Hacking, Information Security and Passwords

Pokemon Company resets some users’ passwords

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords

Passwords Accountability Authentication Hacking

NCSC: New UK law bans default passwords on smart devices

Security Affairs

APRIL 30, 2024

The UK National Cyber Security Centre (NCSC) orders smart device manufacturers to ban default passwords starting from April 29, 2024. National Cyber Security Centre (NCSC) is urging manufacturers of smart devices to comply with new legislation that bans default passwords. ” reads the announcement published by NCSC.

Passwords

Passwords Manufacturing Telecommunications Cyber Attacks

DarkBeam leaks billions of email and password combinations

Security Affairs

SEPTEMBER 27, 2023

DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. The data leak, first identified on September 18th, was closed instantly after Diachenko informed the company about the issue.

Passwords

Passwords Data breaches Phishing Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Authentication Passwords Accountability

MyEstatePoint Property Search Android app leaks user passwords

Security Affairs

JANUARY 5, 2024

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. Scammers can use email addresses and plain text passwords for various attacks. However, the instance has been closed off since.

Passwords

Passwords Identity Theft Mobile Technology

KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

Security Affairs

MAY 18, 2023

A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X X Master Password Dumper that allows retrieving the master password for KeePass. x versions. “In KeePass 2.x x versions.

Passwords

Passwords Encryption Hacking Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking

Hacking Accountability Data breaches Marketing

FBI will share compromised passwords with HIBP Pwned Passwords

Security Affairs

MAY 29, 2021

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The Pwned Passwords service allows users to search for known compromised passwords and discover how many times they have been found in past data breaches.

Passwords

Passwords Data breaches Cybercrime Hacking

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords

Passwords Authentication Hacking Accountability

Crooks hacked Mandiant X account to push cryptocurrency scam

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. “Sorry, change password please.”

Scams

Scams Cryptocurrency Accountability Hacking

NortonLifeLock: threat actors breached Norton Password Manager accounts

Security Affairs

JANUARY 13, 2023

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. Pierluigi Paganini.

Password Management

Password Management Passwords Accountability Data breaches

Study reveals top 200 most common passwords

Security Affairs

NOVEMBER 20, 2021

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords.

Passwords

Passwords Password Management Data breaches Authentication

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

While the leaked information highlights Belcan’s commitment to information security through the implementation of penetration tests and audits, attackers could exploit the lapse in leaving the tests’ results open, together with admin credentials hashed with bcrypt.

Passwords

Passwords Penetration Testing Engineering Manufacturing

Plex discloses data breach and urges password reset

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches

Data breaches Passwords Media Accountability

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% SecurityAffairs – hacking, Slack). Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

Phishing with hacked sites

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing

Phishing Hacking Banking Scams

KeePass fixed the bug that allows the extraction of the cleartext master password

Security Affairs

JUNE 5, 2023

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. x versions. reads the post published by the Vdohney.

Passwords

Passwords Password Management Encryption Hacking

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Medusa Toyota has set the deadline for November 26 and has published a sample of the stolen data as proof of the hack.

Financial Services

Financial Services Hacking Ransomware Data breaches

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. ” concludes the report.

Passwords

Passwords Software Firmware Malware

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The malware also collects a variety of data, including system info, browser info, password manager info, miner related registry info, and installed games info. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

An attacker can exploit the flaw to achieve command execution on the affected D-Link NAS devices, gain access to potential access to sensitive information, system configuration alteration, or denial of service. The request includes parameters for a username (user=messagebus) and an empty field for the password ( passwd= ).

Internet

Internet Internet DNS Hacking

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords. . What seems to be the largest password collection of all time has been leaked on a popular hacker forum. The same user also claims that the compilation contains 82 billion passwords.

Passwords

Passwords Data breaches Accountability Password Management

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. ” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media

Media Hacking Passwords Data breaches

OpenWRT forum hacked, intruders stole user data

Security Affairs

JANUARY 18, 2021

It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. ” states the advisory.

Hacking

Hacking Data breaches Passwords Accountability

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management

Password Management Passwords Accountability Phishing

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. The Mikrotik RouterOS operating system does not support brute force protection and the default “admin” user password was an empty string until October 2021.

Hacking

Hacking Passwords Authentication Encryption

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

Security Affairs

MAY 11, 2023

The vulnerability resides in the plugin’s password reset functionality, it impacts versions 5.4.0 “It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. . ” continues the analysis.

Hacking

Hacking Risk Passwords Accountability

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability

Accountability Hacking Data breaches Passwords

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

LastPass hack caused by an unpatched Plex software on an employee’s PC

Security Affairs

MARCH 7, 2023

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack.

Software

Software Hacking Data breaches Media

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

LastPass revealed that intruders had internal access for four days during the August hack

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. SecurityAffairs – hacking, hack).

Hacking

Hacking Password Management Passwords Authentication

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. SecurityAffairs – hacking, Anonymous). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Government Banking Media

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Security Affairs

FEBRUARY 27, 2021

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A breach #infosec #deepwebnews @FinanzasEc @EcuCERT_EC pic.twitter.com/WTbXz8EYLx — Security Chronicle (@SecurChronicle) February 23, 2021. Pierluigi Paganini.

Hacking

Hacking Banking Ransomware Passwords

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

The leaked data includes login names, hashed passwords, and email addresses. It is not confirmed that all of the leaked data is legitimate, anyway, experts suggest users change their password immediately. Users that share the password at another site should also change the password. Pierluigi Paganini.

Hacking

Hacking Data breaches Cybercrime Passwords

User database was also hacked in the recent hack of PHP ‘s Git Server

Security Affairs

APRIL 8, 2021

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. All php.net passwords have been reset.

Hacking

Hacking Passwords Authentication Data breaches

GunAuction site was hacked and data of 565k accounts were exposed

Security Affairs

MARCH 2, 2023

Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability

Accountability Hacking Data breaches Passwords

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. The dump includes PLUTO TV’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address.

Accountability

Accountability Hacking Data breaches Passwords

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Spotify reset user passwords after accidentally personal information exposure

Security Affairs

DECEMBER 11, 2020

The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender. SecurityAffairs – hacking, data leak). We apologize for any inconvenience this may cause” continues the notice. Pierluigi Paganini.

Passwords

Passwords Accountability Hacking Data breaches

Anonymous claims to have hacked the Central Bank of Russia

Security Affairs

MARCH 24, 2022

The Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central Bank of Russia. SecurityAffairs – hacking, Bank of Russia).

Banking

Banking Hacking Government Cyber Attacks

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. One thing better than having an incredibly good password is to have a lot of them. Multi-Factor Authentication.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

Threat actors that go online with the moniker Adrastea claim to have hacked the multinational manufacturer of missiles MBDA. A threat actor that goes online with the moniker Adrastea , and that defines itself as a group of independent cybersecurity specialists and researchers, claims to have hacked MBDA. “Hello! .

Manufacturing

Manufacturing Hacking Passwords Cybersecurity

Pokemon Company resets some users’ passwords

NCSC: New UK law bans default passwords on smart devices

Webinars

Trending Sources

DarkBeam leaks billions of email and password combinations

Webinars

Threat actors hacked the Dropbox Sign production environment

MyEstatePoint Property Search Android app leaks user passwords

KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

FBI will share compromised passwords with HIBP Pwned Passwords

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Crooks hacked Mandiant X account to push cryptocurrency scam

NortonLifeLock: threat actors breached Norton Password Manager accounts

Study reveals top 200 most common passwords

Defense contractor Belcan leaks admin password with a list of flaws

Plex discloses data breach and urges password reset

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Phishing with hacked sites

KeePass fixed the bug that allows the extraction of the cleartext master password

Medusa ransomware gang claims the hack of Toyota Financial Services

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Asian media firm E27 hacked, attackers asked for a “donation”

OpenWRT forum hacked, intruders stole user data

Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

4 Million Quidd account details shared on hacking forums

TeamViewer flaw can allow hackers to steal System password

LastPass hack caused by an unpatched Plex software on an employee’s PC

Linksys force password reset to prevent Router hijacking

LastPass revealed that intruders had internal access for four days during the August hack

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

Threat actor leaked data for U.S. gun exchange site on hacking forum

User database was also hacked in the recent hack of PHP ‘s Git Server

GunAuction site was hacked and data of 565k accounts were exposed

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Spotify reset user passwords after accidentally personal information exposure

Anonymous claims to have hacked the Central Bank of Russia

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Threat actor claims to have hacked European manufacturer of missiles MBDA

Stay Connected