Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 139

Accountability Hacking Banking Government 139

Security Affairs

APRIL 2, 2022

GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. prior to 14.7.7, prior to 14.8.5,

Accountability 99

Accountability Passwords Hacking Information Security 99

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability 81

Accountability Hacking Data breaches Passwords 81

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. GoDaddy has not disclosed the source of the breach in December 2022 that led to malware on some customer websites. A U2F device made by Yubikey.

Hacking 268

Hacking Social Engineering Phishing Scams 268

Krebs on Security

DECEMBER 19, 2022

men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. conspired to hack into Yahoo email accounts belonging to victims in the United States.

Hacking 289

Hacking Media Passwords Identity Theft 289

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. Today’s operation is not the first time the U.S.

Hacking 253

Hacking Malware Ransomware Government 253

Security Affairs

MARCH 28, 2022

While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). It seems that the platform also blocked other accounts, but at the time of this writing, there is no official announcement from Twitter. datalove @YourAnonNews @ITarmyUA Glory to Ukraine!

Accountability 97

Accountability Hacking Banking Government 97

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

Accountability 142

Accountability Hacking Cybersecurity Information Security 142

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 108

Hacking Government Spyware Marketing 108

Security Affairs

MAY 2, 2024

Additionally, certain account settings and authentication information such as API keys, OAuth tokens, and multi-factor authentication details were compromised. The attackers compromised a service account within Sign’s back-end, which is a non-human account utilized for executing applications and automated services.

Hacking 98

Hacking Authentication Passwords Accountability 98

Security Affairs

JANUARY 20, 2022

Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. ETH from yesterday's @cryptocom hack.

Accountability 86

Accountability Hacking Cryptocurrency Cyber Attacks 86

Krebs on Security

DECEMBER 13, 2022

Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself. Department of Defense. USDoD’s InfraGard sales thread on Breached.

Hacking 362

Hacking Energy and Utilities Cybercrime Accountability 362

Security Boulevard

MARCH 14, 2023

men have been charged with hacking into a U.S. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. The post Two U.S.

Hacking 52

Hacking Government Accountability Web Fraud 52

Security Affairs

JANUARY 13, 2023

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. Pierluigi Paganini.

Password Management 89

Password Management Passwords Accountability Data breaches 89

Krebs on Security

FEBRUARY 16, 2022

The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people separated by war, violence, migration and other causes. .” In their online statement about the hack (updated on Feb. Image: Ke-la.com. and other western audiences. com, sachtimes[.]com,

Hacking 242

Hacking Ransomware Media Accountability 242

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. SecurityAffairs – hacking, WhatsApp).

Scams 140

Scams Accountability Mobile Hacking 140

Krebs on Security

FEBRUARY 9, 2023

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating “ Trickbot ,” a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. companies and government entities.

Hacking 193

Hacking Cybercrime Ransomware Government 193

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28) ” reads trhe announcement published by DKWOC.

Accountability 105

Accountability Government Phishing Authentication 105

The Hacker News

SEPTEMBER 23, 2022

The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to

Accountability 89

Accountability Hacking Phishing Authentication 89

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report. 50 in 2021).

Identity Theft 93

Identity Theft Accountability DDOS Cybercrime 93

Security Affairs

SEPTEMBER 16, 2022

— Uber Comms (@Uber_Comms) September 16, 2022. According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases. “I

Hacking 133

Hacking Data breaches Engineering Information Security 133

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 88

Accountability Phishing Authentication Architecture 88

The Hacker News

AUGUST 22, 2022

The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was.

Accountability 93

Accountability Hacking 93

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords.

Accountability 92

Accountability Passwords Password Management Phishing 92

Security Affairs

JULY 5, 2022

Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway. .

Scams 83

Scams Accountability Authentication Cryptocurrency 83

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

VPN 126

VPN IoT Cybersecurity Engineering 126

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Some users with AT&T email addresses wrote on Reddit that they have been hacked, and some of them claim they had the same issue for months.

Cryptocurrency 77

Cryptocurrency Accountability Passwords Hacking 77

Security Affairs

DECEMBER 5, 2022

A critical stack-based buffer overflow bug, tracked as CVE-2022-23093, in the ping service can allow to take over FreeBSD systems. The maintainers of the FreeBSD operating system released updates to address a critical flaw, tracked as CVE-2022-23093, in the ping module that could be potentially exploited to gain remote code execution.

Hacking 100

Hacking Accountability Information Security 100

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 88

Accountability Cryptocurrency Malware Phishing 88

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes.

Identity Theft 87

Identity Theft Data breaches Insurance Hacking 87

Malwarebytes

SEPTEMBER 30, 2022

An incredibly offensive alert was sent by Fast Company, which has been hacked. — Apple News (@AppleNews) September 28, 2022. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: "Hacked by Vinny Troia. Apple News has disabled their channel.

Hacking 83

Hacking Accountability Authentication Passwords 83

Security Affairs

JANUARY 10, 2022

Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers such as Jamie Bateson (AKA Bateson87), NickRTFM, Trymacs, TisiSchubecH and FUT FG.

Hacking 102

Hacking Accountability Social Engineering Media 102

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Security Affairs

JULY 22, 2022

Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. SecurityAffairs – hacking, Windows 11). Pierluigi Paganini.

Accountability 92

Accountability Passwords Ransomware Hacking 92

SecureList

FEBRUARY 16, 2023

Fake donation sites started popping up after the Ukraine crisis broke out in 2022, pretending to accept money as aid to Ukraine. The pandemic The COVID-19 theme had lost relevance by late 2022 as the pandemic restrictions had been lifted in most countries. “Promotional campaigns by major banks” were a popular bait in 2022.

Phishing 89

Phishing Scams Accountability Energy and Utilities 89

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 102

Accountability Phishing Passwords Hacking 102

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. “Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.” Pierluigi Paganini.

Authentication 91

Authentication Risk Hacking Accountability 91