2017 and Data collection - Cyber Security Informer

Google fined $60 million over Android location data collection

Bleeping Computer

AUGUST 13, 2022

The Australian Competition and Consumer Commission (ACCC) announced that Google was fined $60 million for misleading Australian Android users regarding the collection and use of their location data for almost two years, between January 2017 and December 2018. [.].

Data collection

Poland and Lithuania fear that data collected via FaceApp could be misused

Security Affairs

JULY 19, 2019

Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp. FaceApp was developed in 2017 by Wireless Lab, when it was downloaded 80 million times, but now thanks to the challenge it is becoming viral. Pierluigi Paganini.

Data collection

Data collection Wireless Advertising Risk

The Equifax Breach Settlement Offer is Real, For Now

Krebs on Security

DECEMBER 20, 2022

Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack.

Identity Theft

Identity Theft Data breaches Data collection Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Web Vulnerabilities Up, IoT Flaws Down

Dark Reading

JANUARY 9, 2019

The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.

IoT

IoT Data collection Internet Internet

Interview with the Head of the NSA’s Research Directorate

Schneier on Security

FEBRUARY 3, 2022

. “Everyone thinks their data is the messiest in the world, and mine maybe is because it’s taken from people who don’t want us to have it, frankly,” said Herrera’s immediate predecessor at the NSA, the computer scientist Deborah Frincke, during a 2017 talk at Stanford.

Big data

Big data Surveillance Technology Data collection

Alleged FruitFly malware creator ruled incompetent to stand trial

Malwarebytes

JANUARY 16, 2024

On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. On January 10 2017, and unaware of this ongoing investigation, Malwarebytes became aware of the Mac version of the malware that would become known as FruitFly.

Malware

Malware Passwords Identity Theft Data collection

New York Times Reveals Scope of Mobile Apps’ Location Spying

Adam Levin

DECEMBER 12, 2018

A New York Times report about the ways smartphone apps track users and sell their location data (on a far greater scale than most customers realize) has gotten much deserved attention this week. One data sample obtained by the Times showed records of a company updating users’ locations up to 14,000 times a day in 2017.

Mobile

Mobile Advertising Data collection Marketing

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks.

Telecommunications

Telecommunications Authentication Data collection Passwords

Data flow vs. data security dilemma for China Didi

CyberSecurity Insiders

JULY 7, 2021

CAC alleges Didi has breached many laws pertaining to personal data collection, storage and security and will face legal consequences if it fails to further comply with its orders. On business perspective, Didi Chuxing Technology Co.

Data collection

Data collection Data privacy Advertising Technology

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware

Malware DNS Encryption Cryptocurrency

Chinese threat actors extract big data and sell it on the dark web

SC Magazine

APRIL 19, 2021

A sign is posted on the exterior of Twitter headquarters on April 26, 2017 in San Francisco, California. Among the incidents data stolen by Chinese hackers involved a Twitter database. The data allegedly originated from big data sources of the two most popular mobile network operators in China.

Big data

Big data Data collection Mobile Risk

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Marketers frequently purchase or share first-party data from another partner organization. Data collection red flags. All of this leads us to “third-party” data. Third-party data is generally implicitly collected, used and shared from an external party across sites.

eCommerce

eCommerce Data collection Consumer Protection Advertising

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

The Techniques, Tactics, and Procedures (TTPs) of the Operation North Star operations are very similar to those observed in 2017 and 2019 campaigns that targeted key military and defense technologies. “Our analysis indicates that one of the purposes of the activity in 2020 was to install data gathering implants on victims’ machines.

Advertising

Advertising Data collection Malware Phishing

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” Related video: Using the NIST framework as a starting point.

Financial Services

Financial Services Data collection Manufacturing Cyber Attacks

Scott Hermann, CEO of IDIQ, Joins Entryway’s National Board of Directors

Identity IQ

OCTOBER 26, 2023

Hermann’s deep expertise in identity theft protection, credit and financial education and leveraging data to implement scalable business solutions will immediately benefit Entryway as the organization works to create efficiencies through data collection to serve a greater number of at-risk individuals and families across all of its program markets.

Identity Theft

Identity Theft Education Marketing Financial Services

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

The first data that emerged from the study is that threat actors continue to look at the IoT devices with increasing interest. In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017.

IoT

IoT Passwords Malware Advertising

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. Brovko was involved in the illegal practice between 2007 and 2019. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Banking Advertising Data collection

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

While it's unlikely that China would bother spying on commuters using subway cars, it would be much less surprising if a tech company offered free Internet on subways in exchange for surveillance and data collection. China denied having done so , of course. The United States does it. Our allies do it. Our enemies do it.

Surveillance

Surveillance Wireless Government Internet

TOP 10 unattributed APT mysteries

SecureList

OCTOBER 7, 2022

It was active in the wild for at least for eight years—from 2009 to 2017—and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. DarkUniverse. DarkUniverse is another APT framework we discovered and reported on in 2018. PuzzleMaker.

Malware

Malware Computers and Electronics Telecommunications Encryption

Microsoft Disrupts Russian Threat Actor Seaborgium

SecureWorld News

AUGUST 16, 2022

Microsoft has tracked the threat actor since 2017 and says that its objectives and victimology closely align with the state interests of Russia. Seaborgium's campaigns typically involve phishing and credential theft, which lead to intrusions and data breaches.

Phishing

Phishing Data collection Accountability Data breaches

Insider threats: If it can happen to the FBI, it can happen to you

Malwarebytes

MAY 25, 2021

A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. There’s lots of ways this kind of data collection and retention could go wrong. That’s an incredible 13 years of “What are you doing with that pile of classified material?”.

Social Engineering

Social Engineering Data collection Firewall Risk

Rapid7 InsightIDR Review: Features & Benefits

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? These firms include Logentries in 2015, Komand in 2017, and DivvyCloud in 2020. billion.

DNS

DNS Technology Cybersecurity Data collection

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911’s EULA would later change its company name and address in 2017, to International Media Ltd. In a 2017 discussion on fl.l33t[.]su All VPN providers claim to prioritize the privacy of their users, but many then go on to collect and store all manner of personal and financial data from those customers.

VPN

VPN Computers and Electronics Antivirus Software

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection.

Hacking

Hacking IoT Wireless Firmware

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 In December 2017, Group-IB published the first report on this group: “MoneyTaker: 1.5

Cyber Attacks

Cyber Attacks Banking Cyber threats Phishing

Targeted attack on industrial enterprises and public institutions

SecureList

AUGUST 8, 2022

Microsoft Word documents attached to the phishing emails contained malicious code that exploits the CVE-2017-11882 vulnerability. After receiving the data collected, the stage one CnC servers forwarded the archives received to a stage two server located in China. Transfer of stolen data from infected systems.

Malware

Malware Phishing Passwords Data collection

USB drives are primary vector for destructive threats to industrial facilities

Security Affairs

NOVEMBER 5, 2018

Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX) , a product it has launched in 2017 and that was designed to protect industrial facilities from USB-borne threats.

Malware

Malware IoT Advertising Data collection

Meta subsidiaries must pay $14m over misleading data collection disclosure

Malwarebytes

JULY 31, 2023

Meta has run into yet another bout of court related issues—two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. The Australian case, which has rumbled on for the best part of two and a half years, has focused on claims related to a now discontinued Virtual Private Network (VPN).

Data collection

Data collection VPN Advertising Mobile

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

SC Magazine

FEBRUARY 17, 2021

The company received a finding of law from the Swiss government that it will not be treated as a telecommunications provider, exempting it from laws that would mandate data collection. Indeed, Quad9 has considered moving to the EU to add a legal imperative to its privacy promises since before its launch in 2017. are wary of U.S.

DNS

DNS Telecommunications Surveillance Data collection

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Krebs on Security

MAY 2, 2023

This page indicates that access to the consumer and payment data collected by US Job Services is currently granted to several other coders who work with Mr. Mirza in Pakistan, and to multiple executives, contractors and employees working for a call center in Murfreesboro, Tennessee. com and thenextlevelsupport[.]com

Marketing

Marketing Advertising Scams Telecommunications

Five ways to protect against software supply-chain attacks

SC Magazine

APRIL 9, 2021

Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E. The major public cloud providers have facilities that let teams do event and data collection without agents. The recent news about the SolarWinds hack has put software supply-chain attacks back in the limelight. That was only four years ago.

Software

Software Data collection Malware Risk

New set of Pakistani banks’ card dumps goes on sale on the dark web

Security Affairs

NOVEMBER 17, 2018

Group-IB Threat Intelligence continuously detects and analyses data uploaded to card shops all over the world,” – said Dmitry Shestakov, Head of Group-IB ?ybercrime According to Group-IB’s annual Hi-Tech Crime Trends 2018 report, on average, from June 2017 to August 2018, 1.8 ybercrime research unit.

Banking

Banking Cybercrime Advertising Data collection

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

In 2017-2018 hackers’ interest in cryptocurrency exchanges ramped up. Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC.

Cybercrime

Cybercrime Hacking Banking Phishing

Online market for counterfeit goods in Russia has reached $1,5 billion

Security Affairs

OCTOBER 15, 2018

billion in 2017, compared to $1.2 GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. This information was first made public by experts from Group-IB’s Brand Protection team at the CyberCrimeCon 2018 international cybersecurity conference.

Marketing

Marketing Phishing Media Engineering

Fixing Data Breaches Part 3: The Ease of Disclosure

Troy Hunt

DECEMBER 20, 2017

I'll save you the pain of reading through all the gory details again here, but the bottom line was that after many hours of effort spread over days of getting nowhere, I loaded the data into Have I Been Pwned (HIBP) which finally got their attention. — Michael Kan (@Michael_Kan) February 28, 2017. Yes you do!

Data breaches

Data breaches Risk Accountability Data collection

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Security Affairs

NOVEMBER 15, 2018

In December 2017, Group-IB published its first report on the group: “MoneyTaker: 1.5 GIB Threat Intelligence cyber threats data collection system has been named one of the best in class by Gartner, Forrester, and IDC. years of silent operations”. About the author Group-IB.

Banking

Banking Computers and Electronics Phishing Cybercrime

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

MAY 19, 2023

It specializes in detecting and preventing the exposure of API keys, credentials, certificates and other confidential data.

Software

Software Risk Encryption Marketing

TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

Malwarebytes

MARCH 14, 2024

It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional. billion users , with an estimated 170 million of them in the US.

Identity Theft

Identity Theft Government Media Data collection

Grandoreiro Malware implements new features in Q2 2020

Security Affairs

MAY 27, 2020

An interesting point is that one day after data collection, on 2020/05/21, most of the samples were removed from the server by the malware operators, but the sample targeting Portugal was kept available for the next days. Figure 6: Metrics collected from the server on May 21st, 2020 with the Portuguese sample kept by crooks.

Malware

Malware Banking Advertising Data collection

Amazon's Ring cameras were used to spy on customers

Malwarebytes

MAY 31, 2023

Not only that, but the employees—along with workers from a third-party contractor in Ukraine—could also download any of those videos and then save and share them as they liked, before July 2017. Between June and August 2017, the employee looked through the videos for at least an hour a day on hundreds of occasions.

Engineering

Engineering Data collection Government Accountability

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Mystic Stealer web admin control panel login page Crimeware control panels allow operators to configure settings and access data collected from deployed malware and typically serve as the interface for criminal users to interact with the software. 171:15555 Size ~234 KB Compiler: EP:Microsoft Visual C/C++ (2017 v.15.5-6)

Cryptocurrency

Cryptocurrency Password Management Malware DNS

Doxing in the corporate sector

SecureList

MARCH 29, 2021

For example, in July of 2017, the data of 14 million Verizon users was breached due to incorrectly configured buckets. This simplicity is what ultimately poses a danger to the owners of file repositories in AWS known as “buckets”, which are most often breached due to an incorrect system configuration. Tracking pixel.

Identity Theft

Identity Theft Phishing Accountability Banking

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

Experts from threat intelligence firm KELA , speculate the threat actor could have obtained the credentials buying “Azor logs,” which are lots of data stolen from computers infected with the AzorUlt info-stealer trojan.

Accountability

Accountability Cybercrime Hacking Retail

Google fined $60 million over Android location data collection

Poland and Lithuania fear that data collected via FaceApp could be misused

Webinars

Trending Sources

The Equifax Breach Settlement Offer is Real, For Now

Webinars

Web Vulnerabilities Up, IoT Flaws Down

Interview with the Head of the NSA’s Research Directorate

Alleged FruitFly malware creator ruled incompetent to stand trial

New York Times Reveals Scope of Mobile Apps’ Location Spying

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Data flow vs. data security dilemma for China Didi

StripedFly: Perennially flying under the radar

Chinese threat actors extract big data and sell it on the dark web

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Scott Hermann, CEO of IDIQ, Joins Entryway’s National Board of Directors

Evolution of threat landscape for IoT devices – H1 2018

Russian cybercriminal Aleksandr Brovko sentenced to 8 years in jail

On Chinese "Spy Trains"

TOP 10 unattributed APT mysteries

Microsoft Disrupts Russian Threat Actor Seaborgium

Insider threats: If it can happen to the FBI, it can happen to you

Rapid7 InsightIDR Review: Features & Benefits

A Deep Dive Into the Residential Proxy Service ‘911’

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Targeted attack on industrial enterprises and public institutions

USB drives are primary vector for destructive threats to industrial facilities

Meta subsidiaries must pay $14m over misleading data collection disclosure

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data

Five ways to protect against software supply-chain attacks

New set of Pakistani banks’ card dumps goes on sale on the dark web

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Online market for counterfeit goods in Russia has reached $1,5 billion

Fixing Data Breaches Part 3: The Ease of Disclosure

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Top 5 Application Security Tools & Software for 2023

TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

Grandoreiro Malware implements new features in Q2 2020

Amazon's Ring cameras were used to spy on customers

Mystic Stealer

Doxing in the corporate sector

Hundreds of C-level executives credentials available for $100 to $1500 per account

Stay Connected