2013, Authentication, Blog and Internet

A Brief History of the Internet’s Biggest BGP Incidents

Kentik

JUNE 5, 2023

In the summer of 2022, I joined a team of BGP experts organized by the Broadband Internet Technical Advisory Group (BITAG) to draft a comprehensive report covering the security of the internet’s routing infrastructure. Below is an edited version of my take on the internet’s most notable BGP incidents.

Technical Review

Technical Review Internet Software Review Systems Review

CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution

Tenable

FEBRUARY 25, 2020

The use of static keys could allow an authenticated attacker with any privilege level to send a specially crafted request to a vulnerable ECP and gain SYSTEM level arbitrary code execution. In their blog, the ZDI shared a YouTube video demonstrating exploitation of this flaw. Valid user credential requirement. Proof of concept.

Authentication

Authentication Research Open Source Tools

Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)

Tenable

JULY 22, 2020

Researchers at BishopFox published a blog post in December 2019 on CVE-2019-18935. At the time, little was known about the exploitability of this vulnerability, but the flaw was severe enough that Tenable Security Response posted a blog post around the vulnerability. as it works without authentication. Microsoft SharePoint.

WAN

WAN Software Review Authentication Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Finding Proxylogon and Related Microsoft Exchange Vulnerabilities: How Tenable Can Help

Tenable

MARCH 8, 2021

As Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA) has said , organizations that exposed Exchange Server to the internet should assume compromise and begin hunting for known indicators. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03.

Malware

Malware Internet Analysis Report

Fighting Ransomware: Using Ivanti’s Platform to Build a Resilient Zero Trust Security Defense

Ivanti

AUGUST 3, 2021

It was detected in late 2013 and called LockDroid. Just within the past several years, cybercriminal gangs have added several more types of ransomware exploits including Doxware , which are threats to reveal and publish personal (or confidential company) information onto the public internet unless the ransom is paid.

Malware

Malware Backup Mobile Storage

Get A-Z Information About Smart Glasses & Its Applications

Openxcell

AUGUST 3, 2020

These devices come with smart sensors that can connect to the internet for exchanging data. In this blog, let’s know more about smartglasses. The smart glass aim is to provide life monitoring services and create a platform for taking more authentic video clips and photos. billion in the year 2020. What is Smart Glass?

Applications

Applications Film Automotive Video

Cloudera Strengthens Hadoop Security with Acquisition of Gazzang: Builds on additional community efforts to deliver end-to-end security offering

CTOvision

JUNE 3, 2014

Later, more and more security related capabilities were added, including better access control, authentication, auditing, and data provenance. Cloudera is continuing to invest broadly in the open source community to support and accelerate security features into project Rhino—an open source effort founded by Intel in early 2013.

Big Data

Big Data Open Source Weak Development Team Compliance

Colombian loan firm leaks thousands of customer service calls

The Parallax

AUGUST 27, 2019

The Spanish-language recordings date back to November 25, 2013, and as of publication, the most recent recordings were uploaded on Monday, August 26. Minder says many of the breaches GroupSense encounters (and has noted on its blog ) are the result of poorly configured security settings. “ In the U.S.,

VOIP

VOIP Internet Banking Groups

Patch Tuesday: December 2021

Kaseya

DECEMBER 1, 2021

Moderate A vulnerability that is mitigated to a significant degree by certain factors such as default configuration, auditing and authentication requirements. As noted in Microsoft’s blog , they recommend that customers prioritize (i.e. The Internet Explorer vulnerability CVE-2021-26411 has seen active exploitation.

Windows

Windows Azure Video Malware

The 10 top network outages of 2021

Kentik

DECEMBER 1, 2021

Every year the internet experiences numerous disruptions and outages, and 2021 was certainly no exception. This year we documented outages, including multiple government-directed shutdowns, as well as what might be the internet’s biggest outage in history. Famous internet outages. Uganda election shutdown.

Network

Network Internet Mobile Government

3 Ways to Handle POS Security Risks in Retail IT

Kaseya

OCTOBER 31, 2019

The most publicized breaches on retail include Target having records of 40 million customers pilfered in 2013, and the same attack compromised another 70 million records. Today, organizations are prioritizing security, given the increased rate of occurrence of cyberattacks. And the retail industry is no exception.

Retail

Retail Malware Systems Review eBook

Microsoft’s May 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-31166)

Tenable

MAY 11, 2021

Internet Explorer. CVE-2021-31198 , CVE-2021-31207 , CVE-2021-31209 and CVE-2021-31195 are several flaws that impact Microsoft Exchange Server 2013, 2016, and 2019 and are all rated “Exploitation Less Likely,” ranging in severity from CVSSv3 6.5 Microsoft’s Exchange Team published a blog post highlighting this new functionality.

Windows

Windows SMB Wireless .Net

Observing Large-Scale Router Exploit Attempts.

ProtectWise

JULY 11, 2016

In early 2013, a vulnerability with various D-Link home routers was disclosed which detailed the ability to exploit the DIR-300 and DIR-600 models. This command appears to be a different method to achieving the same goal as the first version seen in late June, which is to potentially map out vulnerable routers accessible through the internet.

Software Review

Software Review Authentication Research Internet

Using API Gateways to Facilitate Your Transition from Monolith to Microservices

Daniel Bryant

JUNE 23, 2018

Phil talks based on his experience that many organisation’s first foray into deploying a new microservice alongside their monolith consists of simply exposing the service directly to the internet. This article originally appeared on the getambassador.io

Microservices

Microservices Continuous Delivery Infrastructure Architecture

Hacker, Hack Thyself

Coding Horror

JUNE 2, 2017

The name of the security game is defense in depth, so all these hardening steps help … but we still need to assume that Internet Bad Guys will somehow get a copy of your database. If we were, that's a whole other blog post I can write at a later date. And then what? Well, what's in the database? Identity cookies. Password hashes.

Backup

Backup Software Review Open Source Budget

CTO Universe

A Brief History of the Internet’s Biggest BGP Incidents

CVE-2020-0688: Microsoft Exchange Server Static Key Flaw Could Lead to Remote Code Execution

Webinars

Trending Sources

Copy-Paste Compromises: Threat Actors Target Telerik UI, Citrix, and SharePoint Vulnerabilities (CVE-2019-18935)

Webinars

Finding Proxylogon and Related Microsoft Exchange Vulnerabilities: How Tenable Can Help

Fighting Ransomware: Using Ivanti’s Platform to Build a Resilient Zero Trust Security Defense

Get A-Z Information About Smart Glasses & Its Applications

Cloudera Strengthens Hadoop Security with Acquisition of Gazzang: Builds on additional community efforts to deliver end-to-end security offering

Colombian loan firm leaks thousands of customer service calls

Patch Tuesday: December 2021

The 10 top network outages of 2021

3 Ways to Handle POS Security Risks in Retail IT

Microsoft’s May 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-31166)

Observing Large-Scale Router Exploit Attempts.

Using API Gateways to Facilitate Your Transition from Monolith to Microservices

Hacker, Hack Thyself

Stay Connected