consistently spoken, and written about the dangers of burnout in cybersecurity, and proposed leadership strategies for employee wellbeing. And these changes increase the risk of developing anxiety, depression, and other mental health issues.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

CyberSecurity Insiders

JUNE 7, 2021

Note 2- Deloitte is one of the multinational professional services companies based in London and offers services such as audit, consulting, financial advisory, risk advisory, tax filing, and legal mediation services. billion- only achieved after the purchase by Hewlett-Packard in 2011.

Cyber threats 110

Cyber threats Threat Detection Technology Risk 110

Security Affairs

JANUARY 12, 2022

“This overview is intended to help the cybersecurity community reduce the risk presented by these threats.” “This overview is intended to help the cybersecurity community reduce the risk presented by these threats.” Russian state-sponsored APT actors’ global Energy Sector intrusion campaign, 2011 to 2018.

Malware 144

Malware Cyber threats Hacking Government 144

Adam Shostack

JANUARY 2, 2025

Obviously, I'm speculating, but the folks who make in dash entertainment units are highly price-sensitive, and the code changed as minimally as possible for long periods, so the units shipped in 2013 were likely selected in 2011, which means they could reasonably have been code-complete in 2010. Via Risks Digest.)

Education 130

Education Engineering Risk Software 130

SecureWorld News

MAY 26, 2022

This action violated a 2011 FTC order that prohibited the social media site from misrepresenting its privacy and security practices. Along with violating the 2011 FTC order, Twitter also violated the EU-U.S. FTC Chair Lina M. Privacy Shield and Swiss-U.S. Notify the FTC if the company experiences a data breach.".

Advertising 98

Advertising Accountability Account Security Media 98

Malwarebytes

JULY 31, 2024

This feature was rolled out in 2011 to “improve the user experience by making it easier for users to tag photographs with the names of people in the photo.” We don’t just report on threats – we help protect your social media Cybersecurity risks should never spread beyond a headline.

Media 117

Media Technology Authentication Accountability 117

Troy Hunt

APRIL 19, 2018

In 2011, Patrick Webster identified a weakness in First State Superannuation's web portal which allowed him to access 770k financial records belonging to other customers. You've proven the risk. Seeing legal action appear as a result of enumerating through URLs is not unprecedented.

Hacking 214

Hacking Government Technology Risk 214

CyberSecurity Insiders

MARCH 22, 2021

Cybersecurity Insiders has learnt that the Swiss-based furniture retailer was indulging in such practices since 2011 and a lawsuit was filed against it by a few of the employees and customers in 2021. Also, the company is said to be indulging in fraudulent tactics of checking the background of its customers who had disputes with Ikea.

Data privacy 101

Data privacy Retail Government Risk 101

eSecurity Planet

JULY 23, 2021

One of the biggest risks with using LastPass is its track record with preventing hacks. In 2011, LastPass CEO Joe Siegrist announced that the company’s servers may have been breached, as evidenced by anomalies in network traffic. LastPass disadvantages: history of hacking.

Password Management 133

Password Management Passwords Authentication Architecture 133

CyberSecurity Insiders

JANUARY 12, 2022

NEW YORK–( BUSINESS WIRE )–Flashpoint, the trusted leader in threat intelligence and risk prevention, today announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings.

Risk 52

Risk Data breaches Cyber threats Cyber Risk 52

Troy Hunt

MARCH 27, 2018

Sidenote: she's an avid 1Password user and has been since 2011, this password dated back a couple of decades when, like most people still do today, she had reused it extensively). She was pretty shocked when I showed her this as it was precisely the same verbal password as she used to authenticate to her bank.

Passwords 197

Passwords Banking Telecommunications Mobile 197

Security Boulevard

JANUARY 15, 2023

The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of commercial cloud services by the federal government and contractors supporting agencies.

Risk 58

Risk Government Technology 58

SecureWorld News

MAY 23, 2024

Companies should consider qualitative factors beyond just financial impacts when assessing an incident's materiality, such as reputational harm, litigation risks, and regulatory scrutiny. Clear disclosure of material cyber threats is seen as essential for investors evaluating risk exposures of public companies.

CISO 109

CISO CSO Risk Cybersecurity 109

Security Boulevard

NOVEMBER 22, 2023

At the end of October, the federal Office of Management and Budget (OMB) released a draft memorandum for public comment titled Modernizing the Federal Risk Authorization Management Program (FedRAMP). For the people and teams that live, breathe and eat FedRAMP every day, this became BIG news overnight.

Risk 63

Risk 63

Cisco Security

MARCH 27, 2021

We’re fans: in fact, Cisco Umbrella has supported Encrypted DNS since 2011. The goal: low-risk way to advertise private servers using public DNS. It’s a new protocol that encrypts the DNS request to keep bad actors from discovering or altering domain names or snooping on users’ internet destinations.

DNS 135

DNS VPN Encryption Advertising 135

Security Affairs

NOVEMBER 16, 2019

The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X. Checkra1n is unprecedented in potential impact, with millions of devices at risk as a result of the extensive device and iOS targets,” said Christopher Cinnamo, senior vice president of product management at Zimperium.

Surveillance 108

Surveillance Advertising Risk Media 108

Security Affairs

SEPTEMBER 5, 2019

This security breach put millions of Facebook users at risk of fraudulent activities, including SIM-swapping attacks and spam calls. Facebook disabled the API that shares users’ mobile phone and address details with developers back in 2011. “Facebook has long restricted developers ‘ access to user phone numbers.

Accountability 111

Accountability Advertising Mobile Passwords 111

Security Affairs

SEPTEMBER 23, 2018

. “ Incidents like the one with Maersk or the ones suffered by the ports of Antwerp and Rotterdam in 2011 and 2013 have helped raise awareness of the importance that this issue should be given in ports, yet there is still a great deal of work to be done.” Nor even the ports.

Cyber Attacks 111

Cyber Attacks Advertising Hacking Cybersecurity 111

The Last Watchdog

SEPTEMBER 26, 2023

The VTI leverages first-hand knowledge to advocate, create, vet, and validate guidelines that strengthen trust and transparency and mitigate risk for users. Advertising Practices: Given the complexity and different use cases for VPNs, claims must not mislead. To learn more about the VTI, please visit vpntrust.net.

VPN 100

VPN Internet Internet Technology 100

Security Affairs

AUGUST 1, 2019

One year later, in June 2010, the expert discovered that Cisco had not addressed the vulnerabilities exposing its customers to the risk of a hack, then he reported his findings to the FBI. The payment settles litigation that had originally been brought in 2011.” million, which includes payment of approximately $1.6

Surveillance 110

Surveillance Technology Government Software 110

Herjavec Group

AUGUST 26, 2021

2011 — Sony Pictures — A hack of Sony’s data storage exposes the records of over 100 million customers using their PlayStation’s online services. 2011 — RSA SAFETY — Sophisticated hackers steal information about RSA’s SecurID authentication tokens, used by millions of people, including government and bank employees.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Malwarebytes

JANUARY 15, 2023

Although version 1 of SweepWizard has been available for download from the Apple App Store since 2016, according to archived information, Wired could access sweep data as far back as 2011. Cybersecurity risks should never spread beyond a headline. We don't just report on threats—we remove them.

Media 97

Media Internet Internet Accountability 97

Security Affairs

MARCH 31, 2019

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011. In past campaigns, the APT group launched spear-phishing attacks against activists and journalists focusing on the Middle East, US organizations, and entities located in Israel , the U.K.,

Advertising 108

Advertising Internet Internet Hacking 108

Identity IQ

FEBRUARY 8, 2024

February 2011: Ross Ulbricht Creates the Silk Road Marketplace “I created Silk Road because I thought the idea for the website itself had value, and that bringing Silk Road into being was the right thing to do. The hidden service gained traction in 2011 and then hit the mainstream when a Gawker article about the site was published.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Malwarebytes

FEBRUARY 9, 2022

Google introduced 2FA to Gmail in 2011. The risks are just too high for a little bit of inconvenience. In July 2021, Twitter disclosed in its transparency report that only 2.5 percent of its active users have “at least one 2FA method enabled” Most of those using 2FA have at least SMS authentication (77.7

Authentication 92

Authentication Social Engineering Accountability Passwords 92

Malwarebytes

FEBRUARY 7, 2023

Of ads and reviews On top of all of this, the respondents “misrepresented the legal risks of using the spyware products for covert spying” In other words: Websites and adverts promoted use of these tools in a positive light, with no clear references to how you could land yourself in legal hot water by using them.

Spyware 98

Spyware Software Risk Cybersecurity 98

Security Boulevard

NOVEMBER 22, 2022

But even OCSP stapling can be made vulnerable to DoS if the remote web server is using a vulnerable version of OpenSSL as has been uncovered by CVE-2011-0014 , published back in 2011. . One of the ways this validity check is performed is using the OCSP ( Online Certificate Status Protocol ). Machine identities as primary agents.

DDOS 63

DDOS Internet Internet Engineering 63

Security Boulevard

JULY 21, 2022

SHA-1 was officially deprecated by NIST in 2011 and its usage for digital signatures was prohibited in 2013. For businesses still using the broken SHA-1, they were facing serious risks , including: Increased possibility of a collision or man-in-the-middle attack. Since 2020, chosen-prefix attacks against SHA-1 are feasible.

Encryption 113

Encryption Authentication Backups Architecture 113