Krebs on Security

DECEMBER 8, 2020

Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019. These vulnerabilities affect Microsoft Excel 2013 through 2019, Microsoft 365 32 and 64 bit versions, Microsoft Office 2019 32 and 64 bit versions, and Microsoft Excel for Mac 2019.”

DNS 344

DNS Backups Malware Software 344

Schneier on Security

MARCH 18, 2020

Interesting data : A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts.

Risk 247

Risk 247

Schneier on Security

SEPTEMBER 6, 2021

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. ” “All products launched after 2019 randomize their MAC-addresses on a frequent basis as it has become the market standard to do so,” Gamborg says. This one is about wireless headphones.

Wireless 313

Wireless Marketing Manufacturing Risk 313

SecureWorld News

OCTOBER 23, 2024

Securities and Exchange Commission (SEC) announced Tuesday that it has fined four companies $7 million for misleading statements about their cybersecurity incidents, particularly concerning the high-profile 2019 SolarWinds hack. The SEC charged the companies with "materially misleading disclosures regarding cybersecurity risks and intrusions."

Cybersecurity 113

Cybersecurity Risk Hacking Software 113

Cisco Security

SEPTEMBER 26, 2022

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Risk Management and Formula One. Meanwhile, InfoSec is the designer and implementor of risk management capabilities (for instance, ensuring the latest technology is deployed and within expected specifications).

Risk 145

Risk Cybersecurity Technology InfoSec 145

Security Boulevard

JUNE 2, 2023

As a concept, it was introduced in 2016, but it only became globally available in 2019. The post 5G and Cybersecurity Risks in 2023 appeared first on Security Boulevard. Four years later, the number of people with 5G-enabled devices is still small in most countries.

Risk 118

Risk Cybersecurity Telecommunications IoT 118

Security Boulevard

MARCH 8, 2023

Email has been a popular delivery of malware and risk for decades.The first phishing schemes took place in the 1990s, and phishing techniques have only become more sophisticated in the decades since. It’s particularly popular among criminals now; since 2019, the use of phishing scams has increased by 300%. The reason for the increase?

Risk 114

Risk Phishing Scams Cyber threats 114

Cisco Security

JULY 12, 2021

Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. Would a risk-conscious, security-aware workforce become a security enabler rather than a security risk?

Security Awareness 145

Security Awareness Risk CISO Cybersecurity 145

Krebs on Security

AUGUST 10, 2021

The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines. However, we strongly believe that the security risk justifies the change.

Software 322

Software Internet Internet Backups 322

Malwarebytes

NOVEMBER 27, 2024

In 2019, a ransomware attack hit LifeLabs, a Canadian medical testing company. At the time, LifeLabs wrote in an open letter that the cybersecurity firm it hired to investigate the incident advised it that the risk to its customers in connection with this cyberattack was low. million people was stolen. It’s catch 22.

Ransomware 124

Ransomware Healthcare Risk Encryption 124

Krebs on Security

AUGUST 13, 2021

Come check out Antinalysis, the new address risk analyzer,” reads the service’s announcement, pointing to a link only accessible via ToR. If you use BTC->XMR->BTC method, you’ll still get flagged down by our services labelled as high risk exchange (not to mention LE and exchanges). ” Update, 1:42 p.m.

Cryptocurrency 337

Cryptocurrency Marketing Ransomware Financial Services 337

The Last Watchdog

OCTOBER 10, 2019

Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate reliance on cloud services. In doing so, CASBs became the fastest growing security category ever , as declared by Gartner.

Risk 200

Risk Cloud Migration Engineering Cyber Risk 200

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. For the latest updates and resources, visit StopRansomware.gov.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Krebs on Security

DECEMBER 19, 2018

Satnam Narang , senior research engineer at Tenable , said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

Internet 265

Internet Internet Software Engineering 265

CSO Magazine

MAY 29, 2023

Today we call programs that help prevent or identify breaches of trust insider risk management (IRM). In 2019, a CSO article raised the question “ Insider risk management — who’s the boss ?” and examined where the buck should stop in terms of taking responsibility for threats from within.

Risk 109

Risk CSO Government 109

Google Security

OCTOBER 15, 2024

We recognized the inherent risks associated with memory-unsafe languages and developed tools like sanitizers , which detect memory safety bugs dynamically, and fuzzers like AFL and libfuzzer , which proactively test the robustness and security of a software application by repeatedly feeding unexpected inputs.

Computers and Electronics 119

Computers and Electronics Software Risk Architecture 119

Cisco Security

APRIL 11, 2022

Kenna Security maps out the vulnerabilities in your environment and prioritizes the order in which you should address them based on a risk score. With this initial integration, Secure Endpoint customers can now perform risk-based endpoint security. Figure 1: Kenna Risk Score in the Secure Endpoint console.

Risk 133

Risk Internet Internet Malware 133

SecureWorld News

MAY 13, 2025

Anatomy of the breach: technical exploitation of WhatsApp Meta ( then Facebook) filed a lawsuit in 2019, asserting that the NSO Group had exploited a vulnerability in WhatsApp's VoIP calling feature. Third- party software risks extend beyond the supply chain to nation- state surveillance contractors.

Spyware 104

Spyware Surveillance CISO Government 104

Malwarebytes

MAY 8, 2025

According to the original complaint against NSO Group, filed in October 2019, the spyware vendor used WhatsApp servers to send malware to around 1400 mobile phones. Google has an advanced protection program for people like this, while Apple launched lockdown mode for high-risk users. Facebook has its own initiative.

Spyware 120

Spyware Hacking Surveillance Government 120

eSecurity Planet

MARCH 4, 2025

How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022. Their current tactics include: Gaining access to AWS accounts using identify and access management (IAM) keys.

Phishing 94

Phishing Accountability Authentication Risk 94

Krebs on Security

APRIL 14, 2023

” The FCC tweet also provided a link to the agency’s awareness page on juice jacking , which was originally published in advance of the Thanksgiving Holiday in 2019 but was updated in 2021 and then again shortly after the FBI’s tweet was picked up by the news media. This scam is referred to as juice jacking.”

Mobile 322

Mobile Software Backups Technology 322

Security Affairs

DECEMBER 1, 2024

A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. While it offers immense opportunities for innovation and progress, it also presents significant risks when weaponized by malicious actors.

Artificial Intelligence 131

Artificial Intelligence Phishing Media Cyber threats 131

Schneier on Security

APRIL 27, 2022

Mandiant: In 2021, Mandiant Threat Intelligence identified 80 zero-days exploited in the wild, which is more than double the previous record volume in 2019. State-sponsored groups continue to be the primary actors exploiting zero-day vulnerabilities, led by Chinese groups. News article.

Ransomware 244

Ransomware Risk Malware Hacking 244

Security Affairs

MARCH 27, 2025

CVE-2019-9874 (CVSS score of 9.8) According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. ” reported Wiz.

Authentication 61

Authentication Hacking Cybersecurity Risk 61

Malwarebytes

APRIL 3, 2025

Chinese company 360 Security Technology, also known as Qihoo 360, purchased Lemon Seed, according to its 2019 annual report. The Entity List identifies entities that the US believes pose a risk to its national security. It is also responsible for others that didn’t make it into the top 100: Snap VPN, and Signal Secure VPN.

VPN 138

VPN Mobile Government Technology 138

eSecurity Planet

JULY 27, 2021

In the case of LemonDuck, the malware – which has been on the radar since at least 2019 and has been followed by multiple vendor security teams – has become a threat on multiple fronts, according to the Microsoft security researchers. From the criminal’s standpoint, this means more opportunities for pay-out relative to effort.”

Malware 144

Malware Risk Cryptocurrency Ransomware 144

Security Affairs

NOVEMBER 18, 2024

The security breach poses a major national security risk. Salt Typhoon is a China-linked APT group active since at least 2019. In 2019, T-Mobile disclosed data breach affecting prepaid wireless customers. The WSJ states that the compromise remained undisclosed due to possible impact on national security.

Mobile 111

Mobile Telecommunications Data breaches Hacking 111

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. CSP collaboration improves the security environment where there’s a need to mitigate the emerging risks quickly and comprehensively.

Risk 125

Risk Backups Encryption DDOS 125

The Last Watchdog

NOVEMBER 8, 2021

According to a report from Protenus and DataBreaches.net, over 41 million patient records were breached in 2019, almost tripling healthcare industry breaches from the prior year. The largest privacy incident was reported in 2019 at American Medical Collection Agency (AMCA), a third-party billing and collections company.

Healthcare 268

Healthcare Technology Architecture IoT 268

Malwarebytes

MAY 1, 2025

In 2022, it found 63 zero-day exploits, and the year before that it was 95, but 2019 and 2020 both showed just 31 zero-day exploits each. That’s a consistently falling number; 90.32% of zero-day exploits targeted end-user tech in 2019, followed by 70.97%, 74.74%, 63.49%, and 63.27% respectively through 2023.

Spyware 82

Spyware Mobile Technology Government 82

Krebs on Security

FEBRUARY 8, 2021

“According to the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out thanks to the development of the Ternopil hacker,” the attorney general’s office said, noting that investigators had identified hundreds of U-Admin customers. ” U-Admin, a.k.a.

Phishing 340

Phishing Scams Banking Mobile 340

Krebs on Security

APRIL 29, 2022

In a blog post on Wednesday , Google’s Michelle Chang wrote that the company’s expanded policy now allows for the removal of additional information that may pose a risk for identity theft, such as confidential log-in credentials, email addresses and phone numbers when it appears in Search results.

Identity Theft 364

Identity Theft Cybercrime Retail Hacking 364

Approachable Cyber Threats

DECEMBER 21, 2023

Category Cybersecurity Fundamentals, Third Party Risk Risk Level In the interconnected web of modern business ecosystems, supply chain risks have emerged as insidious threats, leaving even the most vigilant organizations vulnerable to devastating cyber breaches. What are some strategies for mitigating supply chain risks? ❯

Risk 95

Risk Cybersecurity Software Government 95

Security Affairs

APRIL 28, 2025

in March 2019. Researchers built a fully functional rootkit that relies entirely on io_uring to demonstrate the real-world risk. Many commercial vendors were either vulnerable or unresponsive, suggesting io_uring rootkits pose a broad risk to current Linux security solutions. ” reads the report published by the experts.

Risk 83

Risk Hacking Information Security Malware 83

Security Affairs

MAY 13, 2025

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Once inside, they could access all user communications, steal data, impersonate users, and compromise credentials, posing major operational risks. ” reads the report published by Microsoft.

DNS 83

DNS Telecommunications Architecture Media 83

eSecurity Planet

FEBRUARY 26, 2024

The fix: System administrators are encouraged to install the Exchange Server 2019 Cumulative Update 14 (CU14), which was issued in February 2024 and enabled NTLM credentials Relay Protection. Users are strongly recommended to quickly upgrade their Bricks Builder Theme installations to this current version to reduce the risk of exploitation.

Risk 113

Risk Authentication System Administration Ransomware 113

The Last Watchdog

FEBRUARY 3, 2020

and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. The report discloses a new strain of wiper malware, dubbed Dustman , found to be targeting entities within the Middle East through the course of 2019. As geopolitical tensions between the U.S.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330