2015, Authentication and Hacking - Cyber Security Informer

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security. First, unauthorized access must be revoked and proper authentication protocols restored.

Government

Government Artificial Intelligence Banking Software

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

Enable two-factor authentication Whenever you can, enable two-factor authentication (2FA) -- especially after you've become a victim of a data breach. Many vendors are now exploring passwordless authentication. Apple and Microsoft intend to follow suit. Your MacBook is getting a big upgrade.

Passwords

Passwords Data breaches Password Management Identity Theft

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

Enable two-factor authentication Whenever you can, enable two-factor authentication (2FA) -- especially after you've become a victim of a data breach. Many vendors are now exploring passwordless authentication. Apple and Microsoft intend to follow suit.

Passwords

Passwords Data breaches Password Management Identity Theft

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site — portal.kaseya.net — was vulnerable to CVE-2015-2862 , a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

Software

Software Ransomware System Administration Authentication

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime. Image: Wikipedia. ”

Accountability

Accountability Hacking Authentication Marketing

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

JANUARY 19, 2021

military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. In December 2015, Ferizi was apprehended in Malaysia and extradited to the United States. He admitted to hacking a U.S.-based The Pentagon Crew forum founded by Ferizi.

Identity Theft

Identity Theft Government Accountability Social Engineering

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” Strangely, not all VMs shared the same authentication, but all were destroyed. The first signs of the attack came on the morning of Feb. Just attack and destroy.”

Hacking

Hacking DDOS Backups Accountability

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account. ” Anderson said all consumers have the option to activate a multi-factor authentication method that’s requested each time they log in to their account. 9, 2022 and Dec.

Accountability

Accountability Authentication Passwords Identity Theft

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said.

Accountability

Accountability Passwords Authentication Password Management

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Hacking

Hacking Data breaches Accountability Passwords

State Department’s Email Server Breached

Adam Levin

SEPTEMBER 20, 2018

While the breach itself is relatively minor, it highlights the relative lack of progress made by the department to enact more rigorous security measures, despite repeated hack attempts and security breaches. Two-factor authentication is a legal requirement and also considered a bare minimum protocol for cybersecurity protection.

Authentication

Authentication Government Cyber Attacks Hacking

Popular OGUsers hacking forum breached for the second time in a year

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking

Hacking Data breaches Advertising Backups

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Security Affairs

MAY 31, 2020

One vulnerability could allow an authenticated user with subscriber-level and above permissions to update and modify posts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – PageLayer, hacking). Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Authentication Accountability

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. ZDNet confirmed the authenticity of the leaked data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Hacking Passwords Data breaches

Unacademy hacked, 22 million accounts offered for sale

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability

Accountability Hacking Data breaches Advertising

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

LineageOS servers hacked, attackers exploited unpatched Salt issues

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online. SecurityAffairs – LineageOS, hacking).

Hacking

Hacking Advertising Authentication Mobile

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability

Accountability Hacking Data breaches Passwords

Hacking Microsoft Teams accounts with a GIF image

Security Affairs

APRIL 27, 2020

The flaw ties the way Microsoft Teams handles authentication to image resources. To allow recipients to get the image intended for them, the app uses two authentication tokens: “authtoken” and “skypetoken.”. To allow recipients to get the image intended for them, the app uses two authentication tokens: “authtoken” and “skypetoken.”.

Accountability

Accountability Hacking Authentication Advertising

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Advertising

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. SecurityAffairs – unsigned firmware, hacking).

Firmware

Firmware Hacking Authentication Advertising

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Information Security

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Hacking

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

Security Affairs

NOVEMBER 27, 2019

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 On Reddit , some users have questioned the authenticity of the hack claim, which is no surprise given how often exchanges will say they have suffered a cyberattack , only to perform an exit scam. . million in cryptocurrency.

Cryptocurrency

Cryptocurrency Hacking Data breaches Scams

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Mobile Accountability Passwords

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability

Accountability Hacking Advertising Media

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Security Affairs

MAY 25, 2020

.” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Authentication Passwords

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. ” Experts noticed the lack of authentication between the backend servers and the “Mercedes me” mobile app, which allows users to remotely control multiple functions of the car.

Hacking

Hacking Advertising Mobile Authentication

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. One of Megatraffer’s ads on an English-language cybercrime forum. Fitis’s Himba affiliate program, circa February 2014.

Malware

Malware Cybercrime Antivirus Accountability

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

Security Affairs

FEBRUARY 17, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WordPress). 06-02-2020 – Reported the issue to the developer of the plugin.

Hacking

Hacking Advertising Authentication

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). The post HP Device Manager flaws expose Windows systems to hack appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Accountability InfoSec Passwords

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. An attempted attack requires user authentication.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SP1 for Windows. ” reported ZDNet.

Antivirus

Antivirus Hacking Advertising Media

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

In 2015, Chinese hackers redirected the hijacked ShadesDaddy.com to a site selling counterfeit merchandise. ” Hacking campaigns exploiting poor domain name security can be more subtle. . ” Hacking campaigns exploiting poor domain name security can be more subtle. All of these can be extinction-level events.

Hacking

Hacking Cyber Insurance Retail Authentication

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

The database required no authentication. In addition, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files. In May 2015, KrebsOnSecurity broke the news that mSpy had been hacked and its customer data posted to the Dark Web.

Spyware

Spyware Mobile Advertising Software

Dell SupportAssist flaw exposes computers to hack, patch it asap!

Security Affairs

FEBRUARY 11, 2020

“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Dell).

Hacking

Hacking Software Advertising Authentication

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software

Software Risk Artificial Intelligence Cyber Attacks

Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

Security Affairs

MARCH 13, 2020

The flaw tracked CVE-2020-10195 is classified as an Authenticated Settings Modification, Configuration Disclosure, and User Data Export. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. SecurityAffairs – hacking , PoPup Builder).

Hacking

Hacking Advertising Authentication Cyber Attacks

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Security Affairs

APRIL 3, 2020

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Accountability

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. which is a product that became end-of-life (EOL) in 2015 and end-of-support-life (EOSL) in 2019.” Pierluigi Paganini.

IoT

IoT DDOS Authentication Firmware

100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin

Security Affairs

APRIL 28, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – WordPress, hacking). Other attacks recently observed are: Jan. Pierluigi Paganini.

Hacking

Hacking Accountability Advertising Authentication

Great news, now you can protect your Zoom account with 2FA

Security Affairs

SEPTEMBER 11, 2020

Zoom has implemented two-factor authentication (2FA) to protect all user accounts against security breaches and other cyber attacks. Zoom has announced finally implemented the two-factor authentication (2FA) to protect all user accounts from unauthorized accesses. SecurityAffairs – hacking, 2FA). Pierluigi Paganini.

Accountability

Accountability Authentication Advertising Passwords

Second-ever UEFI rootkit used in North Korea-themed attacks

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware

Firmware Spyware Surveillance Hacking

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs. An attempted attack requires user authentication.” The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”. An attempted attack requires user authentication.”

Authentication

Authentication Antivirus Advertising Cybercrime

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Cisco). Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Authentication

DOGE as a National Cyberattack

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Trending Sources

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Sendgrid Under Siege from Hacked Accounts

New Charges Derail COVID Release for Hacker Who Aided ISIS

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

It’s Still Easy for Anyone to Become You at Experian

Experian, You Have Some Explaining to Do

Alleged Activision hack, 500,000 Call Of Duty players impacted

State Department’s Email Server Breached

Popular OGUsers hacking forum breached for the second time in a year

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Unacademy hacked, 22 million accounts offered for sale

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

LineageOS servers hacked, attackers exploited unpatched Salt issues

4 Million Quidd account details shared on hacking forums

Hacking Microsoft Teams accounts with a GIF image

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

A flaw in India Digilocker could?ve been exploited to bypass authentication

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

HP Device Manager flaws expose Windows systems to hack

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Dell SupportAssist flaw exposes computers to hack, patch it asap!

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin

Great news, now you can protect your Zoom account with 2FA

Second-ever UEFI rootkit used in North Korea-themed attacks

Trend Micro addresses two issues exploited by hackers in the wild

Cisco fixes 5 critical flaws that could allow router firewall takeover

Stay Connected