2014, Authentication, Hacking and Passwords

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” ” Items SBU authorities seized after raiding Sanix’s residence.

Passwords

Passwords Accountability Hacking Password Management

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. SecurityAffairs – hacking, Data breach). ” . .

Retail

Retail Data breaches Penetration Testing Password Management

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. But now, at long last, we’re on the brink of eliminating passwords altogether, once and for all. Password tradeoffs Passwords have always been a big pain. and across Europe.

Authentication

Authentication VPN Passwords Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability

Accountability Hacking Media Mobile

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

OCTOBER 2, 2020

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived.

Accountability

Accountability Hacking Passwords InfoSec

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. One threat actor responded to the post stating that he has already cracked, or decrypted, nearly a million password hashes.”

Accountability

Accountability Hacking Data breaches Passwords

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

WPA3 attacks allow hackers to hack Wi-Fi password

Security Affairs

APRIL 10, 2019

Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks. Security researchers discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Advertising Network Security

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. The hacker has shared 15 million user records calling for action in cracking the passwords that are hashed using the SHA2-384 hashing algorithm. ZDNet confirmed the authenticity of the leaked data.

Accountability

Accountability Hacking Passwords Data breaches

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Change your Activision account passwords and add 2FA immediately.

Hacking

Hacking Data breaches Accountability Passwords

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. million user accounts worldwide were using ‘123456’ as password, while 7.7 Another good practice is the set up of multi-factor authentication wherever possible.

Passwords

Passwords Accountability Data breaches Advertising

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. ” The flaw could allow unauthorized third-party access to the router with admin privileges without proper authentication. .” SecurityAffairs – TP-Link Archer, hacking).

Passwords

Passwords Advertising Firmware Authentication

Unacademy hacked, 22 million accounts offered for sale

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability

Accountability Hacking Data breaches Advertising

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

I strongly advise you, firstly, to log on to all servers running HP Device Manager and set a strong password for the "dm_postgres" user of the "hpdmdb" Postgres database on TCP port 40006 1/4 — Nicky Bloor (@nickstadb) September 29, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Accountability Passwords InfoSec

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

.” According to the company, attackers accessed personal details of the users, including names, email addresses, mailing addresses, phone numbers, and also encrypted passwords. The company confirmed that the an investigation into the hack is still ongoing. million users’ data and 3 million cracked username password combinations.

Hacking

Hacking Data breaches Identity Theft Advertising

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom.

Hacking

Hacking DDOS Backups Accountability

Popular OGUsers hacking forum breached for the second time in a year

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking

Hacking Data breaches Advertising Backups

Hacking the ‘Unhackable’ eyeDisk USB stick

Security Affairs

MAY 12, 2019

The paradox, the USB stick eyeDisk that uses iris recognition to unlock the drive could reveal the device’s password in plain text in a simple way. “We develop our own iris recognition algorithm so that no one can hack your USB drive even [if] they have your iris pattern. ” reads the description of the product.

Hacking

Hacking Passwords Authentication Advertising

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. ” Experts noticed the lack of authentication between the backend servers and the “Mercedes me” mobile app, which allows users to remotely control multiple functions of the car.

Hacking

Hacking Advertising Mobile Engineering

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. The Indian Government fixed a flaw in the secure document wallet service Digilocker that could have potentially allowed anyone’s access without password. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Mobile Accountability Passwords

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

More than 44 million Microsoft user accounts are exposed to hack

Security Affairs

DECEMBER 10, 2019

Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. ” For each credential in the database belonging to its users, Microsoft forced a password reset, Microsoft recommends users to use MFA wherever possible. .”

Accountability

Accountability Hacking Passwords Advertising

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . SecurityAffairs – Poloniex exchange, hacking).

Passwords

Passwords Cryptocurrency Data breaches Advertising

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. The flaw, tracked as CVE-2019-14684, could allow an authenticated attacker to run with SYSTEM privileges an arbitrary, unsigned DLL file within a trusted process. . Another researcher, Tr?n

Password Management

Password Management Passwords Advertising Authentication

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Security Affairs

MAY 25, 2020

.” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Authentication Passwords

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The flaw is an authentication-bypass vulnerability that was introduced in Libssh version 0.6 and above have an authentication bypass vulnerability in the server code.

Hacking

Hacking Authentication Advertising Engineering

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

MARCH 9, 2019

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. Simply by tampering with parameters, one can update the email address registered to the account without authentication, send a password reset to the modified address (i.e.

Hacking

Hacking Accountability Engineering Advertising

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. I started hacking a long time ago.

Accountability

Accountability Hacking Advertising Data breaches

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

When accessed remotely, the virtual media service allows plaintext authentication, sends most traffic unencrypted, uses a weak encryption algorithm for the rest, and is susceptible to an authentication bypass. In the simplest case, an attacker could simply try the well-known default username and password for the BMC.

Hacking

Hacking Firmware Media Authentication

Great news, now you can protect your Zoom account with 2FA

Security Affairs

SEPTEMBER 11, 2020

Zoom has implemented two-factor authentication (2FA) to protect all user accounts against security breaches and other cyber attacks. Zoom has announced finally implemented the two-factor authentication (2FA) to protect all user accounts from unauthorized accesses. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Authentication Advertising Passwords

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Intel 471 shows akafitis@gmail.com was used to register another O.R.Z. user account — this one on Verified[.]ru ru in 2008.

Malware

Malware Cybercrime Software Antivirus

Dailymotion forces password reset in response to credential stuffing Attack

Security Affairs

JANUARY 28, 2019

After the discovery of hacking attempts, the French firm logged users out and forced a password reset procedure by including in the notification a link to change the password and re-gain access to the account. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the company.

Passwords

Passwords Data breaches Accountability Advertising

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. “In this video you can how we decrypt the traffic of the Fortinet SSL-VPN client and extract the user’s password and OTP. SecurityAffairs – hacking, Fortigate VPN).

VPN

VPN Hacking IoT Advertising

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, ZeroLogon).

Security Intelligence

Security Intelligence Authentication Advertising Passwords

A flaw in Microsoft OAuth authentication could lead Azure account takeover

Security Affairs

DECEMBER 3, 2019

The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – OAuth, hacking).

Authentication

Authentication Accountability Social Engineering Advertising

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Data breaches Mobile Advertising

Tens of thousands of hot tubs are exposed to hack

Security Affairs

JANUARY 7, 2019

The hot tubs could be remotely controlled by an app, dubbed Balboa Water App, that lack of authentication mechanisms. The unprotected devices can be easily hacked because the AP is open and no PSK is used. An attacker could hack into the hot tubs in the nearby or remotely. SecurityAffairs – IoT, hacking).

Hacking

Hacking Cyber Attacks Mobile IoT

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

. “Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet” Attackers attempt to brute-force the username and password used to protect RDP access to systems exposed online, they can use combinations of random characters or leverage dictionary of most popular passwords.

Passwords

Passwords Advertising VPN Authentication

Attackers hacked support agent to access Microsoft Outlook email accounts

Security Affairs

APRIL 14, 2019

Experts at THN highlighted that even the two-factor authentication was not able to prevent users’ accounts. ” Microsoft recommended all users, even not affected ones, to reset the passwords for their Microsoft accounts as a precautionary measure. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Hacking Data breaches Advertising

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Webinars

Trending Sources

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Webinars

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

TeamViewer flaw can allow hackers to steal System password

Hacking Grindr Accounts with Copy and Paste

4 Million Quidd account details shared on hacking forums

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

WPA3 attacks allow hackers to hack Wi-Fi password

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Alleged Activision hack, 500,000 Call Of Duty players impacted

Over 23 million breached accounts were using ‘123456’ as password

TP-Link Archer routers allow remote takeover without passwords

Unacademy hacked, 22 million accounts offered for sale

HP Device Manager flaws expose Windows systems to hack

3.4 Million user records from LiveAuctioneers hack available for sale

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Popular OGUsers hacking forum breached for the second time in a year

Hacking the ‘Unhackable’ eyeDisk USB stick

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

A flaw in India Digilocker could?ve been exploited to bypass authentication

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

More than 44 million Microsoft user accounts are exposed to hack

Poloniex forces password reset following a data leak

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Experian, You Have Some Explaining to Do

Thousands of servers easy to hack due to a LibSSH Flaw

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Vulnerabilities in car alarm systems exposed 3 million cars to hack

620 million accounts stolen from 16 hacked websites available for sale on the dark web

USBAnywhere BMC flaws expose Supermicro servers to hack

Great news, now you can protect your Zoom account with 2FA

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Dailymotion forces password reset in response to credential stuffing Attack

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Hackers are using Zerologon exploits in attacks in the wild

A flaw in Microsoft OAuth authentication could lead Azure account takeover

UberEats data leaked on the dark web

Tens of thousands of hot tubs are exposed to hack

RDP brute-force attacks rocketed since beginning of COVID-19

Attackers hacked support agent to access Microsoft Outlook email accounts

Stay Connected