Schneier on Security

FEBRUARY 10, 2021

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019.

Ransomware 356

Ransomware Cryptocurrency 356

Schneier on Security

DECEMBER 3, 2020

From a ZDNet article : GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization’s dependency security features and the six package ecosystems supported on the platform across October 1, 2019, to September 30, 2020, and October 1, 2018, to September 30, 2019.

Engineering 345

Engineering Software Cybersecurity 345

Schneier on Security

JANUARY 5, 2021

Separately, it seems that the SVR conducted a dry run of the attack five months before the actual attack: The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company’s software update servers. We know at minimum they had access Oct.

Hacking 358

Hacking System Administration Software Surveillance 358

Security Affairs

MAY 5, 2025

Sansec identified these backdoors in the following packages which were published between 2019 and 2022.” ” Below are the backdoored extensions that were published between 2019 and 2022. In older versions (2019), this required no authentication, but newer versions require a secret key. ” continues the report.

eCommerce 98

eCommerce Hacking Authentication Software 98

Krebs on Security

MARCH 11, 2025

Launched in 2019, Garantex was first sanctioned by the U.S. Department of Justice (DOJ) unsealed an indictment against Besciokov and the other alleged co-founder of Garantex, Aleksandr Mira Serda , 40, a Russian national living in the United Arab Emirates.

Ransomware 274

Ransomware Cryptocurrency Marketing Government 274

Krebs on Security

FEBRUARY 4, 2025

In this 2019 post from Cracked, a forum moderator told the author of the post (Buddie) that the owner of the RDP service was the founder of Nulled, a.k.a. Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg. “Finndev.” ” Image: Ke-la.com. .

eCommerce 214

eCommerce Cybercrime Accountability Passwords 214

Schneier on Security

JANUARY 25, 2024

Since at least 2019, I have been saying that this is hard. Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard.

327

327

Schneier on Security

MAY 2, 2025

In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol for distributed data ownership. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea.

Data privacy 247

Data privacy 247

Krebs on Security

NOVEMBER 26, 2019

The other three restaurants are all part of the same parent company and disclosed breaches in August 2019. Focus Brands (which owns Moe’s, McAlister’s, and Schlotzsky’s) was breached between April and July 2019, and publicly disclosed this on August 23. Krystal announced a card breach last month. percent worldwide.

Marketing 341

Marketing Cybercrime Retail Advertising 341

Krebs on Security

DECEMBER 8, 2020

Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019. These vulnerabilities affect Microsoft Excel 2013 through 2019, Microsoft 365 32 and 64 bit versions, Microsoft Office 2019 32 and 64 bit versions, and Microsoft Excel for Mac 2019.”

DNS 343

DNS Backups Malware Software 343

Schneier on Security

FEBRUARY 15, 2021

In September 2019, another similar vulnerability was found being exploited by the same hacking group. More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued a patch and fixed the flaw, sort of.

Technology 358

Technology Hacking Software 358

Adam Shostack

JANUARY 2, 2025

Just a few things for now Trail of Bits released a threat model for Kubernetes [link to [link] no longer works]. There's some context from Aaron Small, who made the project happen. Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC.

130

130

Adam Shostack

JANUARY 2, 2025

Just what the title says. Cyber Making Software "What Really Works, and Why We Believe It" by Andy Oram and Greg Wilson. This collection of essays is a fascinating view into the state of the art in empirical analysis software engineering. Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith and Jim Bird.

Marketing 130

Marketing Internet Internet Software 130

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches 114

Data breaches Identity Theft Accountability Technology 114

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. In August 2019, the company said a third-party investigation into the exposure identified just 32 consumers whose non-public personal information likely was accessed without authorization.

Insurance 353

Insurance Financial Services Penetration Testing Scams 353

Penetration Testing

MAY 7, 2025

Lampion, the banking malware first observed in 2019, has reemerged with new tricks. In a detailed analysis, Unit The post Lampion Malware Returns with ClickFix Tactics to Target Portuguese Sectors appeared first on Daily CyberSecurity.

Malware 89

Malware Banking Cybersecurity 89

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

System Administration 235

System Administration Engineering Internet Internet 235

Krebs on Security

SEPTEMBER 8, 2020

Among the chief concerns for enterprises this month is CVE-2020-16875 , which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019. Security firm Tenable notes that this bug is reminiscent of CVE-2019-0604 , another Sharepoint problem that’s been exploited for cybercriminal gains since April 2019.

Software 320

Software Backups Authentication Internet 320

Adam Shostack

JANUARY 2, 2025

Some books worth reading, particularly related to space and history A Man on the Moon , Andrew Chaikin is probably the best of the general histories of the moon landings. Failure is not an Option , by Gene Kranz, who didn't actually say that during Apollo 13. Marketing The Moon by David Scott and Richard Jurek.

Marketing 130

Marketing 130

Security Affairs

NOVEMBER 7, 2024

CVE-2019-16278 – is a directory traversal issue in the function http_verify in nostromo nhttpd through 1.9.6 Versions up to 2.3.6 and unpatched 2.3.7 are affected, with active exploitation reported in October 2024 by PSAUX. that allows an attacker to achieve remote code execution via a crafted HTTP request.

Firewall 129

Firewall Authentication Accountability Risk 129

Security Affairs

MAY 13, 2025

DoppelPaymer ransomware has been active since June 2019 ; in November 2020, Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymerransomwareand provided useful information on the threat. The Europol states that in the US, victims payed at least 40 million euros between May 2019 and March 2021.

Ransomware 110

Ransomware Cybercrime Malware Banking 110

Schneier on Security

NOVEMBER 2, 2023

These latest warnings build on repeated instances of cyber intrusion and spyware usage, and highlights the surveillance impunity in India that continues to flourish despite the public outcry triggered by the 2019 Pegasus Project revelations.

Spyware 327

Spyware Surveillance Government 327

Schneier on Security

FEBRUARY 1, 2021

If Georgia had still been using the paperless touchscreen DRE voting machines that they used from 2003 to 2019, then there would have been no paper ballots to recount, and no way to disprove the allegations that the election was hacked. That would have been a nightmare scenario.

Hacking 358

Hacking Software 358

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Cyber Attacks 117

Cyber Attacks Hacking Government Malware 117

Schneier on Security

MARCH 8, 2021

In 2019, Mladenov et al. Interesting paper: “ Shadow Attacks: Hiding and Replacing Content in Signed PDFs “: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification.

Hacking 363

Hacking Authentication 363

Troy Hunt

MARCH 18, 2020

troyhunt #NDCLondon pic.twitter.com/wxzhM6uOCG — HarryMiller (@HarryMillerr) January 31, 2019 Scott and I have been doing these for a couple of years now, initially as a bit of a space-filler at NDC Security on the Gold Coast. pic.twitter.com/ypKONdzVmP — Troy Hunt (@troyhunt) July 1, 2019 It's fun. Such a fun talk!

Advertising 348

Advertising Media 348

Krebs on Security

FEBRUARY 11, 2020

Allan Liska , intelligence analyst at Recorded Future , says Microsoft considers exploitation of the vulnerability unlikely, but that a similar vulnerability discovered last year, CVE-2019-1280 , was being actively exploited by the Astaroth trojan as recently as September.

Backups 67

Backups Malware Internet Internet 67

Krebs on Security

FEBRUARY 28, 2025

And BEARHOST has been cultivating its reputation since at least 2019. Bulletproof hosts are so named when they earn or cultivate a reputation for ignoring legal demands and abuse complaints. “We completely ignore all abuses without exception, including SPAMHAUS and other organizations.”

Malware 257

Malware Antivirus Software DDOS 257

Krebs on Security

JANUARY 12, 2021

In October 2019, SolarWinds pushed an update to their Orion customers that contained the modified test code. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company’s software development pipeline could be repurposed against many other major software providers.

Malware 361

Malware Software Government 361

Penetration Testing

NOVEMBER 27, 2024

Active since 2019, SMOKEDHAM plays a... The post SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns appeared first on Cybersecurity News. A comprehensive analysis by TRAC Labs has shed light on the SMOKEDHAM backdoor, a malicious tool leveraged by the financially motivated threat actor UNC2465.

Ransomware 90

Ransomware Cybersecurity Malware 90

Krebs on Security

MAY 18, 2020

Intel 471 says a rumor has been circulating on Exploit and other forums upO frequented that he was the mastermind behind GandCrab , another ransomware-as-a-service affiliate program that first surfaced in January 2018 and later bragged about extorting billions of dollars from hacked businesses when it closed up shop in June 2019.

Malware 359

Malware Cybercrime Ransomware Marketing 359

Troy Hunt

MARCH 19, 2022

that's a link through to 1Password's Masked Email feature that leverages Fastmail, the video is a good primer) Sponsored by: CrowdSec - The open-source & collaborative IPS: respond to attacks & share signals across the community.

IoT 336

IoT 336

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019.

Surveillance 363

Surveillance Media Hacking 363

Krebs on Security

OCTOBER 15, 2020

Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020. Gemini puts the exposure window between July 2019 and August 2020. The NYU researchers found BriansClub earned close to $104 million in gross revenue from 2015 to early 2019, and listed over 19 million unique card numbers for sale.

Data breaches 360

Data breaches Cybercrime Retail Banking 360

Schneier on Security

NOVEMBER 30, 2021

After planning began in mid-2018, the Long-Term Retention Lab was up and running in the second half of 2019. The warehouse stores around 3,000 pieces of hardware and software, going back about a decade.

Technology 326

Technology Engineering Software Cybersecurity 326

Security Boulevard

MAY 2, 2025

In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lees open protocol for distributed data ownership. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think its worth thinking about the security of that now, while its still a nascent idea.

Data privacy 107

Data privacy 107

Krebs on Security

JULY 31, 2024

Back in 2019, KrebsOnSecurity wrote about thieves employing this method to seize control over thousands of domains registered at GoDaddy, and using those to send bomb threats and sextortion emails (GoDaddy says they fixed that weakness in their systems not long after that 2019 story).

DNS 320

DNS Internet Internet Phishing 320