2014, Backups and Passwords - Cyber Security Informer

The Worst Passwords of 2014

Spinone

JANUARY 21, 2015

Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3

Passwords

Passwords Password Management Backups Hacking

Hacker deleted all data from VFEmail Servers, including backups

Security Affairs

FEBRUARY 13, 2019

A destructive cyberattack hit the email provider VFEmail, a hacker wiped its servers in the United States, including the backup systems. An unknown attacker has launched a destructive cyber attack against the email provider VFEmail, he erased information on its server including backups, 18 years’ worth of customer emails were lost. “We

Backups

Backups Advertising VPN Cyber Attacks

How BeerAdvocate Learned They'd Been Pwned

Troy Hunt

JULY 21, 2020

The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned as they'd seen evidence of an email address and password they'd used on the service being abused. Someone had registered a new Netflix account with my email / password associated with my BeerAdvocate account. Not even a password manager.

Passwords

Passwords Accountability Password Management Backups

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The team behind the Joomla CMS discloses a data breach

Security Affairs

JUNE 1, 2020

Last week a member of the Joomla Resources Directory (JRD) team left an unencrypted full backup of the JRD site ( resources.joomla.org ) on an unsecured Amazon Web Services S3 bucket operated by the company. “JRD full site backups (unencrypted) were stored in a third-party company Amazon Web Services S3 bucket.

Data breaches

Data breaches Backups Passwords Advertising

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

.” While CLOP as a money making collective is a fairly young organization, security experts say CLOP members hail from a group of Threat Actors (TA) known as “TA505,” which MITRE’s ATT&CK database says is a financially motivated cybercrime group that has been active since at least 2014. ” . ”

Healthcare

Healthcare Backups Ransomware Insurance

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Www backup paths.

Internet

Internet Internet Passwords Malware

Frost & Sullivan databases available for sale on a hacker forum

Security Affairs

JUNE 24, 2020

firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. The employee database includes first and last names, login names, email addresses, and hashed passwords. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Backups Advertising Hacking

SQL Dump from popular Indian BGR tech site leaked online

Security Affairs

FEBRUARY 27, 2020

The data leak was first reported by experts from the security firm Under the Breach , the full SQL backup contains , emails, hashed passwords, and other information. – Usernames, E-mails, Passwords and more. – Full SQL backup. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Backups

Backups Advertising Passwords Hacking

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Security Affairs

JUNE 29, 2019

The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups.” Some of the files are dated back September 2014, while other documents were uploaded a few days prior to the expert at UpGuard’s discovery the AWS buckers.

Banking

Banking Backups Big data Advertising

Aerial Direct, the O2’s largest UK partner suffered a data breach

Security Affairs

MARCH 16, 2020

Aerial Direct’s data breach notification sent to the customers revealed that an unauthorized third party had been able to access customer data on 26 February through an external backup database. To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.”

Data breaches

Data breaches Telecommunications Passwords Advertising

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. Every file server is lost, every backup server is lost. Founded in 2001 and based in Milwaukee, Wisc.,

Hacking

Hacking DDOS Backups Accountability

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

The Last Watchdog

APRIL 29, 2019

Semperis is a security company, launched in 2014, that is entirely focused on AD – or, to put it more precisely, on delivering state-of-art AD cyber resilience, threat mitigation and rapid recovery from cyber breaches. This, in fact, was the service Semperis set out to provide when it launched in 2014.

Backups

Backups Ransomware Accountability Malware

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection. Require strong and complex passwords for all accounts that can be logged into via RDP. Use an additional layer of authentication ( MFA/2FA ).

Passwords

Passwords Internet Internet Advertising

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Security Affairs

MAY 21, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” Passwords associated with external authentication systems such as AD or LDAP are unaffected. ” continues the report. .

Firewall

Firewall Ransomware Passwords VPN

Popular OGUsers hacking forum breached for the second time in a year

Security Affairs

APRIL 5, 2020

The administrator first forced a password reset for the users, then he asked them to enable two-factor authentication (2FA) for their accounts before putting the forum offline into maintenance mode. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Advertising Backups

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 A few days ago the group released a press release in which they warned the companies to not try to recover their files from their backup, it also announced the forthcoming LG Electronics data leak. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

The backup of a limited number of systems was also affected.” ” N ow all critical systems at the University are online and offline backups were secured by the company. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. Pierluigi Paganini.

Ransomware

Ransomware Cyber Attacks Architecture Backups

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

Security Affairs

JUNE 24, 2019

US DHS CISA agency warns of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying , credential stuffing , and spear-phishing. Want to know more about password spraying and how to stop it? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Backups

Backups Advertising Passwords Accountability

Netwalker ransomware operators claim to have stolen data from Forsee Power

Security Affairs

AUGUST 6, 2020

Use two-factor authentication with strong passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Recently the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. Pierluigi Paganini.

Ransomware

Ransomware VPN Advertising Marketing

Reddit discloses a data breach, a hacker accessed user data

Security Affairs

AUGUST 1, 2018

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform. “A hacker broke into a few of Reddit’s systems and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Data breaches

Data breaches Backups Passwords Authentication

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Attacks Aimed at Disrupting the Trickbot Botnet

Krebs on Security

OCTOBER 2, 2020

Specifically, Trickbot has a backup control mechanism: A domain name registered on EmerDNS, a decentralized domain name system. Holden said at the end of September Trickbot held passwords and financial data stolen from more than 2.7 In 2014, for example, U.S. million Windows PCs. Such an effort would hardly be unprecedented.

Ransomware

Ransomware Malware Healthcare Internet

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

A series of messages published on Barnes & Noble’s Nook social media accounts state that it had suffered a system failure and is working to restore operations by restoring their server backups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 1/2 — NOOK (@nookBN) October 14, 2020. (2/2)

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Security Affairs

JANUARY 16, 2020

. “ we found that the InfiniteWP Client and WP Time Capsule plugins also contain logical issues in the code that allows you to login into an administrator account without a password.” The plugins are affected by logical issues that could allow attackers to log in as administrators without providing any password.

Passwords

Passwords Advertising Authentication Backups

Reddit locked Down accounts due to alleged security breach

Security Affairs

JANUARY 10, 2019

Reddit seems to exclude a security breach of its systems, it pointed out that the root cause of the accounts lockdown is caused by the use of simple passwords on its website and from the reuse of those passwords on multiple services. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Data breaches Passwords Advertising

The hacker behind Matrix.org hack offers advice to improve security

Security Affairs

APRIL 12, 2019

On Thursday, Matrix.org warned users of the security breach, a hacker gained unauthorized access to the production databases, including unencrypted message data, access tokens, and also password hashes. As a precaution, if you’re a matrix.org user you should change your password now.” ” continues Matrix.org.

Hacking

Hacking DNS Passwords Data breaches

Maze Ransomware gang breached the US chipmaker MaxLinear

Security Affairs

JUNE 17, 2020

The company reset passwords of the affected customers and reported the intrusion to law enforcement. MaxLinear restored some of the systems using its backups, despite Maze Ransomware threatened to leak over 1TB of data allegedly stolen before encrypting the infected systems. Pierluigi Paganini.

Ransomware

Ransomware Data breaches Advertising Insurance

U.S. CISA Agency warns of possible cyber attacks from Iran

Security Affairs

JANUARY 4, 2020

These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. ” In June 2019, US DHS CISA agency already warned of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying , credential stuffing , and spear-phishing.

Cyber Attacks

Cyber Attacks Backups Passwords Advertising

Experts found 540 Million Facebook user records on unprotected Amazon S3 buckets

Security Affairs

APRIL 3, 2019

We first read about an embarrassing incident involving the social network giant that asked some newly-registered users to provide the passwords to their email accounts to confirm their identity … this is absurd. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the company.

Advertising

Advertising Accountability Media Passwords

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. In September 2014, U.S.

Spyware

Spyware Mobile Advertising Software

Prosecutors ask 3-Year Sentence in ‘Fappening’ Case for ex-teacher

Security Affairs

FEBRUARY 25, 2019

and Facebook accounts, and thereby obtained complete iCloud backups, photographs, and other private information belonging to more than 200 victims, including both celebrities and noncelebrities.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported the DoJ. Pierluigi Paganini.

Identity Theft

Identity Theft Accountability Hacking Advertising

Security Affairs newsletter Round 201 – News of the week

Security Affairs

FEBRUARY 17, 2019

Password Checkup Chrome extension warns users about compromised logins. Hacker deleted all data from VFEmail Servers, including backups. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Malicious PDF Analysis.

Advertising

Advertising Antivirus Malware Backups

GitHub started warning users when adopting compromised credentials

Security Affairs

AUGUST 8, 2018

In order to improve the security of its users, the popular software code hosting service GitHub is now alerting account holders whenever it detects that a password has been exposed by data breaches on other services. “Common password advice is to use a long and unique password for each website you have an account with. .

Data breaches

Data breaches Passwords Authentication Advertising

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Web hosting giant DigitalOcean discloses it was one of the victims, and that the intruders used their access to send password reset emails to a number of DigitalOcean customers involved in cryptocurrency and blockchain technologies. ” SEPTEMBER. In 2016, while the U.S.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

“It also steals saved passwords in Chrome. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the analysis published by PaloAlto Networks. Pierluigi Paganini.

Malware

Malware Cryptocurrency Authentication Advertising

What Is DoppelPaymer Ransomware? A Look At The Software Wreaking Havoc At A High Price

SiteLock

OCTOBER 20, 2021

It’s distributed by a cybercrime group called Indrik Spider, which has been in operation since 2014. Emotet kickstarts other malicious software that encrypts files or drives on the network and changes passwords to lock users out of the system. If possible, store at least one backup in a different physical location than your device.

Software

Software Ransomware Backups Malware

BEC scams, hacked accounts available from $150 up to $5,000

Security Affairs

OCTOBER 9, 2018

It is quite easy to find online AWS buckets containing backups of email archives, the same data could be found on publicly-accessible rsync, FTP, SMB, and NAS drives. If these passwords have been reused for corporate accounts, this may leave organizations at risk to account takeovers.” The experts estimated that some 12.5

Scams

Scams Accountability Hacking Passwords

CISA warns of critical flaws in Prima FlexAir access control system

Security Affairs

JULY 31, 2019

The list of flaws includes OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, and Use of Hard-coded Credentials. and prior. . Pierluigi Paganini.

Backups

Backups Authentication Advertising Firmware

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. The newsmaking emergence of CTB-Locker in 2014 and the CryptoWall ransomware in 2015 fully demonstrated this multi-pronged shift. Time will tell.

Ransomware

Ransomware Hacking Encryption Penetration Testing

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Simple or reused passwords are still a problem. While the cybersecurity industry has presented options for every netizen, the recommendation to use original and complex passwords continues to be disregarded. Instead, people come up with passwords that are comfortable. Poor credentials. What does this mean? Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

The 2019 Database Gold Rush

SiteLock

AUGUST 27, 2021

You are often required to provide your email address, date of birth, first and last name, and a password. In 2014 eBay announced that over 145 million users’ information had been stolen, including names, addresses, date of birth, and passwords. How do databases get compromised? Cross-Site Scripting & SQL Injection.

Backups

Backups Passwords Identity Theft Malware

Security Affairs newsletter Round 232

Security Affairs

SEPTEMBER 22, 2019

A flaw in LastPass password manager leaks credentials from previous site. Backup files for Lion Air and parent airlines exposed and exchanged on forums. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Adware

Adware Password Management Advertising Hacking

Interpol warns that crooks are increasingly targeting hospitals

Security Affairs

APRIL 7, 2020

The INTERPOL recommends hospitals and healthcare organizations keep their systems and software up to date, and to implement an efficient backup policy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Healthcare

Healthcare Ransomware Backups Advertising

Android Pie introduces important security and privacy enhancements

Security Affairs

DECEMBER 27, 2018

Android Pie implements support for encrypting Android backups with the user’s screen lock secret (that is, PIN, pattern, or password). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concluded Google.

Mobile

Mobile Encryption Authentication Advertising

The Worst Passwords of 2014

Hacker deleted all data from VFEmail Servers, including backups

Webinars

Trending Sources

How BeerAdvocate Learned They'd Been Pwned

Webinars

The team behind the Joomla CMS discloses a data breach

New Ransom Payment Schemes Target Executives, Telemedicine

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Frost & Sullivan databases available for sale on a hacker forum

SQL Dump from popular Indian BGR tech site leaked online

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Aerial Direct, the O2’s largest UK partner suffered a data breach

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

NEW TECH: How Semperis came to close a huge gap in Active Directory disaster preparedness

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Sophos blocked attacks exploiting XG Firewall zero-day to deploy Ransomware

Popular OGUsers hacking forum breached for the second time in a year

Maze ransomware operators claim to have breached LG Electronics

Maastricht University finally paid a 30 bitcoin ransom to crooks

US DHS CISA warns of Iran-linked hackers using data wipers in cyberattacks

Netwalker ransomware operators claim to have stolen data from Forsee Power

Reddit discloses a data breach, a hacker accessed user data

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Attacks Aimed at Disrupting the Trickbot Botnet

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Critical auth bypass issues affect InfiniteWP Client and WP Time Capsule WordPress plugins

Reddit locked Down accounts due to alleged security breach

The hacker behind Matrix.org hack offers advice to improve security

Maze Ransomware gang breached the US chipmaker MaxLinear

U.S. CISA Agency warns of possible cyber attacks from Iran

Experts found 540 Million Facebook user records on unprotected Amazon S3 buckets

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Prosecutors ask 3-Year Sentence in ‘Fappening’ Case for ex-teacher

Security Affairs newsletter Round 201 – News of the week

GitHub started warning users when adopting compromised credentials

Happy 13th Birthday, KrebsOnSecurity!

CookieMiner Mac Malware steals browser cookies and sensitive Data

What Is DoppelPaymer Ransomware? A Look At The Software Wreaking Havoc At A High Price

BEC scams, hacked accounts available from $150 up to $5,000

CISA warns of critical flaws in Prima FlexAir access control system

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

The 2019 Database Gold Rush

Security Affairs newsletter Round 232

Interpol warns that crooks are increasingly targeting hospitals

Android Pie introduces important security and privacy enhancements

Stay Connected