Duo's Security Blog

JULY 1, 2021

Tall Tale #1: PINs Are Just Passwords In Part 1 , we talked about how passwordless authentication is still multi-factor: Possession of a private key, ideally stored on a piece of secure hardware A biometric or PIN the authenticator uses to locally verify the user’s identity Reasoning about a PIN being used as a factor is simpler than a biometric.

Passwords 69

Passwords Surveillance Authentication Risk 69

Security Affairs

JANUARY 7, 2024

“The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Sea Turtle also used code from a publicly accessible GitHub account, which is likely under the control of the threat actor. Enable 2FA on all externally exposed accounts.

Media 105

Media Accountability Telecommunications Government 105

Security Affairs

SEPTEMBER 2, 2019

Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. The company discovered unauthorized access to its servers, the intruders stole personal information of the users, including usernames , hashed passwords, first and last names, gender information, and city of residenc.

Accountability 81

Accountability Data breaches Passwords Advertising 81

SecureWorld News

MARCH 10, 2021

Founded in 2016, Verkada is a security company that focuses on surveillance and facial recognition through the use of sophisticated software in security cameras. Now a hacking group says they accessed thousands of live feeds from Verkada's cameras around the world. The Verkada camera hack: what happened?

Hacking 66

Hacking Surveillance Passwords Internet 66

Security Affairs

AUGUST 7, 2022

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 SecurityAffairs – hacking, newsletter). Pierluigi Paganini.

Spyware 115

Spyware Manufacturing Small Business Surveillance 115

Approachable Cyber Threats

MAY 30, 2023

Category Awareness, Cybersecurity Fundamentals, Physical Security Risk Level You may have thought that hackers wore black suits and rappelled off the roof to hack a company, but that only exists in Hollywood. It is also essential to evaluate inactive accounts and terminate access on a regular basis.

Cybersecurity 98

Cybersecurity Passwords Data breaches Risk 98

Security Affairs

JANUARY 2, 2021

According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. Users should update their passwords on a regular basis.

Passwords 130

Passwords Surveillance Manufacturing Accountability 130

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 85

Artificial Intelligence Data breaches Scams Insurance 85

SecureWorld News

AUGUST 16, 2023

It encompasses various forms of cybercrime and online harm, including cyberstalking, tracking, hacking accounts and intimate image abuse. A common example of this is surveillance. Still, it might not be seen that way due to the normalization of surveillance and the narrative that 'surveillance is love'.

Surveillance 79

Surveillance Technology Accountability Spyware 79

Security Affairs

NOVEMBER 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. million patients in the U.S.

Data breaches 81

Data breaches Surveillance Cryptocurrency Ransomware 81

Krebs on Security

MARCH 29, 2022

It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death. THE LAPSUS$ CONNECTION.

Accountability 276

Accountability Government Hacking Social Engineering 276

Security Affairs

DECEMBER 4, 2022

. “Court documents and government contracting records show the agencies tasked with monitoring the Mexican border have spent record sums on car hacking tools, while talking up the extraordinary amount of valuable evidence that can be reaped from onboard computers.” SecurityAffairs – hacking, infotainment systems).

Surveillance 99

Surveillance Technology Mobile Hacking 99

Approachable Cyber Threats

MAY 30, 2023

Category Awareness, Cybersecurity Fundamentals, Physical Security Risk Level You may have thought that hackers wore black suits and rappelled off the roof to hack a company, but that only exists in Hollywood. It is also essential to evaluate inactive accounts and terminate access on a regular basis.

Cybersecurity 52

Cybersecurity Passwords Data breaches Risk 52

Webroot

FEBRUARY 19, 2021

For most small businesses, the chances of falling prey to a long-term covert surveillance operation by well-resourced, likely state-backed actors are slim. This shows that stealthily surveilling a network is not a tactic exclusive to highly sophisticated threat actors targeting enterprise businesses.

Small Business 70

Small Business Hacking Passwords Surveillance 70

Hot for Security

JANUARY 22, 2021

A former ADT employee entrusted with maintaining home security cameras has pleaded guilty to hacking into video feeds to watch couples having sex. Aviles accessed roughly 200 customer accounts more than 9,600 times without their consent over 4.5 years, court papers say. years, court papers say.

Hacking 94

Hacking Computers and Electronics Accountability Passwords 94

Malwarebytes

JULY 22, 2021

When weaponized by authoritarian governments, surveillance chills free speech, scares away dissent, and robs an innocent public of a life lived unwatched, for no crime committed other than speaking truth to power, conducting public health research, or simply loving another person. They have no shame. They must be brought to justice.”.

Spyware 120

Spyware Surveillance Mobile Government 120

eSecurity Planet

SEPTEMBER 25, 2022

In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Apple has also promised that passwords will be a thing of the past, and passkeys will become available for iOS 16. Dashlane last month integrated passkeys into its cross-platform password manager.

Passwords 122

Passwords Password Management Authentication Technology 122

Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. On June 11, 2017, Terpin’s phone went dead.

Mobile 236

Mobile Cryptocurrency Accountability Authentication 236

Schneier on Security

DECEMBER 28, 2020

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. Sometime before March, hackers working for the Russian SVR — previously known as the KGB — hacked into SolarWinds and slipped a backdoor into an Orion software update. (We

Hacking 358

Hacking Government Internet Internet 358

Security Affairs

DECEMBER 10, 2023

billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) Will Enable Mass Spying Reddit Says Leaked U.S.-U.K.

Data breaches 83

Data breaches Ransomware Hacking Financial Services 83

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-. SecurityAffairs – hacking, LILIN).

Firmware 103

Firmware Surveillance Manufacturing Advertising 103

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 90

Data breaches Malware Mobile Spyware 90

Krebs on Security

AUGUST 7, 2018

Investigators allege Handschumacher was part of a group of at least nine individuals scattered across multiple states who for the past two years have drained bank accounts via an increasingly common scheme involving mobile phone “SIM swaps.”

Mobile 212

Mobile Cryptocurrency Scams Computers and Electronics 212

CyberSecurity Insiders

MARCH 9, 2021

Verkada, a silicon valley based company that offers cloud based security surveillance services was reportedly breached by hackers on Monday this week. All customers who could have been impacted will be notified digitally about the hack and the measures to take to avoid any cyber attack repercussions.

Surveillance 72

Surveillance Hacking Cyber Attacks Marketing 72

Security Affairs

DECEMBER 29, 2018

A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. “ The bad news is that the vendor hasn’t yet addressed the flaw.

Firmware 82

Firmware Surveillance IoT Passwords 82

Adam Levin

APRIL 8, 2019

A week after it landed with a curious (and most likely spurious) thud, Zuckerberg’s announcement about a new tack on consumer privacy still has the feel of an unexpected message from some parallel universe where surveillance (commercial and/or spycraft) isn’t the new normal. This article originally appeared on Inc.com.

Hacking 100

Hacking Data privacy Artificial Intelligence System Administration 100

Krebs on Security

NOVEMBER 15, 2022

The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank. “In early October, the Ukrainian surveillance team said they’d lost him,” he wrote.

Banking 277

Banking Small Business Accountability Cybercrime 277

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 84

Data breaches DDOS Artificial Intelligence Ransomware 84

BH Consulting

DECEMBER 11, 2023

These practices can lead to account compromise, or enabling unauthorised users to access sensitive data and escalate privileges. Sounds like excessive surveillance? It’s the SANS Holiday Hack Challenge. MORE People’s password habits are getting better … slowly. Links we liked A fun new Yuletide game?

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

SecureWorld News

DECEMBER 23, 2020

Earlier this year, 36 journalists, producers, anchors, and executives at Al Jazeera had their personal phones hacked. Their phones were hacked through the use of an exploit chain known as KISMET, an invisible zero-click exploit in iMessage. and could hack the Apple iPhone 11.

Spyware 52

Spyware Surveillance Hacking Media 52

Security Affairs

MARCH 10, 2019

The Android caller ID app Dalil exposed online data belonging over 5 million users, security experts discovered a MongoDB database left accessible on the web without a password. The availability of this data represents a serious threat to the privacy of the users, threat actors could use it for surveillance activity.

Passwords 83

Passwords Advertising Surveillance Encryption 83

Schneier on Security

NOVEMBER 13, 2018

By developing more advanced security features and building them into these products, hacks can be avoided. And current liability laws make it hard to hold companies accountable for shoddy software security. Consumers will buy products without proper security features, unaware that their information is vulnerable.

IoT 227

IoT Manufacturing Internet Internet 227

Security Affairs

AUGUST 4, 2019

Crooks used rare Steganography technique to hack fully patched websites in Latin America. Jessica Alba ‘s Twitter account hacked, it posted racist and homophobic messages. Android devices could be hacked by playing a video due to CVE-2019-2107 flaw. Hacking avionics systems through the CAN bus. Cisco to pay $8.6

Data breaches 60

Data breaches eCommerce Hacking Malware 60

Security Affairs

MAY 16, 2019

During the last month, our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. At this time, we have no evidence to hypothesize it could be a victim of previous hacks or not. Introduction. Figure 4: Malware suspicious entropy level.

Banking 69

Banking Malware Surveillance Retail 69

Identity IQ

FEBRUARY 8, 2024

But the dark web is also associated with illegal activities including the trafficking of drugs, weapons, and illegal pornography, hacking and cybercrime, terrorism, and the sale of stolen data or personal information. He was charged with money laundering, computer hacking, and conspiracy to traffic narcotics.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

The Last Watchdog

NOVEMBER 9, 2020

IoT-enabled scams and hacks quickly ramped up to a high level – and can be expected to accelerate through 2021 and beyond. Hacking collectives are very proficient at “exploiting weak authentication schemes to gain persistence inside of a targeted network,” Sherman says. In response, threat actors are hustling to take full advantage.

IoT 279

IoT Healthcare Internet Internet 279

Security Affairs

SEPTEMBER 1, 2019

Experts uncovered a hacking campaign targeting several WordPress Plugins. White hat hacker demonstrated how to hack a million Instagram accounts. Expert found Russias SORM surveillance equipment leaking user data. Foxit Software discloses a data breach that exposed user passwords. Remove it now from your phone!

eCommerce 47

eCommerce Data breaches Malware Advertising 47