2018, Authentication and Encryption - Cyber Security Informer

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

If he’d abused his access, he probably could have obtained website encryption certificates (SSL/TLS certs) that were authorized to accept and relay web traffic for affected websites. He may even have been able to passively receive Microsoft Windows authentication credentials from employee computers at affected companies.

DNS

DNS Internet Internet Risk

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. CVE-2018-13379: The Eternal Exploit What is CVE-2018-13379?

VPN

VPN Authentication Ransomware Risk

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. By 2013, new LastPass customers were given 5,000 iterations by default.

Passwords

Passwords Encryption Password Management Cryptocurrency

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

OCTOBER 22, 2018

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military.

Authentication

Authentication Digital transformation IoT Risk

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments.

Ransomware

Ransomware IoT Encryption Social Engineering

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

SEPTEMBER 17, 2018

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use.

Encryption

Encryption Government Surveillance Technology

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

The problem stemmed from an authentication weakness in a USPS Web component known as an “application program interface,” or API — basically, a set of tools defining how various parts of an online application such as databases and Web pages should interact with one another. .

Accountability

Accountability Authentication Identity Theft Advertising

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt. For maximum security on your domains, consider adopting some or all of the following best practices: -Use 2-factor authentication, and require it to be used by all relevant users and subcontractors. -In

Phishing

Phishing DNS Social Engineering Accountability

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). W3Techs’ June 2018 survey shows that 35 percent of the top 10 million websites have adopted it. Related: How PKI can secure IoT.

Internet

Internet Internet Encryption Authentication

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

NOVEMBER 1, 2018

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military.

Authentication

Authentication Digital transformation IoT Risk

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

agarwal_mohit) January 5, 2018. I think the URL is right but it seems inaccessible from other countries: [link] — Troy Hunt (@troyhunt) January 9, 2018. Security /= George blocking — Vatsalya Goel (@vatsalyagoel) January 9, 2018. — Khas Mek (@KhasMek) January 10, 2018. FergusInLondon) January 10, 2018.

Hacking

Hacking Government Encryption Risk

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Thales Cloud Protection & Licensing

JANUARY 22, 2025

Between 2018 and 2023, large-scale healthcare data breaches increased by 102%. New measures proposed by HHS Multi-Factor Authentication (MFA) : Clear definitions to enhance security when accessing sensitive systems. Encryption of ePHI : Protecting electronic health information, even if its intercepted.

Healthcare

Healthcare Cybersecurity Data breaches Encryption

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

APRIL 21, 2021

At the time, in the spring of 2018, only 25 percent of commercial websites used HTTPS; today adoption is at 98 percent and rising. TLS is a component of the Public Key Infrastructure, or PKI , the system used to encrypt data, as well as to authenticate individual users and the web servers they log onto. Decryption bottleneck.

Malware

Malware Firewall Encryption Data breaches

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

An attacker with access to the dispenser controller’s USB port can install an outdated or modified firmware version to bypass the encryption and make cash withdrawals. A research published by Positive Technologies in 2018 revealed that 69 percent of ATMs were vulnerable to such attacks and could be easily hacked in a few minutes.

Hacking

Hacking Firmware Encryption Manufacturing

Aussie Telcos are Failing at Some Fundamental Security Basics

Troy Hunt

MARCH 27, 2018

pic.twitter.com/KiaGNKhaig — Troy Hunt (@troyhunt) March 1, 2018. She was pretty shocked when I showed her this as it was precisely the same verbal password as she used to authenticate to her bank. I'm like yo my credit cards and financial information your entering into this internet system isn't even fully encrypted.

Passwords

Passwords Banking Mobile Telecommunications

Local Networks Go Global When Domain Names Collide

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Alas, in 2018, the.llc TLD was born and began selling domains. He then learned the.ad

DNS

DNS Internet Internet Authentication

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

27, 2018, Cisco’s Talos research division published a write-up outlining the contours of a sophisticated cyber espionage campaign it dubbed “ DNSpionage.” Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. 216 address).

DNS

DNS Internet Internet Government

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

NOVEMBER 15, 2018

The 2018 State of IoT Security study took a poll of 700 organizations in the US, UK, Germany, France and Japan and found IoT is well on its way to be to be woven into all facets of daily business operations. The most common security practices in place at top-tier enterprises were: •Encryption of sensitive data. Tiered performances.

IoT

IoT Encryption Authentication Penetration Testing

US ballistic missile defense systems (BMDS) open to cyber attacks

Security Affairs

DECEMBER 16, 2018

” The report states the BMDS did not implement security controls such as multifactor authentication, vulnerability assessment and mitigation, server rack security, protection of classified data stored on removable media, encrypting transmitted technical information, physical facility security such as cameras and sensors.

Cyber Attacks

Cyber Attacks Media Encryption Authentication

How Website Localization Strengthens Cybersecurity in Global Markets

SecureWorld News

FEBRUARY 4, 2025

For example, in 2018, GDPR non-compliance caused a data breach that cost British Airways 183 million ($230 million) for exposing personal and financial data of nearly 500,000 customers. For example, encrypt transaction details and add verification steps to secure and approve the exchange between your platform and the customer.

Marketing

Marketing Cybersecurity eCommerce Data breaches

Crooks Continue to Exploit GoDaddy Hole

Krebs on Security

FEBRUARY 4, 2019

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. First emerging in early 2018, Gand Crab has been dubbed “the most popular multi-million dollar ransomware of the year.”

DNS

DNS Ransomware Accountability Internet

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

SC Magazine

JULY 13, 2021

According to Armis, an attacker can send undocumented commands in the Unified Messaging Application Services protocol of a Modicon controller to force the device to bypass existing authentication protections and leak a hash. Though they were patched, Armis researchers were able to leverage them in new ways to make the attack work.

Authentication

Authentication Encryption Energy and Utilities Media

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

The attack was largely reminiscent of a 2022 YouTube account hack that repurposed a 2018 interview with Apple CEO Tim Cook to fool viewers into following a separate cryptocurrency scam. These attachments could contain malware that steals passwords, data, and multifactor authentication codes.

Small Business

Small Business Cybersecurity Scams Passwords

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.” Storing authentication credentials for the API is a significant issue. The sheer number of options has a direct impact on the budget.

Hacking

Hacking Penetration Testing Data breaches Authentication

Exploits and vulnerabilities in Q3 2024

SecureList

DECEMBER 6, 2024

Although the first version of LKRG was released back in 2018, it is undergoing constant refinement. The issue arises during SSH authentication. This makes it possible to launch an attack on the system at the very stage when the SSH server receives authentication data. The issue occurs during Kerberos authentication.

Authentication

Authentication Software Wireless Internet

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

APRIL 16, 2020

Once inside a network, they move laterally to locate and encrypt mission-critical systems; a ransom demand for a decryption key follows. In 2018 and 2019, ransomware-triggered business disruptions came not in global-spanning worms, ala WannaCry and NotPetya, but in unrelenting one-off attacks.

Ransomware

Ransomware Authentication Hacking Manufacturing

Other Sierra AirLink router models affected by critical flaws

Security Affairs

MAY 6, 2019

An authenticated attacker could exploit the flaw by sending specially crafted HTTP requests to the targeted device. The most severe flaws disclosed by Sierra are an OS command-injection vulnerability tracked as CVE-2018-4061 (CVSS score 9.1) and an unrestricted file upload vulnerability tracked as CVE-2018-4063 (CVSS score 9.1).

Wireless

Wireless Authentication Advertising Encryption

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

Security Affairs

JULY 13, 2021

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. The vulnerability can allow attackers to bypass authentication mechanisms which can lead to native remote-code-execution on vulnerable PLCs.”

Authentication

Authentication IoT Encryption Engineering

Avast, NordVPN Breaches Tied to Phantom User Accounts

Krebs on Security

OCTOBER 21, 2019

This is not the first so-called “supply chain” attack on Avast: In September 2018, researchers at Cisco Talos and Morphisec disclosed that hackers had compromised the computer cleanup tool for more than a month, leading to some 2.27 million downloads of the corrupt CCleaner version.

Accountability

Accountability VPN Software Antivirus

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

So watch out for weak encryption protocols, insufficient network segregation, or insecure user authentication mechanisms. Software gaps Similarly, the availability of onboard Wi-Fi services has become increasingly common in commercial aircraft so passengers can stay connected to the internet even during a long flight.

Software

Software Risk Artificial Intelligence Cyber Attacks

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte terabyte of stolen data. Threat actors used custom malware to steal data from 3.2

Malware

Malware Computers and Electronics Software Financial Services

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

In addition to the encryption of data, victims have received threats that data stolen during the incidents will be published.” Experts warn of active exploitation of the CVE-2018-13379 , a security bug heavily exploited by LockBit to breach networks. ransomware. This activity has occurred across multiple industry sectors.

Ransomware

Ransomware Retail Manufacturing Encryption

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Security Affairs

AUGUST 14, 2018

Security researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany have devised a new attack technique that allows cracking encrypted communications. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication.” Many vendors are affected.

Encryption

Encryption Authentication Internet Internet

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

RDP intrusions are typically the result of two attacker methods: brute force authentication attempts or a meddler-in-the-middle (MITM) attack. Remote desktop software’s sensitive influence over other devices means identity and access management (IAM), password security , and multi-factor authentication are critical for risk management.

VPN

VPN Software Authentication Encryption

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

The WiFi Protected Access 3 ( WPA3) protocol was launched in June 2018 to address all known security issues affecting the previous standards and mitigate wireless attacks such as the KRACK attacks and DEAUTH attacks. The Enterprise mode implements 192-bit encryption for networks that require extra security. .”

Passwords

Passwords Hacking Wireless Authentication

Recipe for Cybersecurity Success in the Restaurant Industry

SecureWorld News

SEPTEMBER 18, 2024

Dunkin' Donuts (2015-2018): The company faced multiple credential stuffing attacks that led to unauthorized access to customer accounts. Earl Enterprises (2018-2019): The parent company of restaurant chains like Planet Hollywood and Buca di Beppo suffered a 10-month-long data breach affecting millions of customers. Subway U.K.

Cybersecurity

Cybersecurity Data breaches Accountability Authentication

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

Thales Cloud Protection & Licensing

AUGUST 2, 2019

For its part, the United Kingdom incorporated GDPR into its Data Protection Act 2018 3 and the NIS Directive into its NIS Regulations 2018 4 , a political choice showing that the UK strategically desires to be aligned and, to a certain extent, compliant with the new EU regulations. Governing the transfer of data.

Cybersecurity

Cybersecurity Data breaches Government Encryption

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

AUGUST 28, 2018

Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas. Yet, Higbee points out, the DNC was following at least one recommended security protocol: Multi-factor authentication (MFA) was enabled through Office 365.

Phishing

Phishing Data breaches Scams Hacking

What is DKIM Email Security Technology? DKIM Explained

eSecurity Planet

MAY 24, 2023

The DomainKeys Identified Mail (DKIM) email authentication standard enables email servers to check incoming emails to verify the sender and detect email message alterations. At a high level, DKIM enables an organization to provide encryption hash values for key parts of an email. The “p” field is the public encryption key value.

Technology

Technology DNS Encryption Authentication

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

To prevent unwanted access and protect data in transit, wireless connections must be secured with strong authentication procedures, encryption protocols, access control rules, intrusion detection and prevention systems, and other security measures. As a result, wireless networks are prone to eavesdropping, illegal access and theft.

Wireless

Wireless Encryption Authentication IoT

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

Back in 2018, almost two-thirds of the small businesses suffered from cyber security attacks. . With a VPN like Surfshark to encrypt your online traffic and keep it protected against any security breach, your valuable data isn’t going to get compromised easily anytime soon. Two-factor authentication . Firewalls .

Small Business

Small Business Cyber Attacks VPN Backups

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

SecureList

DECEMBER 14, 2021

The malicious module is actually designed to log credentials of users that successfully authenticated on the OWA authentication web page. Successful authentication is verified by checking that the OWA application is sending an authentication token back to the user.

Authentication

Authentication Encryption Accountability Passwords

MasterCard DNS Error Went Unnoticed for Years

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Trending Sources

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Q&A: The troubling implications of normalizing encryption backdoors — for government use

USPS Site Exposed Data on 60 Million Users

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

What Is Encryption? Definition, How it Works, & Examples

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Aussie Telcos are Failing at Some Fundamental Security Basics

Local Networks Go Global When Domain Names Collide

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

US ballistic missile defense systems (BMDS) open to cyber attacks

How Website Localization Strengthens Cybersecurity in Global Markets

Crooks Continue to Exploit GoDaddy Hole

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

The 3 biggest cybersecurity threats to small businesses

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

Exploits and vulnerabilities in Q3 2024

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

Other Sierra AirLink router models affected by critical flaws

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

Avast, NordVPN Breaches Tied to Phantom User Accounts

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Mysterious custom malware used to steal 1.2TB of data from million PCs

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Addressing Remote Desktop Attacks and Security

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Recipe for Cybersecurity Success in the Restaurant Industry

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

What is DKIM Email Security Technology? DKIM Explained

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

Is Your Small Business Safe Against Cyber Attacks?

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

Stay Connected