2014, Information Security, Internet and Passwords

TroyStealer – A new info stealer targeting Portuguese Internet users

Security Affairs

JUNE 13, 2020

There seems to be a new stealer in town called #TroyStealer , targeting Portuguese internet users EXE: [link] Exfil email address: domionhuby@gmail.com Has anyone seen this threat before? /cc An information stealer (or info stealer) is a Trojan that is designed to gather information from a system. h/t: abuse.ch.

Internet

Internet Internet Malware Banking

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. One thing better than having an incredibly good password is to have a lot of them. Multi-Factor Authentication.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

A study reveals the list of worst passwords of 2019

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019.

Passwords

Passwords Data breaches Password Management Advertising

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

Data breaches

Data breaches Hacking Telecommunications Passwords

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. ” reported the website PingWest. ?????????????

Accountability

Accountability Passwords Advertising Internet

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. “During our research process, the Cyble Research Team got hold of some informative details related to this leak.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Data breaches Mobile Advertising

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Passwords Accountability Advertising

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

At the time of publishing this post, it is still unclear how the hackers compromised the IP cameras, likely hackers exploited some vulnerabilities in the devices or simply guessed weak passwords used to protect them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Internet Internet Hacking

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet.

Data breaches

Data breaches Phishing Passwords Advertising

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Security Affairs

JANUARY 19, 2020

This is the biggest leak of Telnet passwords even reported. The list includes the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. ” reported ZDNet. ” reported ZDNet.

IoT

IoT DDOS InfoSec Internet

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

The company recommends people to: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Data breaches

Data breaches Mobile Advertising Authentication

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

com , a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. A copy of pictrace[.]com

Hacking

Hacking Accountability Data breaches Marketing

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Mobile

Mobile InfoSec Data breaches Advertising

New Lucifer DDoS botnet targets Windows systems with multiple exploits

Security Affairs

JUNE 26, 2020

The bot uses exploits for multiple vulnerabilities, including CVE-2014-6287 , CVE-2018-1000861 , CVE-2017-10271 , ThinkPHP RCE vulnerabilities (CVE-2018-20062) , CVE-2018-7600 , CVE-2017-9791 , CVE-2019-9081 , PHPStudy Backdoor RCE , CVE-2017-0144 , CVE-2017-0145 , and CVE-2017-8464. Pierluigi Paganini. SecurityAffairs – hacking, 5G).

DDOS

DDOS Malware Advertising Passwords

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP or Internet Protocol address is your digital identity on the internet. It may be used to download unauthorized stuff or may be used for uploading disputed content on the internet. It disguises your original identity and location and allows you to access the internet from a remote server. Use Strong Passwords.

Hacking

Hacking VPN Internet Internet

Data of 21 million Mixcloud users available for sale on the dark web

Security Affairs

DECEMBER 1, 2019

The hacker access to users’ data, including usernames , email addresses, SHA-2 hashed passwords, account sign-up dates and country, the last-login date, the internet (IP) address, and links to profile photos. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”

Data breaches

Data breaches Passwords Advertising Hacking

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely reboot the device without having to know the root password. ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. A hacker managed to identify a weak spot in a security camera model. Unfortunately, at that moment, there were over 300,000 of those cameras connected to the internet. Vicious insider.

IoT

IoT Cybersecurity Manufacturing Internet

Frost & Sullivan databases available for sale on a hacker forum

Security Affairs

JUNE 24, 2020

firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. The employee database includes first and last names, login names, email addresses, and hashed passwords. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches

Data breaches Backups Advertising Hacking

Hundreds of female sports stars and celebrities have their naked photos and videos leaked online

Security Affairs

NOVEMBER 22, 2020

The attack took place in the same hours as hackers hit Manchester United and brings us back to mind the Fappening cases that exposed online cache of nude photos and videos of celebrities back in 2014. ” “It can take years to pursue, just to get it taken down from the internet. ” reported The Times. “We Pierluigi Paganini.

Authentication

Authentication Passwords Hacking Internet

Google Tsunami vulnerability scanner is now open-source

Security Affairs

JULY 9, 2020

The initial version of the Tsunami tool already includes modules to detect the following security issues: Exposed sensitive UIs: Applications such as Jenkins , Jupyter , and Hadoop Yarn ship with UIs that allow a user to schedule workloads or to execute system commands. ” concludes Google. Pierluigi Paganini.

Engineering

Engineering Advertising Authentication Passwords

Leaked confidential report states United Nations has been hacked

Security Affairs

JANUARY 30, 2020

According to the report, attackers did not access passwords. official told the AP that the hack, which was first detected over the summer, appeared “sophisticated” and that the extent of the damage remains unclear, especially in terms of p ersonal, secret or compromising information that may have been stolen.” “One U.N.

Hacking

Hacking Advertising Cyber Attacks Passwords

Sophos fixed a critical vulnerability in Cyberoam firewalls

Security Affairs

OCTOBER 10, 2019

Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company’s internal network without providing a password. MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher.” said the spokesperson. Pierluigi Paganini.

Firewall

Firewall VPN Passwords Internet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014.

Phishing

Phishing Accountability Advertising DNS

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Scan all software downloaded from the Internet prior to executing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Government Passwords System Administration

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

If these services are required, use strong passwords or Active Directory authentication. Enforce a strong password policy and implement regular password changes. Scan all software downloaded from the Internet prior to executing. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Passwords Advertising Antivirus

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security Affairs

APRIL 15, 2020

“Users possibly impacted by this attack include those accessing these websites from outside the airport network through Internet Explorer on a Windows-based personal device or a device not maintained by SFO.”. The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password.

Data breaches

Data breaches Passwords Telecommunications Advertising

Maze ransomware operators claim to have breached LG Electronics

Security Affairs

JUNE 25, 2020

In 2014 its global sales reached $55.91 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Ransomware Mobile Telecommunications

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication. Pierluigi Paganini.

Malware

Malware Passwords Advertising Antivirus

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Security Affairs

JUNE 29, 2019

. “Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more.” Pierluigi Paganini.

Banking

Banking Backups Big data Advertising

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs

FEBRUARY 24, 2020

.” reads the security update published by the company. The company confirmed that records were accessed by an unauthorized party, but pointed out that exposed data information did not contain passwords or personal financial data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Data breaches Passwords Advertising

Hackers breached one of Comodo Forums, 245,000 users impacted

Security Affairs

OCTOBER 1, 2019

Exposed data include login username, name, email address, hashed passwords, last IP address used to access the forums, and some social media usernames for a limited number of users. ” reads the security notice published by Comodo. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Data breaches Advertising Hacking

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet was spotted by security experts from 360 Netlab, at the time of its discovered it was actively targeting Netgear, D-Link, and Huawei routers by probing for weak Telnet passwords to compromise them. The sample spreads via Telnet with weak passwords and some known exploits (see the list below). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

The Russian man stole roughly 117 million user records, including usernames, passwords, and emails. Between May 14, 2012 and July 25, 2012, Nikulin obtained the records belonging 68 million Dropbox users containing usernames, emails, and hashed passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Cybercrime Data breaches Advertising

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast recently discovered a new strain of Clipsa malware that is able to scan the Internet and launches brute-force attacks on WordPress sites. Clipsa also uses infected PCs to crawl the internet for vulnerable WordPress websites. “ Clipsa is an unusual password stealer, in that it supports a wide range of functionalities.

Malware

Malware Cryptocurrency Passwords Internet

USBAnywhere BMC flaws expose Supermicro servers to hack

Security Affairs

SEPTEMBER 3, 2019

. “ our research has uncovered new vulnerabilities, which we collectively dubbed USBAnywhere , in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to easily connect to a server and virtually mount any USB device of their choosing to the server, remotely over any network including the Internet.”

Hacking

Hacking Firmware Media Authentication

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

Cyber researchers recommend people to: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Hacking

Hacking Ransomware Banking Mobile

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

Ares bot also scans for both other Android systems running Telnet services and attempt to crack passwords protecting them. Protect with string passwords services such as Telnet, Web, SNMP. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the analysis. ” continues the analysis.

IoT

IoT Passwords Advertising Malware

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

AUGUST 22, 2019

They can see the passwords you use, your email address, your name and physical address, phone numbers and any other type of personal information that you might happen to enter into a website. For instance there are automated tools that look for passwords and write them into a file whenever they see one. Pierluigi Paganini.

VPN

VPN Encryption Passwords Small Business

FBI shuts down the Russian-based hacker platform DEER.IO

Security Affairs

MARCH 26, 2020

store used by hackers to offer for sale thousands of compromised accounts, including gamer accounts and PII files containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” “Deer.io

Cybercrime

Cybercrime Advertising Hacking Accountability

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

“ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. The router attacks involved an exploit kit that attempts to find the router IP on a network, then attempts to guess the password using common login credentials. ” reads a blog post published by Avast. concludes Avast.

DNS

DNS Passwords Advertising Banking

TroyStealer – A new info stealer targeting Portuguese Internet users

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Webinars

Trending Sources

A study reveals the list of worst passwords of 2019

Webinars

TP-Link Archer routers allow remote takeover without passwords

G Suite users’ passwords stored in plain-text for more than 14 years

SFO discloses data breach following the hack of 2 of its websites

Over 600k GPS trackers left exposed online with a default password of ‘123456’

538 Million Weibo users’ records being sold on Dark Web

UberEats data leaked on the dark web

Hackers exploit SQL injection zero-day issue in Sophos firewall

Hackers claim to have compromised 50,000 home cameras and posted footage online

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

New Lucifer DDoS botnet targets Windows systems with multiple exploits

5 Ways to Protect Yourself from IP Address Hacking

Data of 21 million Mixcloud users available for sale on the dark web

Expert found multiple critical issues in MoFi routers

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Frost & Sullivan databases available for sale on a hacker forum

Hundreds of female sports stars and celebrities have their naked photos and videos leaked online

Google Tsunami vulnerability scanner is now open-source

Leaked confidential report states United Nations has been hacked

Sophos fixed a critical vulnerability in Cyberoam firewalls

Russia-linked APT28 has been scanning vulnerable email servers in the last year

US govt agencies share details of the China-linked espionage malware Taidoor

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Russia-linked Energetic Bear APT behind San Francisco airport attacks

Maze ransomware operators claim to have breached LG Electronics

CISA’s advisory warns of notable increase in LokiBot malware

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Slickwraps discloses data leak that impacted 850,000 user accounts

Hackers breached one of Comodo Forums, 245,000 users impacted

Mozi Botnet is responsible for most of the IoT Traffic

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

New strain of Clipsa malware launches brute-force attacks on WordPress sites

USBAnywhere BMC flaws expose Supermicro servers to hack

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

The Dangers of Using Unsecured Wi-Fi Networks

FBI shuts down the Russian-based hacker platform DEER.IO

For nearly a year, Brazilian users have been targeted with router attacks

Stay Connected