Security Affairs

FEBRUARY 27, 2020

Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Now the authors implemented the ability to steal 2FA code from the Google Authenticator app abusing the Accessibility Privileges. Pierluigi Paganini.

Banking 107

Banking Authentication Advertising Malware 107

Security Affairs

MAY 3, 2020

The company has over 4200 employees and accounts for over 90 million active users every month. ZDNet confirmed the authenticity of the leaked data. Tokopedia is currently investigating the security breach, it notified the users asking them to reset their account passwords. Pierluigi Paganini.

Accountability 125

Accountability Hacking Passwords Data breaches 125

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reported ZDNet. Pierluigi Paganini.

Accountability 138

Accountability Hacking Data breaches Passwords 138

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates.

Authentication 97

Authentication Mobile Accountability Passwords 97

Security Affairs

FEBRUARY 22, 2019

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems.

Authentication 85

Authentication Advertising Media Accountability 85

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication 118

Authentication VPN Passwords Hacking 118

Security Affairs

MARCH 17, 2019

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Accountability 112

Accountability Phishing Authentication Passwords 112

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 305

Accountability Passwords Authentication Password Management 305

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication 101

Authentication Advertising Accountability Hacking 101

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 95

Accountability Hacking Advertising Media 95

Security Affairs

NOVEMBER 3, 2018

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. ” states the BBC.

Accountability 108

Accountability Advertising Cybercrime Hacking 108

Security Affairs

APRIL 14, 2019

Bad news for users of the Microsoft Outlook email service, hackers have compromised the Microsoft Support Agent to access their email accounts. Earlier this year, hackers breached Microsoft’s customer support portal and gained access to some email accounts registered with the Microsoft’s Outlook service. Pierluigi Paganini.

Accountability 104

Accountability Hacking Data breaches Advertising 104

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Pierluigi Paganini.

Accountability 94

Accountability Hacking Passwords Advertising 94

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 136

Accountability Advertising Account Security Authentication 136

Malwarebytes

JULY 25, 2022

Word is spreading of a compromise claimed to have accessed around 69 million user accounts. Back in 2014, “tens of millions” of Neopets accounts were said to have been traded on underground forums. In 2020, there were claims of ways to potentially gain access to user accounts. Neopets also addressed this.

Data breaches 77

Data breaches Accountability Passwords Password Management 77

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability 100

Accountability Data breaches Passwords Advertising 100

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication 117

Authentication Mobile Advertising Accountability 117

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. “I need the money. Pierluigi Paganini.

Accountability 105

Accountability Hacking Advertising Data breaches 105

Security Affairs

JANUARY 16, 2019

Security researchers at Check Point have discovered several flaws in the popular game Fortnite that could be exploited to takeover gamers’account. One of the flaws is an OAuth account takeover vulnerability that could have allowed a remote attacker to takeover gamer accounts tricking players into clicking a specially crafted link.

Accountability 73

Accountability Authentication Advertising Phishing 73

Security Affairs

APRIL 29, 2019

million user accounts worldwide were using ‘123456’ as password, while 7.7 Another good practice is the set up of multi-factor authentication wherever possible. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords 108

Passwords Accountability Data breaches Advertising 108

Security Affairs

AUGUST 15, 2018

Hundreds of Instagram accounts were hijacked in what appears to be the result of a coordinated attack, all the accounts share common signs of compromise. Alleged attackers have hijacked Instagram accounts and modified personal information making impossible to restore the accounts. Russian domain. Russian domain.

Accountability 60

Accountability Hacking Authentication Passwords 60

Adam Levin

SEPTEMBER 20, 2018

A study released by the Government Accountability Office earlier this year showed that the State Department has deployed two-factor authentication to only 11% of the devices used by staff. Two-factor authentication is a legal requirement and also considered a bare minimum protocol for cybersecurity protection.

Authentication 203

Authentication Government Cyber Attacks Cybersecurity 203

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords 334

Passwords Accountability Hacking Password Management 334

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. That same email address also is tied to two forum accounts for a user with the handle “ O.R.Z.” account on Carder[.]su

Malware 228

Malware Cybercrime Software Antivirus 228

Security Affairs

JULY 19, 2018

Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. ” read the post published by ZDNet.

Accountability 57

Accountability Data breaches Passwords Advertising 57

Security Affairs

DECEMBER 1, 2019

Over 90 percent of the users identified by Google were targeted via “credential phishing emails” that attempt to trick victims into providing their password or other account credentials to hijack their Google account. It doesn’t mean that hackers successfully compromised their Google accounts. Pierluigi Paganini.

Phishing 141

Phishing Accountability Advertising Cyber Attacks 141

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 118

Hacking Data breaches Accountability Passwords 118

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. Pierluigi Paganini.

Authentication 125

Authentication Advertising Accountability Hacking 125

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Exposed records include information such as login credentials, full name, contact number, trip details, bank card details, account creation date. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking 145

Banking Data breaches Mobile Advertising 145

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising 89

Advertising Media Accountability Account Security 89

Security Affairs

SEPTEMBER 18, 2020

Rampant Kitten has been active at least since 2014 and was involved in ongoing surveillance operations against Iranian minorities, anti-regime organizations, and resistance movements. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking, Rampant Kitten).

Malware 103

Malware Phishing Accountability Advertising 103

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The malicious updates employed in the Zerologon attacks are able to bypass the user account control (UAC) security feature in Windows and abuse the Windows Script Host tool (wscript.exe) to execute malicious scripts. Pierluigi Paganini.

Cybercrime 124

Cybercrime Security Intelligence Authentication Banking 124

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 145

Firewall Passwords Accountability Advertising 145

Security Affairs

MARCH 31, 2020

name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., stay/room preferences and language preference). .”

Data breaches 125

Data breaches Passwords Advertising Accountability 125

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. platform, offered data were authentic according to the feds.

Accountability 122

Accountability Advertising Passwords Hacking 122

Security Affairs

DECEMBER 10, 2018

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings. The defacement page also includes links and a Twitter account (@kitlol5) believed to be under the control of the attacker. After the incident, admins have enabled MFA on all accounts.

DNS 111

DNS Accountability Advertising Authentication 111

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication 136

Authentication Advertising Architecture Cybercrime 136