2018, Accountability and Security Defenses

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. In November 2018, a GandCrab affiliate posted a screenshot on the Exploit[.]in The GandCrab identity on Exploit[.]in

Ransomware

Ransomware Accountability Cybercrime Passwords

Vulnerability Recap 7/29/24 – Multiple Old Security Flaws Reappear

eSecurity Planet

JULY 29, 2024

A Microsoft SmartScreen vulnerability from earlier this year resurfaced, and a Docker flaw from 2018 is still causing issues in a newer version of the software. If you’re part of an IT or security team responsible for handling vulnerabilities, make sure your team has a way to be immediately updated when new issues arise.

Accountability

Accountability Internet Internet Software

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

That investment requires shifting attitudes from general awareness of security, which most workers already have, to genuinely caring about it and seeing themselves as a true part of their company’s security defenses. Security programs must shoulder accountability for setting employees in different roles up for success.

CSO

CSO Passwords Password Management Accountability

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

eSecurity Planet

OCTOBER 30, 2023

Security teams are strongly recommended to perform a forensic triage to detect and reverse all unauthorized changes. 0Auth API Misconfigurations Expose User Accounts to Takeover Type of attack: No active attacks are underway, but researchers found (and fixed) common 0Auth implementation errors that exposed millions of customer accounts.

Authentication

Authentication Mobile Accountability Software

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. An attacker creates a new admin user and logs into an OpenFire account. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled.

VPN

VPN Authentication Mobile Firewall

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

eSecurity Planet

AUGUST 28, 2023

To remedy this vulnerability, Adobe recommends installing Update 16 for ColdFusion 2018 and Update 6 for ColdFusion 2021. An attacker creates a new admin user and logs into an OpenFire account. Akira carries out attacks via compromised user accounts, particularly ones that don’t have multi-factor authentication (MFA) enabled.

VPN

VPN Authentication Mobile Firewall

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

eSecurity Planet

FEBRUARY 16, 2024

Using “ living off the land binaries ,” they conceal their operations within ordinary system characteristics, bypassing simple endpoint security protections. LotL emerged in 2018 and became a popular strategy among malicious actors due to its effectiveness in ensuring covert persistence and discovery evasion.

Internet

Internet Internet Network Security Cybersecurity

Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms

eSecurity Planet

JUNE 10, 2024

The authentication bypass permits the establishment of rogue admin accounts, but the deserialization flaw allows remote code execution, potentially giving attackers complete control over the affected servers. Administrators should also verify user lists for unrecognized accounts and ensure their servers are fixed to prevent exploitation.

Malware

Malware Authentication Software Telecommunications

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

eSecurity Planet

FEBRUARY 26, 2024

If the account is a high-privilege account, this is even more dangerous. If an attacker gains access to a privileged account, they could even compromise sensitive customer data. In 2018, British Airways was attacked by a group of hackers that used an XSS vulnerability in a JavaScript library.

Risk

Risk Financial Services Engineering Software

Top 5 Strategies for Vulnerability Mitigation

Centraleyes

DECEMBER 6, 2023

According to Purplesec, ransomware attacks have increased by 350% since 2018, zero-day attacks were up by 55% in 2021, and out of the 30 million SMBs in the USA, over 66% have had at least 1 cyber incident between 2018-2020. Vulnerability management is a critical element of information security.

Risk

Risk Cyber Risk Software Information Security

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

For example, The Health Insurance Portability and Accountability Act (HIPAA) requires security features such as encryption to protect patients’ health information. The Family Educational Rights and Privacy Act (FERPA) requires encryption or equivalent security measures to protect private student records.

Encryption

Encryption Passwords IoT Firewall

What Is API Security? Definition, Fundamentals, & Tips

eSecurity Planet

SEPTEMBER 8, 2023

An unprotected API that let anybody check if an email address was linked to a Duolingo account caused the compromise. wants to update the website’s programming and security features. Users are urged to implement two-factor authentication for increased security because Discord.io and Discord are independent companies.

Authentication

Authentication Architecture Firewall Threat Detection

5 Major Cybersecurity Trends to Know for 2024

eSecurity Planet

DECEMBER 19, 2023

Increasing Regulation Decades of use and abuse of computer systems led to early regulation, such as Europe’s General Data Protection Regulation (GDPR) adopted in 2016 and California’s Consumer Privacy Act (CCPA) passed in 2018. It’s no secret that the SEC is now holding CISOs accountable for the risks organizations take on.

Cybersecurity

Cybersecurity CISO Government Technology

Cyber Security Informer

Who’s Behind the GandCrab Ransomware?

Vulnerability Recap 7/29/24 – Multiple Old Security Flaws Reappear

Trending Sources

Beyond Awareness: How to Cultivate the Human Side of Security

Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Weekly Vulnerability Recap – August 28, 2023 – Windows, Ivanti, Adobe Hit By Flaws

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

Top 5 Strategies for Vulnerability Mitigation

What Is Encryption? Definition, How it Works, & Examples

What Is API Security? Definition, Fundamentals, & Tips

5 Major Cybersecurity Trends to Know for 2024

Stay Connected