Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development. coordinates":[.

Data breaches 361

Data breaches Technology Software Accountability 361

Security Affairs

NOVEMBER 23, 2023

Diamond Sleet is an APT group that operates under the Lazarus group’s umbrella, it has been active since at least 2013. Microsoft has recently observed Diamond Sleet utilizing trojanized open-source and proprietary software to target organizations in information technology, defense, and media.

Software 105

Software Malware Media Internet 105

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities.

Government 273

Government Hacking Cyber threats Mobile 273

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. I wrote the essay below in September 2013. Those of us in the information security community had long assumed that the NSA was doing things like this. That feeling hasn’t faded.

Surveillance 309

Surveillance Computers and Electronics Encryption Government 309

eSecurity Planet

JUNE 3, 2021

FireEye is selling its core cybersecurity products to a group led by private equity firm Symphony Technology Group (STG) in order to focus on its Mandiant threat response and services group. FireEye’s products span network, email, endpoint and cloud security , and the vendor has been pursuing an XDR platform approach to unite them all.

Cyber Attacks 67

Cyber Attacks Marketing Accountability Technology 67

Security Affairs

JANUARY 15, 2021

Cybersecurity researchers from Positive Technologies have uncovered a series of attacks conducted by a Chinese threat actor that aimed at organizations in Russia and Hong Kong. The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007.

Malware 68

Malware Technology Software Information Security 68

Security Affairs

JULY 19, 2021

. “The defendants and their Hainan State Security Department (HSSD) conspirators sought to obfuscate the Chinese government’s role in such theft by establishing a front company, Hainan Xiandun Technology Development Co., The defendants created a front company, Hainan Xiandun Technology Development Co., ” states DoJ.

Hacking 111

Hacking Technology Government Malware 111

Security Affairs

JULY 7, 2022

Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual basis since 2013.

Cybersecurity 104

Cybersecurity Risk Information Security Hacking 104

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. But beyond these cases, how advanced is the implementation of the technology that wants to end passwords once and for all? The Challenges of New Authentication Technologies.

Passwords 122

Passwords Password Management Authentication Technology 122

CyberSecurity Insiders

JANUARY 24, 2022

by Great American, a powerful cyber risk management platform that combines the National Institute of Standards and Technology (NIST) driven, inside-out review of an organization’s cyber security posture with insights from continuous, external vulnerability scans and best-in-class cyber security ratings from SecurityScorecard.

Cyber Risk 52

Cyber Risk Insurance Risk Cyber Insurance 52

Security Affairs

MAY 2, 2022

The latest executive order from the Italian National Cybersecurity Agency (NCA) banned Group-IB, a Russian-led cybersecurity company from working in the government sector, including 2 other companies – Kaspersky Labs and Positive Technologies. In 2013 Group-IB was licensed by the Russian FSB, required to process state-secret data.

Government 96

Government Cybersecurity Technology Cyber Attacks 96

SC Magazine

MAY 17, 2021

5G is among the technologies that researchers predict will have a big impact on the security landscape in the next decade. But what might they offer the front-facing information security officer – someone with a ten-year plan, wondering what to prepare for down the line? Photo by Mario Tama/Getty Images).

Manufacturing 95

Manufacturing IoT Artificial Intelligence Technology 95

BH Consulting

SEPTEMBER 2, 2021

One way to do this is to become certified to the ISO 27001 information security standard. It’s not a technology product or service but a way of demonstrating security by applying repeatable policies and documented procedures to manage risk. It is not limited to IT and is not a security checklist or risk analysis method.

Risk 52

Risk Information Security Data breaches Technology 52

Security Affairs

SEPTEMBER 14, 2021

She was also a member of the team supporting the National Institute of Standards and Technology (NIST) in the development of the Voluntary Cybersecurity Framework called for in President Obama’s 2013 Executive Order 13636 on cybersecurity.

Small Business 85

Small Business Government Cybersecurity Hacking 85

Security Affairs

FEBRUARY 23, 2022

The Bvp47 backdoor was first discovered in 2013 while conducting a forensic investigation into a security breach suffered by a Chinese government organization. The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm.

Encryption 112

Encryption Hacking Government Engineering 112

Security Affairs

APRIL 10, 2020

Now this technology will live on in the hands of its dedicated users.” ” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. Sophos is going to release the Windows sandbox-based isolation program Sandboxie in open source.

Advertising 137

Advertising Malware Marketing Technology 137

Security Affairs

JANUARY 13, 2020

The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Threat actors target engineering, transportation, and defense sectors, experts observed a specific interest in maritime technologies. ” continues the post.

Information Security 81

Information Security Advertising Government Technology 81

Security Affairs

JUNE 19, 2021

. “The incident could pose serious security risks if any core information was leaked to North Korea, as KAERI is the country’s largest think tank studying nuclear technology including reactors and fuel rods,” Ha Tae-keung said in a statement. ” reported The Record.

Hacking 139

Hacking VPN Internet Internet 139

Security Affairs

OCTOBER 21, 2021

Traditional security tactics cannot detect API attacks, so many organizations remain open to a breach or data exfiltration via APIs. This API security checklist provides best practices and considerations for closing off your APIs as an attack vector. Remote Technology. He currently also works with Bora.

IoT 117

IoT Phishing Passwords Scams 117

Krebs on Security

JULY 18, 2023

Bloom’s recommendation came to Biderman via Trevor Sykes, then chief technology officer for Ashley Madison parent firm Avid Life Media (ALM). us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, an MMORPG set in a medieval fantasy realm where players battle for kingdoms and riches.

Hacking 201

Hacking Accountability Data breaches Marketing 201

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Brian Krebs | @briankrebs.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

FEBRUARY 10, 2020

The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Threat actors target engineering, transportation, and defense sectors, experts observed a specific interest in maritime technologies.

Government 123

Government Advertising Malware Hacking 123

Security Affairs

MAY 24, 2023

“The DPRK conducts malicious cyber activities and deploys information technology (IT) workers who fraudulently obtain employment to generate revenue, including in virtual currency, to support the Kim regime and its priorities, such as its unlawful weapons of mass destruction and ballistic missile programs.” 13687 and E.O.

Government 81

Government Cryptocurrency Media Technology 81

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 108

Cryptocurrency Social Engineering Media Phishing 108

SC Magazine

FEBRUARY 8, 2021

Geyer attributes the growing number of bugs to “the long depreciation period of equipment in critical infrastructure environments” as well as “technology obsolescence.” Moreover, “many water utilities are small entities and are under-resourced, making the challenge of developing a robust security program that much more challenging.”. “In

CISO 144

CISO Internet Internet Media 144

Security Affairs

AUGUST 15, 2021

The job ad refers to the MAB5 as “a small military unit that specialises in the provision of novel and ground-breaking science and technology prototypes for operational requirements.” His email address and phone number were also listed in the advert.” ” reported secret Bases.

Computers and Electronics 101

Computers and Electronics Hacking Engineering Mobile 101

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Security, Privacy and Compliance Can Conflict.

Data privacy 145

Data privacy Encryption Data breaches Insurance 145

Jane Frankland

JUNE 15, 2022

For example: In 2017, the Center for Cyber Safety and Education (Center) and (ISC)² released The Global Information Security Workforce Study (GISWS). To date, this has been the largest study ever conducted, with responses from 19,641 information security professionals in 170 nations.

Education 130

Education Cybersecurity Information Security CISO 130

Security Affairs

JULY 9, 2019

” Threat actors accessed to files stored in the Literacy Works Information System that are dated back 2009, 2010, and 2014. Exposed data includes first names, last names, social security numbers, dates of birth, city or county of residence, graduation dates and record numbers. ” continues the Department. .

Data breaches 72

Data breaches Insurance Advertising Technology 72

CyberSecurity Insiders

JULY 20, 2021

Ever since the Target Breach of 2013 , vendor management has become an important concern for most companies. Prior to that, in 2008, the Cyber Supply Chain Risk Management ( C-SCRM ) program was already underway by The National Institute of Standards and Technology (NIST). How Long Is The Chain In Your Organization?

Healthcare 124

Healthcare Risk Information Security Manufacturing 124

Security Affairs

AUGUST 15, 2022

The Iron Tiger APT (aka Panda Emissary , APT27 , Bronze Union , Lucky Mouse , and TG-3390) is active at least since 2010 and targeted organizations in APAC, but since 2013 it is attacking high-technology targets in the US.

Malware 65

Malware Hacking Technology Information Security 65

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Jump to our section on investor considerations and cybersecurity startup trends for more information. SECURITI.ai. Also read: Top Cybersecurity Companies for 2022.

Cybersecurity 142

Cybersecurity Threat Detection Artificial Intelligence Risk 142

Security Affairs

JULY 25, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. There was also a Winnti attack on computer systems at German technology group ThyssenKrupp in 2016, according to media reports at the time.

Cyber Attacks 97

Cyber Attacks Advertising Media Hacking 97

Notice Bored

AUGUST 23, 2020

Yesterday I started preparing an ISMS communications plan to satisfy ISO/IEC 27001 :2013 clause 7.4, Oh no, it's more circumspect: the standard says "the organization shall determine the need for internal and external communications relevant to the information security management system". with a little help from the Web.

Information Security 52

Information Security Security Awareness Security Performance Risk 52

Security Affairs

DECEMBER 4, 2019

The delivery phase, at such time, was implementing a quite sophisticated dropper technology by exploiting vulnerabilities to “save and run” the payload in the desired place. The most used tracked vulnerabilities are mainly focused on: “Windows”, “Adobe Flash” and “Oracle” Technologies.

Computers and Electronics 61

Computers and Electronics Penetration Testing Technology Malware 61

Security Affairs

DECEMBER 1, 2020

The OceanLotus APT group is a state-sponsored group that has been active since at least 2013. The APT32 also targeted peripheral network security and technology infrastructure corporations, and security firms that may have connections with foreign investors.

Cryptocurrency 93

Cryptocurrency Antivirus Manufacturing Government 93

SecureWorld News

OCTOBER 8, 2020

Back in 2013, it had been reported that hackers gained access to Target's payment card system through a third-party HVAC vendor. According to the class action lawsuit, the data breach affected between 70-110 million customers who shopped at Target stores between November 27 and December 18, 2013.

Data breaches 58

Data breaches Data privacy Banking Cybersecurity 58