Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Threat Report Portugal: Q3 & Q4 2022 compiles data collected on the malicious campaigns that occurred from Jully to December, Q3 and Q4, 2022. in Q2 2022.

Threat Reports 76

Threat Reports Phishing Malware Banking 76

Security Affairs

OCTOBER 15, 2022

In July 2022, researchers from WithSecure (formerly F-Secure Business) discovered a DUCKTAIL campaign targeting individuals and organizations that operate on Facebook’s Business and Ads platform. The end goal is to hijack Facebook Business accounts managed by the victims. ” reads the analysis published by Zscaler.

Accountability 120

Accountability Malware Cryptocurrency Media 120

Security Affairs

JULY 5, 2022

Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway.

Scams 78

Scams Accountability Authentication Cryptocurrency 78

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. Follow me on Twitter: @securityaffairs and Facebook.

Scams 136

Scams Accountability Mobile Hacking 136

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

VPN 122

VPN IoT Cybersecurity Engineering 122

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Japan have already deployed to streamline sign-in for their users. ” continues the post.

Accountability 89

Accountability Passwords Password Management Phishing 89

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 83

Accountability Phishing Authentication Architecture 83

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report.

Identity Theft 89

Identity Theft Accountability DDOS Cybercrime 89

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. ” reads trhe announcement published by DKWOC. “Activities using CVE-2023-23397 were first discovered by CERT-UA[2] and publicly described by Microsoft[3].

Accountability 97

Accountability Government Phishing Authentication 97

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. ” reads the analysis published by Palo Alto Networks.

Accountability 83

Accountability Cryptocurrency Malware Phishing 83

Security Affairs

MARCH 28, 2022

While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). " The Central Bank of Russian Federation leak (28 GB) has been published by Anonymous #Ukraine #OPRussia pic.twitter.com/BJJBMpZESZ — The Black Rabbit World (@Thblckrbbtworld) March 25, 2022. ."

Accountability 96

Accountability Hacking Banking Government 96

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability 87

Accountability Education Media Authentication 87

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. “Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.” Pierluigi Paganini.

Authentication 87

Authentication Risk Hacking Accountability 87

Security Affairs

JULY 22, 2022

Starting with Windows 11 Microsoft introduce by default an account lockout policy that can block brute force attacks. Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. Follow me on Twitter: @securityaffairs and Facebook.

Accountability 87

Accountability Passwords Ransomware Hacking 87

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability 84

Accountability Phishing Financial Services Surveillance 84

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

Identity Theft 83

Identity Theft Data breaches Insurance Hacking 83

Krebs on Security

OCTOBER 20, 2023

BeyondTrust’s security team detected that someone was trying to use an Okta account assigned to one of their engineers to create an all-powerful administrator account within their Okta environment. He said that on Oct 2., 2 was not a result of a breach in its systems. But she said that by Oct. But she said that by Oct.

Social Engineering 327

Social Engineering Engineering Accountability Hacking 327

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability 76

Accountability Hacking Data breaches Passwords 76

Approachable Cyber Threats

DECEMBER 13, 2022

The 2022 update to our research on the perception of data breach causes that’s helped organizations re-evaluate how they are at risk for a data breach instead of what feels right. In their 2021 report, Social Engineering and Basic Web Application Attacks accounted for over 50% of all breach events. Keep reading to find out more!

Data breaches 106

Data breaches Social Engineering Engineering Phishing 106

eSecurity Planet

JUNE 7, 2022

They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. Application security, information security, network security, disaster recovery, operational security, etc.

Cybersecurity 124

Cybersecurity Identity Theft Encryption Antivirus 124

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. Twitter confirmed that the recent data breach that exposed data of 5.4 At the end of July, a threat actor leaked data of 5.4

Accountability 103

Accountability Data breaches Authentication Media 103

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency 72

Cryptocurrency Accountability Passwords Hacking 72

Security Affairs

MARCH 11, 2023

A new version of the Prometei botnet has infected more than 10,000 systems worldwide since November 2022, experts warn. Cisco Talos researchers reported that the Prometei botnet has infected more than 10,000 systems worldwide since November 2022. Russia only accounted for 0.31

Firewall 96

Firewall Malware Hacking Accountability 96

Security Affairs

JANUARY 20, 2022

Crypto.com confirmed that a cyber attack compromised around 400 of its customer accounts leading in the theft of $33 million. Recently, several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their accounts being protected with 2FA. ErgoBTC) January 18, 2022.

Accountability 81

Accountability Hacking Cryptocurrency Cyber Attacks 81

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 94

Accountability Phishing Passwords Hacking 94

Security Affairs

MAY 23, 2022

“I found that we can pass another tokens type, and this leads to stealing money from victim’s PayPal account.” “there are online services that let you add balance using Paypal to your account for example steam! I can use the same exploit and force the user to add money to my account!”

Accountability 108

Accountability Hacking Cybersecurity Information Security 108

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966 , that impacts Windows Server. “Yes.

Authentication 99

Authentication Encryption Hacking Accountability 99

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. The researchers discovered that in 2022, NSO Group customers used at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets worldwide. ” reads the report. ” reads the report.

Spyware 81

Spyware Surveillance Education Risk 81

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.

Accountability 87

Accountability Authentication Phishing Data breaches 87

Security Affairs

MARCH 6, 2022

A Linux kernel flaw, tracked as CVE-2022-0492 , can allow an attacker to escape a container to execute arbitrary commands on the container host. The vulnerability was discovered by the security researchers Yiqi Sun and Kevin Wang. 4, Linux announced CVE-2022-0492 , a new privilege escalation vulnerability in the kernel.

Hacking 88

Hacking Accountability Information Security 88

Security Affairs

MARCH 23, 2022

On March 22, 2022 night the group shared a torrent for a 7zip archive containing 9 GB of Microsoft source code. Microsoft has now confirmed that the attackers have compromised the account of one of its employees gaining limited access to source code repositories. . No customer code or data was involved in the observed activities.

Accountability 98

Accountability VPN Social Engineering Hacking 98

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 237

Scams Artificial Intelligence Cryptocurrency Accountability 237

Security Affairs

SEPTEMBER 23, 2022

Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. The CVE-2022-24086 has received a CVSS score of 9.8 reads the advisory published by Adobe.

Media 71

Media Hacking Malware Accountability 71

Security Affairs

SEPTEMBER 1, 2022

Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. ” concludes the report.

Accountability 90

Accountability Authentication Hacking Mobile 90

CyberSecurity Insiders

JANUARY 19, 2022

Data security is a C-suite imperative for 2022 and beyond. As organizational IT and security teams enabled hybrid work models, digitized processes and transformed business models, products and services, their security posture changed dynamically and often for the worse. In 2022, cloud security will capture $12.73

CISO 126

CISO Data breaches Artificial Intelligence Digital transformation 126

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday also addressed a publicly disclosed Elevation of Privilege zero-day in Windows Kernel tracked as CVE-2022-21989. both received a CVSS score of 8.8.

DNS 73

DNS Accountability Mobile Hacking 73

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 99

Banking Accountability Mobile Cryptocurrency 99