Schneier on Security

SEPTEMBER 26, 2019

While it's unlikely that China would bother spying on commuters using subway cars, it would be much less surprising if a tech company offered free Internet on subways in exchange for surveillance and data collection. China denied having done so , of course. The United States does it. Our allies do it. Our enemies do it.

Surveillance 250

Surveillance Wireless Government Internet 250

Krebs on Security

JULY 18, 2022

911’s EULA would later change its company name and address in 2017, to International Media Ltd. In a 2017 discussion on fl.l33t[.]su All VPN providers claim to prioritize the privacy of their users, but many then go on to collect and store all manner of personal and financial data from those customers.

VPN 358

VPN Computers and Electronics Antivirus Software 358

CyberSecurity Insiders

JULY 7, 2021

CAC alleges Didi has breached many laws pertaining to personal data collection, storage and security and will face legal consequences if it fails to further comply with its orders. On business perspective, Didi Chuxing Technology Co.

Data collection 133

Data collection Data privacy Advertising Technology 133

Security Affairs

JULY 30, 2020

The Techniques, Tactics, and Procedures (TTPs) of the Operation North Star operations are very similar to those observed in 2017 and 2019 campaigns that targeted key military and defense technologies. “Our analysis indicates that one of the purposes of the activity in 2020 was to install data gathering implants on victims’ machines.

Advertising 136

Advertising Data collection Malware Phishing 136

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” Related video: Using the NIST framework as a starting point.

Financial Services 149

Financial Services Data collection Manufacturing Cyber Attacks 149

Security Affairs

SEPTEMBER 19, 2018

The first data that emerged from the study is that threat actors continue to look at the IoT devices with increasing interest. In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017.

IoT 106

IoT Passwords Malware Advertising 106

Adam Shostack

JANUARY 2, 2025

2017 alone has seen the Wanna Cry, Petya, Not Petya, Bad Rabbit, and of course the historic Equifax breach, among many others. Mandatory reporting and investigations would result better data collection. In recent years, we have seen explosive growth in the number of damaging cyber-attacks.

InfoSec 130

InfoSec Data collection Engineering Cyber Attacks 130

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks.

Telecommunications 135

Telecommunications Authentication Data collection Passwords 135

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware 145

Malware DNS Encryption Cryptocurrency 145

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. On January 10 2017, and unaware of this ongoing investigation, Malwarebytes became aware of the Mac version of the malware that would become known as FruitFly.

Malware 117

Malware Passwords Identity Theft Data collection 117

SC Magazine

APRIL 19, 2021

A sign is posted on the exterior of Twitter headquarters on April 26, 2017 in San Francisco, California. Among the incidents data stolen by Chinese hackers involved a Twitter database. The data allegedly originated from big data sources of the two most popular mobile network operators in China.

Big data 100

Big data Data collection Mobile Risk 100

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. Brovko was involved in the illegal practice between 2007 and 2019. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability 123

Accountability Banking Advertising Data collection 123

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection.

Hacking 142

Hacking IoT Wireless Firmware 142

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 In December 2017, Group-IB published the first report on this group: “MoneyTaker: 1.5

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Troy Hunt

DECEMBER 20, 2017

I'll save you the pain of reading through all the gory details again here, but the bottom line was that after many hours of effort spread over days of getting nowhere, I loaded the data into Have I Been Pwned (HIBP) which finally got their attention. — Michael Kan (@Michael_Kan) February 28, 2017. Yes you do!

Data breaches 254

Data breaches Risk Accountability Data collection 254

Security Affairs

NOVEMBER 5, 2018

Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX) , a product it has launched in 2017 and that was designed to protect industrial facilities from USB-borne threats.

Malware 111

Malware IoT Advertising Data collection 111

Malwarebytes

MARCH 14, 2024

It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional. billion users , with an estimated 170 million of them in the US.

Identity Theft 127

Identity Theft Government Media Data collection 127

Troy Hunt

OCTOBER 19, 2017

It was clear there were a lot of South Africa references in there but just by looking at the data, I still couldn't work out the origin so I tweeted out for some help: South African followers: I have a very large breach titled "masterdeeds" Names, genders, ethnicities, home ownership; looks gov, ideas?

Data breaches 226

Data breaches Government Backups Internet 226

SecureList

OCTOBER 7, 2022

It was active in the wild for at least for eight years—from 2009 to 2017—and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. DarkUniverse. DarkUniverse is another APT framework we discovered and reported on in 2018. PuzzleMaker.

Malware 145

Malware Computers and Electronics Telecommunications Encryption 145

Malwarebytes

MAY 25, 2021

A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. There’s lots of ways this kind of data collection and retention could go wrong. That’s an incredible 13 years of “What are you doing with that pile of classified material?”.

Social Engineering 114

Social Engineering Data collection Firewall Risk 114

The Last Watchdog

OCTOBER 13, 2021

Marketers frequently purchase or share first-party data from another partner organization. Data collection red flags. All of this leads us to “third-party” data. Third-party data is generally implicitly collected, used and shared from an external party across sites.

eCommerce 113

eCommerce Data collection Consumer Protection Advertising 113

Security Affairs

NOVEMBER 28, 2020

Experts from threat intelligence firm KELA , speculate the threat actor could have obtained the credentials buying “Azor logs,” which are lots of data stolen from computers infected with the AzorUlt info-stealer trojan.

Accountability 118

Accountability Cybercrime Hacking Data collection 118

Security Affairs

MARCH 7, 2019

The campaign observed by Akamai in December tracked as EternalSilence, was targeting millions of machines living behind the vulnerable routers by leveraging the EternalBlue and EternalRed (CVE-2017-7494) exploits. allows attackers to cause a denial of service (DoS) • CVE-2017-1000494 , an uninitialized stack variable flaw in MiniUPnPd.

Cyber Attacks 107

Cyber Attacks Advertising Firmware Data collection 107

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? These firms include Logentries in 2015, Komand in 2017, and DivvyCloud in 2020. billion.

DNS 131

DNS Technology Cybersecurity Data collection 131

Identity IQ

OCTOBER 26, 2023

Hermann’s deep expertise in identity theft protection, credit and financial education and leveraging data to implement scalable business solutions will immediately benefit Entryway as the organization works to create efficiencies through data collection to serve a greater number of at-risk individuals and families across all of its program markets.

Identity Theft 124

Identity Theft Marketing Education Financial Services 124

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Satori DataSecOps 2021 Private BluBracket Software supply chain 2021 Private Cape Privacy Data security 2021 Private ZecOps Digital forensics 2019 Private SecurityScorecard Risk ratings 2017 Private Carbon Black Security software 2015 Acquired: VMware AVG Antivirus software 2015 Acquired: Avast.

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Security Affairs

NOVEMBER 17, 2018

Group-IB Threat Intelligence continuously detects and analyses data uploaded to card shops all over the world,” – said Dmitry Shestakov, Head of Group-IB ?ybercrime According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, 1.8 ybercrime research unit.

Banking 111

Banking Cybercrime Advertising Data collection 111

SecureList

AUGUST 8, 2022

Microsoft Word documents attached to the phishing emails contained malicious code that exploits the CVE-2017-11882 vulnerability. After receiving the data collected, the stage one CnC servers forwarded the archives received to a stage two server located in China. Transfer of stolen data from infected systems.

Malware 106

Malware Phishing Data collection Passwords 106

Security Affairs

NOVEMBER 16, 2018

In 2017-2018 hackers’ interest in cryptocurrency exchanges ramped up. Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC.

Cybercrime 108

Cybercrime Hacking Banking Phishing 108

Security Affairs

OCTOBER 15, 2018

billion in 2017, compared to $1.2 GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. This information was first made public by experts from Group-IB’s Brand Protection team at the CyberCrimeCon 2018 international cybersecurity conference.

Marketing 104

Marketing Phishing Media Engineering 104

SC Magazine

FEBRUARY 17, 2021

The company received a finding of law from the Swiss government that it will not be treated as a telecommunications provider, exempting it from laws that would mandate data collection. Indeed, Quad9 has considered moving to the EU to add a legal imperative to its privacy promises since before its launch in 2017. are wary of U.S.

DNS 96

DNS Telecommunications Surveillance Data collection 96

Security Affairs

NOVEMBER 15, 2018

In December 2017, Group-IB published its first report on the group: “MoneyTaker: 1.5 GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. years of silent operations”. About the author Group-IB.

Banking 111

Banking Computers and Electronics Phishing Cybercrime 111

CyberSecurity Insiders

APRIL 30, 2021

defraud unsuspecting victims has become an alarming trend that has increased since their emergence in late 2017. The liveness detection capabilities of biometrics mean that the system is able to detect if a face or a fingerprint is real or fake by using algorithms that analyse data collected from biometric scanners and readers.

Technology 93

Technology Authentication Media Accountability 93

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. rar archive files.

Ransomware 99

Ransomware Antivirus Malware Banking 99

SC Magazine

APRIL 9, 2021

Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E. The major public cloud providers have facilities that let teams do event and data collection without agents. The recent news about the SolarWinds hack has put software supply-chain attacks back in the limelight. That was only four years ago.

Software 86

Software Data collection Malware Risk 86

CyberSecurity Insiders

APRIL 27, 2022

The term UEBA was first used in 2017 by tech consultancy firm Gartner. The most common use case of UBA is the protection of sensitive data (namely in the financial, government, and healthcare sectors). Additionally, the data collected from UEBA tools can aid incident investigations to prevent future attacks. UEBA vs UBA.

Cybersecurity 99

Cybersecurity Threat Detection Marketing B2B 99

Responsible Cyber

NOVEMBER 26, 2024

CCPA in Detail Effective from 2020, CCPA focuses on transparency and gives California residents control over their personal data. Key requirements include: Consumer rights : Consumers can request information about data collected, demand deletion, and opt out of data sales.

Data privacy 52

Data privacy Data breaches Data collection Encryption 52