Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. The flaw can be exploited to hijack an account without any interaction.

Accountability 107

Accountability Passwords Hacking Cybersecurity 107

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Threat actors exploited reused passwords obtained from third-party websites.

Accountability 106

Accountability Passwords Data breaches Hacking 106

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The flaw can be exploited to hijack an account without any interaction.

Accountability 126

Accountability Passwords Internet Internet 126

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 98

Hacking Authentication Passwords Accountability 98

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management 98

Password Management Passwords Accountability Phishing 98

Security Affairs

OCTOBER 18, 2023

A vulnerability in Synology DiskStation Manager ( DSM ) could be exploited to decipher an administrator’s password. The issue resides in the insecure Javascript Math.random() function that is used to generate the administrator’s password for the NAS device. ” reads the advisory published by the company.

Accountability 120

Accountability Passwords Hacking Internet 120

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability 137

Accountability Hacking Data breaches Passwords 137

Security Affairs

JANUARY 13, 2024

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. prior to 16.1.6, prior to 16.2.9, prior to 16.3.7,

Accountability 112

Accountability Passwords Hacking Information Security 112

Security Affairs

MARCH 2, 2023

Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability 80

Accountability Hacking Data breaches Passwords 80

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. An administrator account Xerx3s on Abusewithus. Abusewith[.]us

Hacking 200

Hacking Accountability Data breaches Marketing 200

Security Affairs

AUGUST 17, 2020

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked.

Government 130

Government Accountability Hacking Advertising 130

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium , APT33 , Elfin , and Magic Hound ).

Passwords 100

Passwords Accountability Authentication Hacking 100

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). The post ShinyHunters hacked Pluto TV service, 3.2M

Accountability 94

Accountability Hacking Data breaches Passwords 94

Security Affairs

JANUARY 20, 2024

Microsoft revealed that the Russia-linked APT Midnight Blizzard has compromised some of its corporate email accounts. Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. Microsoft notified law enforcement and relevant regulatory authorities.

Hacking 91

Hacking Passwords Accountability Authentication 91

Security Affairs

APRIL 27, 2020

Experts discovered how to take over Microsoft Teams accounts by just sending recipients a regular GIF, it works for both desktop and web Teams versions. s and could take over an account. After doing all of this, the attacker can steal the victim’s Teams account data.” ” reads the analysis published by CyberArk.

Accountability 144

Accountability Hacking Authentication Advertising 144

Security Affairs

JANUARY 7, 2022

million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 The threat actors claim the stolen database contains customer information, including names, emails, phone numbers, hashed passwords, and password salt. million accounts. SecurityAffairs – hacking, IKEA).

Data breaches 136

Data breaches Accountability Passwords Cybercrime 136

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.

Accountability 102

Accountability Hacking Data breaches Advertising 102

Security Affairs

JANUARY 25, 2024

The Midnight Blizzard group (aka APT29 , SVR group , Cozy Bear , Nobelium , BlueBravo , and The Dukes ) along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections. reads a Form 8-K filing with the SEC.

Hacking 108

Hacking Accountability Passwords Cybersecurity 108

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 106

Internet Internet Accountability Passwords 106

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches 103

Data breaches Passwords Media Accountability 103

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords 109

Passwords Authentication Hacking Accountability 109

Security Affairs

FEBRUARY 7, 2021

The Largest compilation of emails and passwords (COMB), more than 3.2 billion login credentials, has been leaked on a popular hacking forum. This breach was dubbed “Compilation of Many Breaches” (COMB), the data is archived in an encrypted, password-protected container. billion email and password pairs, all in plaintext.”

Passwords 140

Passwords Hacking Accountability Banking 140

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 144

Data breaches Accountability Advertising Passwords 144

Security Affairs

MAY 29, 2021

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The Pwned Passwords service allows users to search for known compromised passwords and discover how many times they have been found in past data breaches.

Passwords 109

Passwords Data breaches Cybercrime Hacking 109

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. ” reads the announcement published by the company. face recognition, fingerprints).

Accountability 91

Accountability Passwords Password Management Phishing 91

Security Affairs

DECEMBER 23, 2022

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information.

Encryption 97

Encryption Passwords Data breaches Backups 97

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Some users with AT&T email addresses wrote on Reddit that they have been hacked, and some of them claim they had the same issue for months.

Cryptocurrency 75

Cryptocurrency Accountability Passwords Hacking 75

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing 79

Phishing Hacking Banking Scams 79

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Pierluigi Paganini.

Accountability 79

Accountability Hacking Passwords Advertising 79

Security Affairs

JANUARY 6, 2022

million of their customers have had their user accounts compromised in credential stuffing attacks. million accounts of their customers were compromised in credential stuffing attacks. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. Every company did so.”

Accountability 125

Accountability Retail Passwords Data breaches 125

Security Affairs

NOVEMBER 20, 2021

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords.

Passwords 100

Passwords Password Management Data breaches Authentication 100

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. “If you want proof we have hacked T-Systems as well. ” WHOLESALE PASSWORD THEFT.

Passwords 208

Passwords Ransomware Password Management Malware 208

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack.

Accountability 108

Accountability Social Engineering Authentication VPN 108

Security Affairs

AUGUST 22, 2023

While the leaked information highlights Belcan’s commitment to information security through the implementation of penetration tests and audits, attackers could exploit the lapse in leaving the tests’ results open, together with admin credentials hashed with bcrypt.

Passwords 81

Passwords Penetration Testing Engineering Manufacturing 81

Security Affairs

SEPTEMBER 25, 2022

For users with TOTP-based two-factor authentication (2FA) enabled, the phishing site also relays any TOTP codes to the threat actor and GitHub in real time, allowing the threat actor to break into accounts protected by TOTP-based 2FA. Accounts protected by hardware security keys are not vulnerable to this attack.”

Accountability 101

Accountability Phishing Authentication Passwords 101

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. “One of our recent surveys found that 15 percent of people use their pets’ names for password inspiration. . SecurityAffairs – hacking, passwordless authentication).

Authentication 93

Authentication Accountability Passwords Phishing 93

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 110

Accountability Authentication Passwords Data breaches 110