2017, Internet and Risk - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. “We have looked into the matter and there was not a risk to our systems,” a MasterCard spokesperson wrote.

DNS

DNS Internet Internet Risk

CASMM (The Consumer Authentication Strength Maturity Model)

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Related posts: My RSA 2017 Recap. The Real Internet of Things: Details and Examples. 10 Behaviors That Will Reduce Your Risk Online. People like moving up rankings, so let’s use that! How to use this model.

Authentication

Authentication Passwords Internet Internet

Internet Security Threats at the Olympics

Schneier on Security

FEBRUARY 12, 2018

The so-called Fancy Bear group, or APT28, began its operations in late 2017 -- according to Trend Micro and Threat Connect , two private cybersecurity firms -- eventually publishing documents in 2018 outlining the political tensions between IOC officials and World Anti-Doping Agency (WADA) officials who are policing Olympic athletes.

Internet

Internet Internet Cyber Attacks DDOS

Disqus Demonstrates How to Do Breach Disclosure Right

Troy Hunt

OCTOBER 9, 2017

From that moment, the timeline in their public disclosure began which I highlighted in this tweet: 23 hours and 42 minutes from initial private disclosure to @disqus to public notification and impacted accounts proactively protected pic.twitter.com/lctQEjHhiH — Troy Hunt (@troyhunt) October 6, 2017. Bugs happen and they suck.

Data breaches

Data breaches Passwords Accountability Internet

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The Entity List identifies entities that the US believes pose a risk to its national security. A “kill switch” is important; it disconnects your internet connection if the VPN drops, preventing data leaks.

VPN

VPN Mobile Government Technology

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk

Risk Cybersecurity Encryption Technology

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks.

Internet

Internet Internet DNS Telecommunications

Why the age of connected cars presents a 'very real threat' in cybersecurity

Tech Republic Security

JANUARY 11, 2017

At NAIAS 2017, experts in data management and cybersecurity discussed the risks that come with the 'internet of cars.' Here's what you should know.

Cybersecurity

Cybersecurity Internet Internet Risk

UK Ad Campaign Seeks to Deter Cybercrime

Krebs on Security

MAY 28, 2020

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. For example, search in Google for the terms “booter” or “stresser” from a U.K.

Cybercrime

Cybercrime DDOS Advertising Hacking

Experts Urge Rapid Patching of ‘Struts’ Bug

Krebs on Security

AUGUST 23, 2018

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans.

Software

Software Internet Internet Risk

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Cyber Risk

Cyber Risk Risk Financial Services Banking

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SecureWorld News

OCTOBER 16, 2024

The flaw has exposed the widely distributed smart vacuums to manipulation by bad actors, raising concerns about the cybersecurity of internet-connected home devices. Back in 2017, SecureWorld News reported that cybersecurity researchers took control of an LG 'Smart' vacuum and spied on the home through the device's camera.

IoT

IoT Hacking Risk Internet

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Troy Hunt

OCTOBER 13, 2017

link] pic.twitter.com/qRUUCmz1SY — Troy Hunt (@troyhunt) October 12, 2017. For example, there was CloudPets earlier this year and frankly, I think we can be a lot less "legal-speak" and a lot more honest about the real world risks of IoT devices like these: Speaking of pets, you know what real pets love?

IoT

IoT Hacking Risk Mobile

On Chinese "Spy Trains"

Schneier on Security

SEPTEMBER 26, 2019

There is definitely a national security risk in buying computer infrastructure from a country you don't trust. The risk of discovery is too great, and the payoff would be too low. If there's any lesson from all of this, it's that everybody spies using the Internet. This is a complicated topic. The United States does it.

Surveillance

Surveillance Wireless Government Internet

The Case for Limiting Your Browser Extensions

Krebs on Security

MARCH 3, 2020

A simple Internet search shows this same javascript code is present on hundreds of other Web sites , no doubt inadvertently published by site owners who happened to be editing their sites with this Page Ruler extension installed. Doing otherwise is almost always a high-risk proposition.

Insurance

Insurance Advertising Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. I had the chance at RSA 2019 to discuss the SMB security landscape at length with Gill.

Risk

Risk Cyber Risk Cyber threats Banking

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

The Last Watchdog

DECEMBER 5, 2019

My primer on the going forward privacy and security implications of IoT — What Everyone Should Know About the Promise and Pitfalls of the Internet of Things — won second place in the contest’s IoT Security category. I’ve never done stories to win awards. So keep reading and sharing. And thanks for your support.

IoT

IoT Cyber Risk Internet Internet

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Security Affairs

JUNE 28, 2025

Systems running services like GoAhead web apps, WRT admin panels, and IIS are especially at risk. SecurityScorecard researchers found that many devices in the LapDogs network are vulnerable to known flaws like CVE-2015-1548 and CVE-2017-17663 , linked to outdated mini_httpd servers. lighttpd, mini_httpd) typical of embedded systems.

IoT

IoT Hacking Firmware Malware

Scanning for Flaws, Scoring for Security

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.

Cyber Risk

Cyber Risk Energy and Utilities Risk Marketing

MY TAKE: Here’s why the Internet Society’s new Privacy Code of Conduct deserves wide adoption

The Last Watchdog

FEBRUARY 20, 2019

What if consumers could use search engines, patronize social media, peruse news and entertainment sites and use other internet-enabled services without abdicating all of their rights? Our research shows a correlation between good privacy practices and good business practices,” Dennedy told me in late 2017. Privacy Code of Conduct.

Internet

Internet Internet Data privacy Engineering

MyEquifax.com Bypasses Credit Freeze PIN

Krebs on Security

MARCH 8, 2019

In the wake of Equifax’s epic 2017 data breach impacting some 148 million Americans, many people did freeze their credit files at the big three in response. This has been the reality for years, and was so well before Equifax announced its big 2017 breach. Consumers in every U.S. But Equifax has changed a few things since then.

Accountability

Accountability Identity Theft Authentication Passwords

CES 2017: How BlackBerry plans to solve the IoT security threat

Tech Republic Security

JANUARY 7, 2017

The Internet of Things is arguably the biggest trend of CES 2017, but it's also a massive security risk. BlackBerry's Chief Security Officer explains how it can mitigate the IoT cybersecurity threat.

IoT

IoT Internet Internet Risk

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. This is just one of many risks to our normal civilian computer supply chains. “If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.”

Software

Software Cybersecurity Backups Manufacturing

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. “We’ve reviewed the configuration of both our registrar and nameservers and have found no indication of misuse.

DNS

DNS Internet Internet Computers and Electronics

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 29, 2025

Thousands of internet-facing applications are potentially at risk. The experts noticed that the activity resembles past exploitation of CVE-2017-9844, but due to patched systems, analysts assess with high confidence that an unreported RFI flaw in SAP NetWeaver is being used. concludes the report.

VPN

VPN Risk Hacking Internet

Apache Log4j Zero Day Exploit Puts Large Number of Servers at Severe Risk

eSecurity Planet

DECEMBER 10, 2021

We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.”. In a similar tweet, security firm GreyNoise reported that it “is currently seeing 2 unique IP’s scanning the internet for the new Apache Log4j RCE vulnerability…”. Anybody using Apache Struts is likely vulnerable.

Risk

Risk Software Cybersecurity Firewall

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

According to Constella Intelligence , a data breach and threat actor research platform, a user named Semen7907 registered in 2017 on the Russian-language programming forum pawno[.]ru Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 ru using the email address tretyakov-files@yandex.ru. ” Mr. .”

Ransomware

Ransomware Accountability Cybercrime Backups

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

The Last Watchdog

AUGUST 18, 2021

billion in 2017; Avast acquired AVG for $1.3 There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords. A lot of water has flowed under the bridge since then. billion in 2016, for instance.

Antivirus

Antivirus Marketing Identity Theft Social Engineering

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

The Last Watchdog

JULY 29, 2021

Based in New York City, Sonrai launched in late 2017 to help companies gain clarity about data and identity security-related relationships within their public cloud envrionments, including Amazon Web Services, Microsoft Azure, Google Cloud. What this allows decision makers to do is visualize risk,” Kedrosky says.

Risk

Risk Cloud Migration Digital transformation Software

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. Credential stuffing campaigns have become part of the fabric of the Internet.

Passwords

Passwords Password Management Antivirus Internet

Lessons From the 2023 National Risk Register Report

IT Security Guru

AUGUST 17, 2023

The 2023 Edition of the National Risk Register predicts that, in the next two years, there is a 5 to 25% chance that a devastating attack will target critical infrastructure and cause physical harm. A nationwide loss of power could create a ripple effect, causing disruption to internet telecommunications, water, sewage, fuel and gas supplies.

Risk

Risk Healthcare Passwords Government

SAP NetWeaver zero-day allegedly exploited by an initial access broker

Security Affairs

APRIL 25, 2025

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader stems from a lack of proper authorization checks.

VPN

VPN Internet Internet Risk

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

MARCH 4, 2019

That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. GLIBC keeps common code in one place, thus making it easier for multiple programs to connect to the company network and to the Internet. Fast forward to 2017. Because it was so complex, Stuxnet was not easy for just anyone to replicate.

Hacking

Hacking Energy and Utilities System Administration Accountability

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

The participation led to the idea behind CyberSaint The company supplies a platform, called CyberStrong, that automatically manages risk and compliance assessments across many types of frameworks. This includes not just the NIST CSF, but also the newly minted NIST Risk Management Framework 2.0, and the upcoming NIST Privacy Framework.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. If you’re buying from an online store that is brand new, the risk that you will get scammed increases significantly.

Scams

Scams Wireless Phishing Banking

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

SEPTEMBER 7, 2022

Make no mistake, CMMC 2.0 , which has been under development since 2017 , represents a sea change. Meanwhile, Level 3, calls for several more tiers of protection specifically aimed at reducing the risk from Advanced Persistent Threats ( APTs ) in order to safeguard so-called Controlled Unclassified Information ( CUI.). Raising the bar.

Cybersecurity

Cybersecurity Digital transformation Government Small Business

10 Best CASB Security Vendors of 2022

eSecurity Planet

DECEMBER 17, 2021

API-based inline deployment for fast risk scoring, behavioral analysis , and detection. Risk assessment, rating, and categorization for cloud applications. In the Gartner Magic Quadrant for Cloud Access Security Brokers, Censornet was a Niche Player in 2017 and 2018. Broadcom Features. Censornet Features. Forcepoint.

Risk

Risk Firewall Authentication Encryption

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

The Last Watchdog

AUGUST 1, 2019

Just a few days before Capital One’s disclosure, Equifax rather quietly agreed to pay up to $700 million to settle consumer claims and federal and state investigations into its 2017 data breach that compromised sensitive information of more than 145 million American consumers.

Data privacy

Data privacy Data breaches Internet Internet

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

A survey of local media reports by Recorded Future tallied 38 ransomware attacks against cities in 2017, rising to 53 attacks in 2018. However, the operational imperatives in today’s world of internet-centric commerce often boil down to survival math, especially for SMBs. mayors attending the U.S. The median was $10,310.

Ransomware

Ransomware Internet Internet Hacking

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

FEBRUARY 17, 2020

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Defenders, meanwhile, have to guard everything all of the time, and most organizations have many more Internet pathways than they even know about, much less are taking steps to defend.”

Digital transformation

Digital transformation Internet Internet Firewall

Poland and Lithuania fear that data collected via FaceApp could be misused

Security Affairs

JULY 19, 2019

Poland and Lithuania are probing the potential privacy and security risks of using a Russian-made app FaceApp. Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data collection

Data collection Wireless Advertising Risk

Managing OT and IT Risk: What Cybersecurity Leaders Need to Know

Security Boulevard

OCTOBER 7, 2024

Security leaders face the challenge of managing a vast, interconnected attack surface, where traditional approaches to managing cyber risk are no longer sufficient. Modern threats exploit vulnerabilities across domains, requiring a more holistic approach to avoid operational disruption, safety risks and financial losses.

Risk

Risk IoT Cybersecurity Internet

Artificial Personas and Public Discourse

Schneier on Security

JANUARY 13, 2020

The risk arises from two separate threads coming together: artificial intelligence-driven text generation and social media chatbots. These computer-generated "people" will drown out actual human discussions on the Internet. Putting all this together, they'll be able to drown out any actual debate on the Internet.

Media

Media Internet Internet Technology

MasterCard DNS Error Went Unnoticed for Years

CASMM (The Consumer Authentication Strength Maturity Model)

Trending Sources

Internet Security Threats at the Olympics

Disqus Demonstrates How to Do Breach Disclosure Right

Popular VPNs are routing traffic via Chinese companies, including one with link to military

What is Cybersecurity Risk Management?

ICANN warns of large-scale attacks on Internet infrastructure

Why the age of connected cars presents a 'very real threat' in cybersecurity

UK Ad Campaign Seeks to Deter Cybercrime

Experts Urge Rapid Patching of ‘Struts’ Bug

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

On Chinese "Spy Trains"

The Case for Limiting Your Browser Extensions

A Deep Dive Into the Residential Proxy Service ‘911’

MY TAKE: New ‘cyberthreat index’ shows SMBs cognizant of big risks, ill-prepared to deal with them

Last Watchdog’s IoT and ‘zero trust’ coverage win MVP awards from Information Management Today

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Scanning for Flaws, Scoring for Security

MY TAKE: Here’s why the Internet Society’s new Privacy Code of Conduct deserves wide adoption

MyEquifax.com Bypasses Credit Freeze PIN

CES 2017: How BlackBerry plans to solve the IoT security threat

Vulnerabilities in Weapons Systems

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

Apache Log4j Zero Day Exploit Puts Large Number of Servers at Severe Risk

A Closer Look at the Snatch Data Ransom Group

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Lessons From the 2023 National Risk Register Report

SAP NetWeaver zero-day allegedly exploited by an initial access broker

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

How to Shop Online Like a Security Pro

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

10 Best CASB Security Vendors of 2022

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

Poland and Lithuania fear that data collected via FaceApp could be misused

Managing OT and IT Risk: What Cybersecurity Leaders Need to Know

Artificial Personas and Public Discourse

Stay Connected