Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” Strangely, not all VMs shared the same authentication, but all were destroyed. The first signs of the attack came on the morning of Feb. Just attack and destroy.”

Hacking 249

Hacking DDOS Backups Accountability 249

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability 102

Accountability Hacking Data breaches Advertising 102

Troy Hunt

OCTOBER 2, 2020

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived.

Accountability 363

Accountability Hacking Passwords InfoSec 363

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking 139

Hacking Advertising Authentication Information Security 139

Security Affairs

MAY 31, 2020

One vulnerability could allow an authenticated user with subscriber-level and above permissions to update and modify posts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – PageLayer, hacking).

Hacking 109

Hacking Advertising Authentication Accountability 109

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. ” Experts noticed the lack of authentication between the backend servers and the “Mercedes me” mobile app, which allows users to remotely control multiple functions of the car.

Hacking 145

Hacking Advertising Mobile Engineering 145

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication 88

Authentication Accountability Advertising Passwords 88

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. ZDNet confirmed the authenticity of the leaked data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Accountability 113

Accountability Hacking Passwords Data breaches 113

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet 111

Internet Internet Hacking Advertising 111

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 103

Hacking Data breaches Advertising Backups 103

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking 102

Hacking Ransomware Banking Mobile 102

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online. SecurityAffairs – LineageOS, hacking).

Hacking 94

Hacking Advertising Authentication Mobile 94

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication 56

Authentication Advertising Hacking Malware 56

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). Pierluigi Paganini.

Hacking 131

Hacking Accountability Passwords InfoSec 131

Security Affairs

FEBRUARY 22, 2019

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems.

Authentication 80

Authentication Advertising Media Accountability 80

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication 91

Authentication Advertising Accountability Hacking 91

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. SecurityAffairs – unsigned firmware, hacking).

Firmware 118

Firmware Hacking Authentication Advertising 118

Security Affairs

JUNE 8, 2020

DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication 91

Authentication Mobile Accountability Passwords 91

Security Affairs

JULY 14, 2020

The company confirmed that the an investigation into the hack is still ongoing. Researchers verified the authenticity of the data included in a sample set composed of US and UK users’ records. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, LiveAuctioneers ).

Hacking 99

Hacking Data breaches Identity Theft Advertising 99

Security Affairs

NOVEMBER 27, 2019

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 On Reddit , some users have questioned the authenticity of the hack claim, which is no surprise given how often exchanges will say they have suffered a cyberattack , only to perform an exit scam. . million in cryptocurrency.

Cryptocurrency 98

Cryptocurrency Hacking Scams Data breaches 98

Security Affairs

MAY 25, 2020

.” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking 90

Hacking Advertising Authentication Passwords 90

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking 79

Hacking DNS Cryptocurrency Accountability 79

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The flaw is an authentication-bypass vulnerability that was introduced in Libssh version 0.6 and above have an authentication bypass vulnerability in the server code.

Hacking 91

Hacking Authentication Advertising Engineering 91

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 90

Accountability Hacking Advertising Media 90

Security Affairs

JULY 29, 2019

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). Pierluigi Paganini.

Authentication 68

Authentication Advertising Information Security Hacking 68

Security Affairs

MARCH 9, 2019

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. Simply by tampering with parameters, one can update the email address registered to the account without authentication, send a password reset to the modified address (i.e.

Hacking 106

Hacking Accountability Engineering Advertising 106

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 92

Passwords Hacking Wireless Authentication 92

Security Affairs

OCTOBER 21, 2018

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. It shows how hackers combined the tool to carry out high sophisticated hacking operations. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Hacking 93

Hacking Energy and Utilities Advertising Authentication 93

Security Affairs

FEBRUARY 17, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WordPress).

Hacking 115

Hacking Advertising Authentication 115

Security Affairs

MAY 12, 2019

“We develop our own iris recognition algorithm so that no one can hack your USB drive even [if] they have your iris pattern. The first tests he made attempted to bypass the biometric authentication using a photo, but it did work. ” Londge pointed out that when the use r authenticates to the USB stick.

Hacking 95

Hacking Passwords Authentication Advertising 95

Security Affairs

MARCH 12, 2020

Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The short answer is, YES it is.

Hacking 81

Hacking Banking Authentication Wireless 81

Security Affairs

DECEMBER 3, 2019

The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – OAuth, hacking).

Authentication 66

Authentication Accountability Social Engineering Advertising 66

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the warning.

VPN 111

VPN Hacking IoT Advertising 111

Security Affairs

DECEMBER 24, 2018

” Once the mobile app has discovered the IP address of the lights, it authenticates with them, receives an authentication token and retrieves information about the device. Experts found a flaw in the authentication process, it only authenticates the lights to the app and not visa- versa. . Pierluigi Paganini.

IoT 79

IoT Hacking DNS Authentication 79

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. An attempted attack requires user authentication.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SP1 for Windows. ” reported ZDNet.

Antivirus 125

Antivirus Hacking Advertising Media 125

Security Affairs

DECEMBER 10, 2019

Microsoft users’ accounts are exposed to the hack due to the bad habit of reusing passwords on multiple services and the adoption of weak passwords. Multi-Factor Authentication (MFA) could drastically improve the security of the accounts, according to Microsoft 99.9 % of identity attacks have been thwarted by enabling MFA.

Accountability 80

Accountability Hacking Passwords Advertising 80

Security Affairs

JUNE 3, 2019

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication. An attacker could broadcast any video without any authentication, the worst case attacker could leverage this vulnerability to broadcast a fake emergency message (Scary right?).

Hacking 72

Hacking Authentication Advertising Cybersecurity 72