Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Probably not.

Surveillance 311

Surveillance Computers and Electronics Encryption Government 311

SiteLock

AUGUST 27, 2021

In the case of Target, it’s believed the malware was able to steal millions of credit and debit cards records during that fraction of a second between when the cards were swiped and before they were encrypted. In lots of environments, antivirus is the primary line of defense.

Retail 52

Retail Antivirus Malware Data breaches 52

Security Affairs

DECEMBER 1, 2022

In 2013, Yahoo suffered one of the worst data breaches in history, exposing over 3 billion user accounts. Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack. The attack is a good reminder of how critical strong encryption is in protecting your website users. Third-party risk management.

Data breaches 93

Data breaches Passwords Social Engineering Encryption 93

Security Affairs

FEBRUARY 23, 2022

The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm. The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization.

Encryption 115

Encryption Hacking Government Engineering 115

Malwarebytes

JULY 4, 2022

DNS encryption. DNS encryption plugs a gap that makes it easy to track the websites you visit. DNS encryption restores your privacy by making it impossible for anything other than the DNS resolver to read and respond to your queries. FIDO2 is a specification that uses public key encryption for authentication.

Internet 115

Internet Internet Technology DNS 115

Joseph Steinberg

JUNE 30, 2022

Encrypted communications and site authentication cues can help shield against such attacks, but the vast majority of Internet activity presently leverages neither defense. Since then, I have seen many Internet memes circulate that appear to convey a similar message. Furthermore, the issues of accuracy of data are as pertinent as ever.

Internet 130

Internet Internet Artificial Intelligence Marketing 130

Google Security

AUGUST 24, 2022

Cryptology ePrint Archive, Paper 2013/599 ; Joachim Breitner and Nadia Heninger. Preliminary results Similar to other published works, we have been analyzing the crypto artifacts from Certificate Transparency (CT), which logs issued website certificates since 2013 with the goal of making them transparent and verifiable.

Engineering 106

Engineering Cryptocurrency Encryption Internet 106

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” ” reads an advisory published by the Microsoft Tech Community.

Authentication 134

Authentication Malware Advertising Hacking 134

Security Affairs

JUNE 9, 2022

The group has been active since at least 2013, the Aoqin Dragon was observed seeking initial access primarily through document exploits and the use of fake removable devices. The APT primary focus on cyberespionage against targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.

Malware 83

Malware DNS Encryption Education 83

Security Boulevard

JULY 21, 2022

SHA-1 was officially deprecated by NIST in 2011 and its usage for digital signatures was prohibited in 2013. NOTES: *The four algorithms selected by NIST are: (1) The CRYSTALS-Kyber algorithm has been selected in general encryption, (2) CRYSTALS-Dilithium, (3) FALCON, and (4) SPHINCS+ as the three algorithms for digital signatures.

Encryption 114

Encryption Authentication Architecture Backups 114

Identity IQ

FEBRUARY 8, 2024

From 2011 to 2013, the Silk Road hosted 1.2 2013: The End of the Silk Road Authorities were able to trace the pseudonym back to Ulbricht thanks to the efforts of an IRS investigator who was working with the DEA on the Silk Road case in mid-2013. The FBI shut down the Silk Road in October 2013. billion in value.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

Malwarebytes

APRIL 27, 2021

Data for certain “generic field” entries was also delivered, but Click Studios said that users who chose to encrypt that data averted the malware’s data harvesting and delivery capabilities. According to Bleeping Computer , the CDN servers used in the attack are no longer active. That attack, which resulted in an $18.5

Password Management 93

Password Management Passwords Malware Retail 93

Thales Cloud Protection & Licensing

JULY 18, 2022

The National Institute of Standards and Technology (NIST) has selected the first collection of encryption tools designed to withstand the assault of a future quantum computer, which might compromise the security employed to preserve privacy in the digital systems we rely on. Thales innovates in crypto-research.

Encryption 71

Encryption Architecture Backups Technology 71

Security Boulevard

SEPTEMBER 26, 2022

s external site were not recently reissued, allowing cyber attackers to have ongoing access to encrypted communications. Top Financial Services Encryption Threats and Insight from a Former Hacker! Encryption Digest #65]. s monumental data breach from 2013 and 2014 cost the company $350 million , according to a recent report.

Data breaches 69

Data breaches Digital transformation Cyber Attacks Encryption 69

Security Affairs

NOVEMBER 5, 2020

The technique was already employed by other Chinese APT groups since 2013, later it was also adopted by other cybercrime gangs in attacks in the wild. The attackers use a simple XOR encryption algorithm with the string “Hapenexx is very bad” as a key. “This is an effort to conceal the execution.”

Encryption 109

Encryption Malware Advertising Antivirus 109

CyberSecurity Insiders

APRIL 29, 2021

This verdict later came to be colloquially known as Schrems II (after Max Schrems , an activist and lawyer who initiated this legal saga following his complaints against Facebook back in 2013). One technical measure that can be put in place to help organisations is the encryption of data. Interested and want to learn more?

Encryption 98

Encryption Surveillance Data privacy Cybersecurity 98

Security Affairs

MAY 11, 2023

Kimsuky cyberespiona group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT43 ) was first spotted by Kaspersky researcher in 2013. .” reported the YonHap News agency. The APT group mainly targets think tanks and organizations in South Korea, other victims were in the United States, Europe, and Russia.

Mobile 84

Mobile Hacking Cyber Attacks Media 84

Malwarebytes

MAY 12, 2021

Since being active in 2013, Carbon Spider has targeted institutions in the Middle East, Europe, and eventually, the United States. DarkSide also has a Linux version that is capable of targeting VMWare ESXi vulnerabilities, making virtual machines (VMs) susceptible to hijacking and encryption of virtual drives.

Ransomware 127

Ransomware Encryption Government Antivirus 127

Thales Cloud Protection & Licensing

JANUARY 29, 2024

Hybrid cryptography can secure data in motion by combining symmetric encryption with public key ciphers. How Thales Can Help Thales, a leading provider of PQC solutions, has been actively involved in R&D and standardization efforts since 2013. Find Thales in Hall 2, Stand 2J30.

Mobile 71

Mobile Risk Technology Telecommunications 71

Security Affairs

OCTOBER 10, 2019

Threat actors have been using Attor since 2013, the malicious code remained under the radar until last year. “ Attor’s espionage operation is highly targeted – we were able to trace Attor’s operation back to at least 2013, yet, we only identified a few dozen victims.” ” reads the analysis published by ESET.

Malware 79

Malware Encryption Advertising Mobile 79

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running.

Ransomware 218

Ransomware Accountability Cybercrime Backups 218

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. Unluckily, Yahoo faced three massive data breaches in the year between 2013 to 2016. The leaked personal information included passwords that were encrypted but could be cracked by the hackers.

Data breaches 75

Data breaches Small Business Advertising Cryptocurrency 75

eSecurity Planet

AUGUST 9, 2022

M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”. Trotter further argued that encryption of Anthem’s data at rest would have offered only minimal security benefits and would not have prevented the hack.

Data privacy 142

Data privacy Encryption Data breaches Insurance 142

Thales Cloud Protection & Licensing

APRIL 22, 2024

In 2013, when Imperva first launched the Bad Bot Report, bad bots comprised 23.6% Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.", and human traffic for 57%.

Internet 71

Internet Internet Digital transformation Accountability 71

Security Affairs

SEPTEMBER 23, 2019

The experts were able to analyze only dropped samples, as the real payload was encrypted with various droppers. ” Once decrypted the final payload, Kaspersky researchers noticed similarities with the Dark Seoul campaign uncovered in 2013 and attributed to the Lazarus APT group. ” concludes Kaspersky.

Malware 83

Malware Banking Advertising Encryption 83

IT Security Guru

OCTOBER 3, 2022

The hacker group encrypted Travelex’s network and made copies of 5GB of personal data. The information was also encrypted by the cyber criminals so that its theft was not spotted. For exfiltration, Snowden transferred the data over encrypted channels to his own external file share using self-signed certificates.

Encryption 60

Encryption Cyber Attacks Data breaches Ransomware 60

SecureWorld News

MARCH 21, 2023

In 2013, extortionists added encryption to their genre and started locking down victims' files instead of screens or web browsers. In 2019, crooks shifted their focus to enterprises and pioneered in stealing data in addition to encrypting it, which turned these raids into an explosive mix of blackmail and breaches.

Ransomware 88

Ransomware Encryption Adware Data breaches 88

The Last Watchdog

MAY 26, 2021

Did you know that this unconventional celebration got its start in 2013, and that it’s now an official holiday on the annual calendar? Many password managers also encrypt passwords to create an additional layer of protection. We celebrated World Password Day on May 6, 2021. Related: Credential stuffing fuels account takeovers.

Passwords 182

Passwords Password Management Accountability Authentication 182

Krebs on Security

APRIL 22, 2019

For example, RevCode’s website touted the software’s compatibility with all “ crypters ,” software that can encrypt, obfuscate and manipulate malware to make it harder to detect by antivirus programs. In February 2015, a then 24-year-old Alex Yücel pleaded guilty in a U.S.

Advertising 197

Advertising Antivirus Software Malware 197

Security Affairs

APRIL 3, 2019

The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group. “ Threat actors used a custom steganography algorithm to hide the encrypted payload within PNG images to to avoid detection. ” reads the report published by the experts.

Encryption 77

Encryption Advertising Manufacturing Malware 77

Security Boulevard

MAY 17, 2023

It would be easy to chalk up this increase to the development and introduction of new advanced types of malware, but the surprising fact is that many of the same threats and exploits used in data breaches in 2013 are still being successfully employed 10 years later.

Data breaches 52

Data breaches DNS Malware Phishing 52

Thales Cloud Protection & Licensing

FEBRUARY 13, 2018

Continuing the trend in many regions toward introducing new data protection legislation, the POPI Act was signed into law in 2013 by South African President Jacob Zuma, although it is not yet fully effective. Encrypt Everything. South Africa’s Information Regulator is expected to put the Act into force in the second half of 2018.

Encryption 66

Encryption Government Risk Technology 66

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 92

Malware Ransomware Encryption Energy and Utilities 92

The Last Watchdog

APRIL 5, 2019

Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Digital transformation 203

Digital transformation CSO Firewall Risk 203

Google Security

APRIL 30, 2024

Since 2013, Chromium has been applying the CRYPTPROTECT_AUDIT flag to DPAPI calls to request that an audit log be generated when decryption occurs, as well as tagging the data as being owned by the browser.

Passwords 90

Passwords Malware Encryption System Administration 90

Security Affairs

APRIL 18, 2021

CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Hladyr also controlled the organization’s encrypted channels of communication.”

System Administration 116

System Administration Penetration Testing Malware Banking 116

eSecurity Planet

AUGUST 5, 2021

Since Docker hit the scene in 2013, containers have become a primary way for developers to create and deploy applications in an increasingly distributed IT world of on-premises data centers, public and private clouds, and the edge. ” Containers, Kubernetes Take Over.

Risk 109

Risk Encryption Cybersecurity Engineering 109