2015, Information Security and Passwords

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. The marketing firm Apollo.io

Hacking

Hacking Accountability Data breaches Marketing

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. “In September 2015, Apple managers had a dilemma on their hands: should, or should they not notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Pierluigi Paganini.

Malware

Malware Hacking Mobile Passwords

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. One thing better than having an incredibly good password is to have a lot of them. Multi-Factor Authentication.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites proposing a fake COVID-19 information app from the World Health Organization. Pierluigi Paganini.

Passwords

Passwords DNS Malware Advertising

A study reveals the list of worst passwords of 2019

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019.

Passwords

Passwords Data breaches Password Management Advertising

Zoom client for Windows could allow hackers to steal users’Windows password

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions.

Passwords

Passwords Advertising Hacking Software

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The post Agent Tesla includes new password-stealing capabilities from browsers and VPNs appeared first on Security Affairs. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Spyware VPN Malware

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Go to [link] , when prompted for password click the little “…” icon. Pierluigi Paganini.

Password Management

Password Management Passwords Advertising Mobile

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email! Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Data breaches Advertising

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” ” reads the security advisory published by Trend Micro. .”

Password Management

Password Management Passwords Advertising Authentication

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. 2015* apparently, maybe the owner?

Cryptocurrency

Cryptocurrency Passwords Advertising Hacking

Foxit Software discloses a data breach that exposed user passwords

Security Affairs

AUGUST 30, 2019

Foxit Software, the company behind the Foxit PDF reader app, disclosed a data breach that exposed customers’ information, including passwords. Foxit Software, the PDF software provider behind the Foxit PDF reader app disclosed a security breach that took place recently exposing customers’ information.

Data breaches

Data breaches Passwords Software Identity Theft

Thinkful forces a password reset for all users after a data breach

Security Affairs

SEPTEMBER 23, 2019

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The company is notifying the incident to its users via email and is forcing a password reset in response to the incident. ” continues the notification.

Data breaches

Data breaches Passwords Education Advertising

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

WizzAir informed customers it forced a password reset on their accounts

Security Affairs

JULY 21, 2019

The airline company WizzAir informed its customers that it had reset the account passwords due to a technical issue in the system. The airline company WizzAir had reset the account passwords of its users due to a technical issue in its system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Accountability Advertising Hacking

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

Security Affairs

JANUARY 2, 2020

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys. Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Advertising Antivirus

VF Corp December data breach impacts 35 million customers

Security Affairs

JANUARY 19, 2024

In 2015, the company controlled 55% of the U.S. ” The company pointed out that it does not store Social Security numbers and financial information in its systems. VF Corp also added that it has found no evidence that customer passwords were stolen. million customers.

Data breaches

Data breaches Retail Insurance Passwords

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

The leaked data includes login names, hashed passwords, and email addresses. It is not confirmed that all of the leaked data is legitimate, anyway, experts suggest users change their password immediately. Users that share the password at another site should also change the password. Pierluigi Paganini.

Hacking

Hacking Data breaches Cybercrime Passwords

A data breach broker is selling account databases of 17 companies

Security Affairs

NOVEMBER 1, 2020

Users of the above companies have to immediately change their passwords, and if they use the same passwords at other sites, they should also change the password at those sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” states BleepingComputer.

Data breaches

Data breaches Accountability Advertising Passwords

Experts uncovered hidden behavior in thousands of Android Apps

Security Affairs

APRIL 5, 2020

A group of security researchers has found thousands of Android apps containing hidden backdoors and blacklists. There are 7,584 apps with secret access keys, 501 apps that embed master passwords, and 6,013 apps with secret commands. Moreover, these security risks hold generally across all of our data sources.

Mobile

Mobile Passwords Advertising Firmware

The forum of the popular Albion Online game was hacked

Security Affairs

OCTOBER 19, 2020

A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database. On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords).” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Passwords Advertising

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. We do not store any credit card or payment related information on our servers.”

Media

Media Hacking Passwords Data breaches

538 Million Weibo users’ records being sold on Dark Web

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. ” reported the website PingWest. ?????????????

Accountability

Accountability Passwords Advertising Internet

SFO discloses data breach following the hack of 2 of its websites

Security Affairs

APRIL 11, 2020

The SFO ITT urges anyone who even visited either website using the Internet Explorer web browser to change the device’s password. In response to the incident, the SFO Airport reset all email and network passwords. The airport also forced a reset of all SFO related email and network passwords on Monday, March 23, 2020.”

Data breaches

Data breaches Hacking Telecommunications Passwords

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime

Cybercrime Hacking Data breaches Banking

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

Now the Microsoft-owned company provided an update on the incident, the attackers were able to escalate access to npm infrastructure and access the following files exfiltrated from npm cloud storage: A backup of skimdb.npmjs.com containing data from April 7, 2021, with the following information:An archive of user information from 2015.

Backups

Backups Passwords Hacking Cybersecurity

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Passwords Accountability Advertising

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability

Accountability Hacking Data breaches Passwords

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

AUGUST 7, 2019

This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Insurance

Insurance Data breaches Financial Services Passwords

Ticketmaster will pay $10 Million fine over hacking a competitor

Security Affairs

JANUARY 2, 2021

The intrusions into the competitor’s systems took place repeatedly between 2013 and 2015. The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. Attorney DuCharme. Attorney DuCharme. Mead was CrowdSurge’s general manager of U.S.

Hacking

Hacking Passwords Accountability Cybercrime

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Security Affairs

NOVEMBER 22, 2019

The banking trojan is able to record keystrokes, to steal passwords stored on the PC, and take screenshots and videos from the victims’ machine. Lisov operated the infrastructure behind the NeverQuest malware between June 2012 and January 2015, the managed a network of servers containing lists of millions of stolen login credentials.

Banking

Banking Malware Advertising Passwords

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

APRIL 12, 2022

1, 2015, and on or about Jan. ” RaidForums was launched in 2015, its community reached over half a million users. These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.”

Cybercrime

Cybercrime Banking Accountability Hacking

South Korean Woori Bank is accused of unauthorized use of customer data

Security Affairs

FEBRUARY 11, 2020

The bank changed 23,000 passwords in 2018 without consent. However, some branch employees of Woori Bank modified the passwords and as a result of the operation, the accounts have been reactivated. However, some branch employees of Woori Bank modified the passwords and as a result of the operation, the accounts have been reactivated.

Banking

Banking Passwords Accountability Advertising

267 Million Facebook identities available for 500 euros on the dark web

Security Affairs

APRIL 20, 2020

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords.

Data breaches

Data breaches Passwords Advertising Phishing

The team behind the Joomla CMS discloses a data breach

Security Affairs

JUNE 1, 2020

Data contained in the backup includes : Full name Business address Business email address Business phone number Company URL Nature of business Encrypted password (hashed) IP address Newsletter subscription preferences. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the notification.

Data breaches

Data breaches Backups Passwords Advertising

ShinyHunters leaked over 386 million user records from 18 companies

Security Affairs

JULY 28, 2020

The huge trove of data contains over 386 million user records, but only some of them included the user’s password. Users of the above companies are recommended to change their passwords as soon as possible, they have to change the passwords where they used the same login credentials.

Passwords

Passwords Advertising Education Banking

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Security Affairs

JANUARY 25, 2020

Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. reads the security advisory published by Cisco. Pierluigi Paganini. SecurityAffairs – Webex, hacking).

Mobile

Mobile Passwords Advertising Authentication

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Security Affairs

APRIL 1, 2020

In malspam attacks, attackers could encrypt the Excel file by setting up a password, then when the victims receive the email, hackers trick them into opening the attachment using a password included in the content of the message. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Passwords Encryption Advertising

Open Exchange Rates discloses a security breach

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches

Data breaches Passwords Advertising Accountability

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Security Affairs

AUGUST 17, 2020

These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” states the press release.

Government

Government Accountability Hacking Advertising

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Apple was aware that XcodeGhost impacted 128 Million iOS Users in 2015

Webinars

Trending Sources

TeamViewer flaw can allow hackers to steal System password

Webinars

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Linksys force password reset to prevent Router hijacking

A study reveals the list of worst passwords of 2019

Zoom client for Windows could allow hackers to steal users’Windows password

TP-Link Archer routers allow remote takeover without passwords

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

A flaw in LastPass password manager leaks credentials from previous site

Poloniex forces password reset following a data leak

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Foxit Software discloses a data breach that exposed user passwords

Thinkful forces a password reset for all users after a data breach

Over 600k GPS trackers left exposed online with a default password of ‘123456’

WizzAir informed customers it forced a password reset on their accounts

G Suite users’ passwords stored in plain-text for more than 14 years

Shitcoin Wallet Chrome extension steals crypto-wallet private keys and passwords

VF Corp December data breach impacts 35 million customers

Threat actor leaked data for U.S. gun exchange site on hacking forum

A data breach broker is selling account databases of 17 companies

Experts uncovered hidden behavior in thousands of Android Apps

The forum of the popular Albion Online game was hacked

Asian media firm E27 hacked, attackers asked for a “donation”

538 Million Weibo users’ records being sold on Dark Web

SFO discloses data breach following the hack of 2 of its websites

Alleged Extortioner of Psychotherapy Patients Faces Trial

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Hackers exploit SQL injection zero-day issue in Sophos firewall

4 Million Quidd account details shared on hacking forums

American Insurance firm State Farm victim of credential stuffing attacks

Ticketmaster will pay $10 Million fine over hacking a competitor

Russian author of NeverQuest banking malware gets 4 Years in U.S. Prison

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

South Korean Woori Bank is accused of unauthorized use of customer data

267 Million Facebook identities available for 500 euros on the dark web

The team behind the Joomla CMS discloses a data breach

ShinyHunters leaked over 386 million user records from 18 companies

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Open Exchange Rates discloses a security breach

Thousands of Canadian government accounts hacked, Treasury Board of Canada Secretariat say

Stay Connected