2012 and Risk - Cyber Security Informer

2012 Dropbox hack worse than realized, 68M passwords leaked

Tech Republic Security

AUGUST 31, 2016

According to a recent report, a 2012 hack on cloud file sharing company DropBox put millions of users at risk. It also highlights the importance of good security hygiene for every employee.

Hacking

Hacking Passwords Risk

SecureMySocial Issued 5th US Patent For Social Media Security Technology

Joseph Steinberg

DECEMBER 2, 2022

The patent was issued by the United States Patent Office on September 6th, 2022, with a priority date going back over a decade, to June of 2012. The granting of this patent follows the patent office’s granting of four other related patents going back to the same priority date in June of 2012.

Media

Media Technology Artificial Intelligence Cybersecurity

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

DECEMBER 18, 2018

exposed to greater risks unless actions are taken to improve security and reduce the. weapons systems developed between 2012 and 2017 are vulnerable to cyberattacks, despite regular warnings from government watchdogs. . At Risk of Missile Attacks appeared first on Adam Levin. The post Faulty DoD Cybersecurity Leaves U.S.

Risk

Risk Cybersecurity Surveillance Government

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

SEPTEMBER 13, 2023

Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs. With AI speeding everything up, triaging risks makes a lot of sense. I’ll keep watch and keep reporting.

Security Intelligence

Security Intelligence Marketing Risk Internet

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

AUGUST 27, 2021

In a developing market, third-party risk management (TPRM) software and tools could be the answer to helping organizations fill the gap. This article looks at the top third-party risk management vendors and tools and offers a look into TPRM solutions and what buyers should consider before purchasing. Aravo TPRM.

Risk

Risk Marketing Software Cybersecurity

A PowerShell Script to Mitigate Active Directory Security Risks

eSecurity Planet

OCTOBER 12, 2023

supports weak cryptography, which is a security risk as there are tools available to decrypt packets with weak cryptography. For example, if a Windows 8 machine communicates with a Windows 2012 server, the SMB 3.0 Subscribe The post A PowerShell Script to Mitigate Active Directory Security Risks appeared first on eSecurity Planet.

Risk

Risk Authentication Encryption Cybersecurity

Identifying People Using Cell Phone Location Data

Schneier on Security

JANUARY 9, 2023

But way back in 2012, the Canadian CSEC—that’s their NSA—did some top-secret work on this kind of thing. He is based in a rural area, so he can’t risk making his ransom calls from that area. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.

Surveillance

Surveillance Internet Internet Risk

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet

Internet Internet Engineering Software

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

The Last Watchdog

OCTOBER 4, 2019

Since its launch in 2012, the company has operated profitably, attracting customers mainly in Texas, Oklahoma, Louisiana and Arkansas and growing to 131 employees. Here are excerpts, edited for clarity and length: LW: What’s the difference between taking a ‘risk-oriented’ versus a ‘controlled-based’ approach to security?

Risk

Risk Marketing Digital transformation DNS

10 Simple Principles for Software Supply Chain Risk Management

SecureWorld News

JUNE 22, 2022

The thing that makes the SolarWinds hack newsworthy, and it is indeed extraordinary if national security is important to you, is that it is the first notable example—or at least, the first one we've heard about—of the very thing that the GAO warned Congress about back in 2012. The obvious question is, what shall we do?

Software

Software Risk Hacking Accountability

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. One of the men indicted as part of APT41 — now 35-year-old Tan DaiLin — was the subject of a 2012 KrebsOnSecurity story that sought to shed light on a Chinese antivirus product marketed as Anvisoft. Image: FBI. Image: DOJ.

Antivirus

Antivirus Hacking Government Software

Identifying People by Their Browsing Histories

Schneier on Security

AUGUST 25, 2020

This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace: On the Uniqueness of Web Browsing History Patterns [ 48 ]. reproduce those results and extend the original work to detail the privacy risk posed by the aggregation of browsing histories.

Data collection

Data collection Risk

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

eSecurity Planet

OCTOBER 11, 2023

This CVE should be treated as a higher severity than Important due to the risk of exploit.” Ivanti’s Goettl noted that, as with the WordPad flaw, the CVE should be treated as a higher severity than its rating due to the risk of exploit. “End-of-life software poses a risk to an organization,” he said.

DDOS

DDOS Engineering Authentication Social Engineering

Browser sync—what are the risks of turning it on?

Malwarebytes

FEBRUARY 3, 2021

While this is certainly convenient, particularly when you’re migrating to a new device, synchronizing browsers also comes with some risks. Browser syncing was introduced in 2012 by Chrome with the goal of letting you continue at home where you left off at work, and vice versa. What is browser sync? Stay safe, everyone!

Risk

Risk Passwords Adware Accountability

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

Malwarebytes

MAY 2, 2024

At the age of 17, Kivimäki was convicted of more than 50,000 computer hacks and sentenced to a two-year prison sentence, which was suspended because he was 15 and 16 when he carried out the crimes in 2012 and 2013.

Hacking

Hacking Government Risk Cybersecurity

The Risks In Using Third-Party Code

ForAllSecure

MARCH 11, 2021

Security is a top risk of using third-party code. Internal research conducted by cybersecurity company, Codenomicon, found that a 2012 smart TV inherited vulnerabilities at a rate of 0.58 CVEs per day over the source of 23 months -- from 178 unique vulnerabilities in 2012 to 584 unique CVEs in 23 components in 2015.

Risk

Risk Retail Data breaches Software

The Risks In Using Third-Party Code

ForAllSecure

MARCH 11, 2021

Security is a top risk of using third-party code. Internal research conducted by cybersecurity company, Codenomicon, found that a 2012 smart TV inherited vulnerabilities at a rate of 0.58 CVEs per day over the source of 23 months -- from 178 unique vulnerabilities in 2012 to 584 unique CVEs in 23 components in 2015.

Risk

Risk Retail Data breaches Software

Elevating Data Privacy: TrustArc’s Accountability Approach with Nymity PMAF

TrustArc

DECEMBER 19, 2023

TrustArc's Nymity Privacy Management Accountability Framework™ (PMAF), pioneered in 2012 and continuously evolving, now includes advanced provisions for AI data privacy governance. In a digital era where data privacy underpins brand trust, organizations aim to not only comply with privacy laws but to fully embody them.

Data privacy

Data privacy Accountability Government Risk

Acquisition Related Data Breach Hits DNA Testing Lab

SecureWorld News

NOVEMBER 30, 2021

M&A cyber risk is real. DDC) detected potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012. This system has never been used in DDC's operations and has not been active since 2012.".

Data breaches

Data breaches Insurance Cyber Risk Risk

Microsoft ends extended support for Windows 7 and Windows Server 2008 today

Malwarebytes

JANUARY 9, 2023

after January 10, 2023 may increase an organization's exposure to security risks or impact its ability to meet compliance obligations. Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Cybersecurity risks should never spread beyond a headline. Continuing to use Windows 8.1 drivers months before.

Risk

Risk Software Cybersecurity

Securing Corporate Philanthropy on Giving Tuesday

Security Boulevard

NOVEMBER 29, 2021

The Giving Tuesday movement came into being in 2012 to encourage generosity and charitable giving year-round; the Tuesday after the U.S. Tomorrow, November 30, is Giving Tuesday, a day of emphasis on charitable giving both by individuals and organizations and enterprises. Thanksgiving holiday is officially designated Giving Tuesday.

Social Engineering

Social Engineering Scams Security Awareness Engineering

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

Judge Vanessa Baraitser denied the extradition due to suicide risk for the impression he could suffer in the U.S. “Taking account of all of the information available to him, he considered Mr Assange’s risk of suicide to be very high should extradition become imminent.

Government

Government Risk Passwords Hacking

International Women’s Day: UbU and Lead Like a Girl

Security Boulevard

MARCH 8, 2021

Rewind to 2012: Sheryl Sandberg’s Lean In had just been published, pushing women to stop sitting back and start taking more risks. Amy Cuddy had just come out with her “Power Pose” TED Talk telling women that posing like Superwoman for two minutes can make you feel more powerful. .

Risk

Aquatic Panda found stealing industrial intelligence and military secrets

CyberSecurity Insiders

DECEMBER 29, 2021

So, it is urging all businesses to take appropriate measures to mitigate all cyber risks associated with Log4j2 issues. Note- Found in 2012, Aquatic Panda is found relying heavily on cobalt strike, the remote access exploiting tool.

Cyber Risk

Cyber Risk Education Government Technology

A critical flaw in industrial automation systems opens to remote hack

Security Affairs

NOVEMBER 29, 2020

out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November 21, 2012. Tracked as CVE-2020-25159 , the flaw is rated 9.8

Hacking

Hacking Firmware Internet Internet

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

The Last Watchdog

SEPTEMBER 26, 2023

The VTI leverages first-hand knowledge to advocate, create, vet, and validate guidelines that strengthen trust and transparency and mitigate risk for users. After mobilizing to ensure the Internet’s free flow of information and commerce, we realized the ongoing need for an industry voice, founding formally in 2012.

VPN

VPN Internet Internet Technology

Detection Engineering and SOC Scalability Challenges (Part 2)

Anton on Security

SEPTEMBER 21, 2023

Low awareness of removed or failed log sources — SOCs with low awareness of removed or failed log sources are at risk of missing critical security events and failed — worse, quietly failed — detections. What data do we collect?” tends to predate “what do we actually want to do?”

Engineering

Engineering Threat Detection Marketing Internet

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

Advertising

Advertising Firewall Education Engineering

Experts warn of a surge in zero-day flaws observed and exploited in 2021

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware

Ransomware Hacking Software Risk

HIPAA Security Requirements: What They Really Mean

Security Boulevard

MARCH 4, 2021

In 2012, an employee’s laptop, containing ePHI for about 30,000 patients was stolen. The University of Texas M.D. Anderson Cancer Center was having a hard time protecting patient electronic health information. The same year, a trainee lost an unencrypted thumb drive with ePHI for about 2,000 people during her evening commute and in 2013, a.

Risk

Risk Government Cybersecurity

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

The Dropbox and LinkedIn breaches, for example, occurred in 2012 before being broadly distributed in 2016 and just like those incidents, the alleged AT&T data is now in very broad circulation. That's just an unacceptable risk for which the old adage of "you cannot lose what you do not have" provides the best possible fix.

Data breaches

Data breaches Encryption Identity Theft InfoSec

Half a billion cyber attacks thwarted by Tokyo Olympics 2021

CyberSecurity Insiders

OCTOBER 24, 2021

times the amount observed during the 2012 London Olympics. According to a finding discovered by NTT Corporation that was assigned operating the digital services across the event, state funded hackers tried their best to disrupt the event that counted over 2.5

Cyber Attacks

Cyber Attacks Cyber Risk Backups Education

Attorney General William Barr on Encryption Policy

Schneier on Security

JULY 24, 2019

But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Encryption

Encryption Telecommunications Risk Government

Don’t trust links with known domains: BMW affected by redirect vulnerability

Security Affairs

JANUARY 3, 2024

This type of vulnerability, which affected BMW websites and other SAP systems, was first identified in 2012 but still poses risks to organizations even after applying security updates. Those typically occur when web apps or components fail to properly validate or sanitize URLs before redirecting users.

Phishing

Phishing Manufacturing Firewall Cybercrime

35-year long identity theft leads to imprisonment for victim

Malwarebytes

APRIL 9, 2024

In 2012, Keirans fraudulently acquired a copy of Woods’ birth certificate from the state of Kentucky using information he found about Woods’ family on Ancestry.com. We don’t just report on threats – we help safeguard your entire digital identit y Cybersecurity risks should never spread beyond a headline.

Identity Theft

Identity Theft Banking Insurance Accountability

Attorney General Barr and Encryption

Schneier on Security

AUGUST 14, 2019

But, in the world of cybersecurity, we do not deal in absolute guarantees but in relative risks. All systems fall short of optimality and have some residual risk of vulnerability -- a point which the tech community acknowledges when they propose that law enforcement can satisfy its requirements by exploiting vulnerabilities in their products.

Encryption

Encryption Telecommunications Risk Government

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

There is definitely a national security risk in buying computer infrastructure from a country you don't trust. The risk of discovery is too great, and the payoff would be too low. But we need to make these decisions to protect ourselves deliberately and rationally, recognizing both the risks and the costs. Our allies do it.

Surveillance

Surveillance Wireless Government Internet

Publicly Disclosed Breaches Down Drastically in Q1 2018

Dark Reading

MAY 8, 2018

Quietest first quarter since 2012, according to new report from Risk Based Security

Risk

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Security Affairs

MAY 16, 2019

was released back in 2012, it aims at detecting and changes that occur in the Windows operating systems during the installation of third-party applications. replaces the original Attack Surface Analzyer tool, released publicly in 2012.” The first version of the Attack Surface Analyzer 1.0 “Attack Surface Analyzer 2.0

Advertising

Advertising Software Technology Accountability

Patch now! Emergency fix for PrintNightmare released by Microsoft

Malwarebytes

JULY 7, 2021

So, many organizations were forced to keep the Print Spooler service enabled on some domain controllers, leaving them at risk to attacks using this vulnerability. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

Malware

Malware Risk Cybersecurity

CORL Announces Strategic Growth Investment from Primus Capital

CyberSecurity Insiders

JANUARY 5, 2022

ATLANTA–( BUSINESS WIRE )–CORL Technologies LLC, the leading provider of vendor risk management solutions for the healthcare industry, today announced a strategic growth investment from Primus Capital, a growth-oriented private equity firm focused on investing in leading healthcare, software, and technology-enabled services companies.

Healthcare

Healthcare Risk Technology Information Security

What Do You Do if You Have a Third-Party Data Breach

Centraleyes

FEBRUARY 20, 2024

The incidence of data breaches in the United States has witnessed a substantial surge over the last decade, escalating from a modest 447 incidents in 2012 to surpassing 1,800 by the year 2022, according to Statista. Proactive adherence to legal standards is essential for mitigating legal risks. How Often Do Data Breaches Occur?

Data breaches

Data breaches Risk Cybersecurity Education

0patch releases free unofficial patches for Windows 0days exploited in the wild

Security Affairs

MARCH 27, 2020

“Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.” and Windows Server 2012. reads the advisory published by Microsoft. See the link for more details.

Advertising

Advertising Risk Internet Internet

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

What happened in the 2021 breach When DDC acquired Orchid Cellmark, a British company also in the DNA testing industry, as part of its business expansion in 2012, the company didn't know that it also inherited legacy databases that kept personally identifiable information (PII) in plain text form.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

2012 Dropbox hack worse than realized, 68M passwords leaked

SecureMySocial Issued 5th US Patent For Social Media Security Technology

Webinars

Trending Sources

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Webinars

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

Best Third-Party Risk Management (TPRM) Tools of 2021

A PowerShell Script to Mitigate Active Directory Security Risks

Identifying People Using Cell Phone Location Data

Microsoft Issues Emergency Fix for IE Zero Day

MY TAKE: The case for assessing, quantifying risks as the first step to defending network breaches

10 Simple Principles for Software Supply Chain Risk Management

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Identifying People by Their Browsing Histories

October 2023 Patch Tuesday Includes Three Zero-Days Flaws

Browser sync—what are the risks of turning it on?

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

The Risks In Using Third-Party Code

The Risks In Using Third-Party Code

Elevating Data Privacy: TrustArc’s Accountability Approach with Nymity PMAF

Acquisition Related Data Breach Hits DNA Testing Lab

Microsoft ends extended support for Windows 7 and Windows Server 2008 today

Securing Corporate Philanthropy on Giving Tuesday

British Court rejects the US’s request to extradite Julian Assange

International Women’s Day: UbU and Lead Like a Girl

Aquatic Panda found stealing industrial intelligence and military secrets

A critical flaw in industrial automation systems opens to remote hack

News Alert: i2Coalition launches ‘VPN Trust Initiative’ to promote VPN operators’ best practices

Detection Engineering and SOC Scalability Challenges (Part 2)

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Experts warn of a surge in zero-day flaws observed and exploited in 2021

HIPAA Security Requirements: What They Really Mean

Inside the Massive Alleged AT&T Data Breach

Half a billion cyber attacks thwarted by Tokyo Olympics 2021

Attorney General William Barr on Encryption Policy

Don’t trust links with known domains: BMW affected by redirect vulnerability

35-year long identity theft leads to imprisonment for victim

Attorney General Barr and Encryption

On Chinese "Spy Trains"

Publicly Disclosed Breaches Down Drastically in Q1 2018

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Patch now! Emergency fix for PrintNightmare released by Microsoft

CORL Announces Strategic Growth Investment from Primus Capital

What Do You Do if You Have a Third-Party Data Breach

0patch releases free unofficial patches for Windows 0days exploited in the wild

DNA testing company fined after customer data theft

Stay Connected