Troy Hunt

APRIL 27, 2018

When I launched Pwned Passwords in August , I honestly didn't know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data "as a service" by either a plain text password or a SHA-1 hash. Thanks @haveibeenpwned !

Passwords 184

Passwords 184

CyberSecurity Insiders

JUNE 10, 2021

According to research carried out by a Cybersecurity firm named NordLocker, a hacking group devised malware and distributed it onto millions of PCs in 2018. NordLocker report says that the malware whose name is yet to be identified was super-active between 2018-2020 and became dormant from February this year. . terabyte database. .

Passwords 115

Passwords Malware Banking Hacking 115

Security Affairs

SEPTEMBER 14, 2021

The network equipment maker MikroTik revealed that the routers were previously compromised in 2018. “As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched.” ” reads a post published by MikroTik in a forum post.

DDOS 73

DDOS Firewall Passwords Internet 73

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords 236

Passwords Accountability Hacking Education 236

The Hacker News

MARCH 1, 2021

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.

Passwords 111

Passwords Software Cybersecurity 111

eSecurity Planet

SEPTEMBER 9, 2021

The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords. The post Hackers Leak 87,000 Fortinet VPN Passwords appeared first on eSecurityPlanet.

VPN 97

VPN Passwords Authentication Network Security 97

Malwarebytes

OCTOBER 3, 2022

I have an embarrassing confession to make: I reuse passwords. I am not a heavy re-user, nothing crazy, I use a password manager to handle most of my credentials but I still reuse the odd password from time to time. It seems obvious and important therefore to tell users not to reuse passwords.

Passwords 95

Passwords Password Management Accountability Internet 95

Security Affairs

MARCH 1, 2021

Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing the company to hack. Top executives of the SolarWinds firm believe that the root cause of the recently disclosed supply chain attack is an intern that has used a weak password for several years. Confronted by Rep.

Passwords 96

Passwords Cloud Migration Government Hacking 96

Security Affairs

SEPTEMBER 19, 2018

In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017. Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan. In 2017 there were ten times more than in 2016.

IoT 79

IoT Passwords Malware Advertising 79

Dark Reading

DECEMBER 12, 2018

Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.

Passwords 76

Passwords 76

Security Affairs

JANUARY 20, 2019

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device.

Small Business 94

Small Business Hacking Accountability Software 94

Adam Levin

AUGUST 31, 2018

Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records. million users to reset their passwords. “We 22-24, 2018. “We 22-24, 2018. Million Customers to Reset App Passwords appeared first on Adam Levin.

Data breaches 106

Data breaches Passwords Mobile Encryption 106

Dark Reading

SEPTEMBER 24, 2018

At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.

Passwords 84

Passwords 84

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).

Passwords 99

Passwords Accountability Data breaches Advertising 99

Security Affairs

MARCH 19, 2019

Security experts at Group-IB presented at Money2020 Asia the results of an interesting analysis of hi-tech crime landscape in Asia in 2018. The number of leaked cards increased in 2018 by 56%. The total underground market value of Singaporean banks’ cards compromised in 2018 is estimated at nearly $640 000.

Banking 73

Banking Government Passwords Marketing 73

Security Affairs

JANUARY 2, 2019

The flaw, tracked as CVE-2018-20483 , could allow local users to obtain sensitive information (e.g., The security researcher Gynvael Coldwind (@voltagex) discovered that the stored attributes can include user usernames and passwords. link] — Hector Martin (@marcan42) December 25, 2018. Pierluigi Paganini.

Passwords 93

Passwords Advertising Internet Internet 93

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. 13, 2018 and Mar. 28, 2018, a claim Citrix initially denied but later acknowledged.

VPN 353

VPN Passwords Software Telecommunications 353

Security Affairs

NOVEMBER 5, 2021

have been hijacked, threat actors replaced them with versions laced with password-stealing malware. have been hijacked, threat actors replaced them versions laced with password-stealing malware. was released in December 2018, but developers noticed that several suspicious versions (2.0.3, Two popular npm libraries, coa and rc.

Passwords 89

Passwords Malware Accountability Hacking 89

Hacker Combat

JUNE 20, 2022

The newly patched security flaw, known as CVE-2022-27511, is defined as an inappropriate access control vulnerability that might allow an unauthenticated, remote attacker to compromise the system and force an administrator password reset. ” The vulnerability was fixed in tandem with CVE-2022-27512, defined as a resource control problem.

Passwords 84

Passwords Software Risk 84

Security Affairs

NOVEMBER 29, 2018

Dell data breach – IT giant Dell disclosed a data breach, the company confirmed it has detected an intrusion in its systems on November 9th 2018. names, email addresses, and hashed passwords) from the company portal Dell.com, from support.dell.com websites. Attackers were trying to exfiltrate customer data (i.e.

Data breaches 81

Data breaches Passwords Advertising Accountability 81

Security Affairs

NOVEMBER 14, 2018

Adobe Patch Tuesday updates for November 2018 addresses three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. Adobe Patch Tuesday updates for November 2018 fixes three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. Successful exploitation could lead to an inadvertent leak of the user’s hashed NTLM password.”

Advertising 49

Advertising Passwords Risk Authentication 49

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. openssh-7.8p1/gss-genr.c

Authentication 51

Authentication Advertising Passwords Software 51

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. To do this, the spyware creates different threads and timer functions in the main function. Pierluigi Paganini.

Passwords 128

Passwords Spyware VPN Malware 128

WIRED Threat Level

JUNE 11, 2021

terabytes of sensitive data extracted between 2018 and 2020. The credentials were part of a trove containing 1.2

Passwords 98

Passwords Malware Hacking 98

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords 89

Passwords Hacking Wireless Authentication 89

Troy Hunt

JUNE 8, 2021

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? I was pretty excited when I saw PRs coming in right after launching that last blog post.

Passwords 345

Passwords Accountability 345

Security Affairs

APRIL 21, 2023

The attackers may have gained access to the members’ credentials for a legacy member system that was decommissioned in 2018. It it important to highlight that even with the passwords being hashed and salted, threat actors can obtain the plain text the passwords, especially for weak passwords.

Data breaches 86

Data breaches Passwords Education Accountability 86

Threatpost

NOVEMBER 22, 2021

The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.

Passwords 120

Passwords 120

Malwarebytes

AUGUST 16, 2023

username and your Discord ID, your email-address, your billing address, and a salted and hashed password if you signed up in 2018 or earlier. (In In 2018 discord.io Affected Discord users should change their passwords and enable multi-factor authentication (MFA). Change your password. Watch out for fake vendors.

Data breaches 95

Data breaches Authentication Passwords Phishing 95

SiteLock

AUGUST 27, 2021

This is the reality for many website owners, and now more than ever, they need to be on alert for cyberattacks in 2018. Protect your website and your visitors in 2018 and beyond. Now imagine if that website was your website, and you had no idea it was harming your visitors. How are cybercriminals taking advantage of website visitors?

Malware 52

Malware Engineering Phishing Accountability 52

Adam Levin

FEBRUARY 21, 2020

We are confident that no financial, payment card or password data was involved in this matter.”. Travel and hospitality industries have been a frequent target of hackers in recent years, perhaps most notably being the 2018 Marriott data breach that affected 300 million customers.

Data breaches 305

Data breaches Identity Theft Passwords Technology 305

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. Image: KrebsOnSecurity.

Marketing 332

Marketing Passwords Cybercrime Banking 332

Schneier on Security

APRIL 2, 2020

account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 linked airline loyalty programs and numbers).

Hacking 295

Hacking Accountability Data breaches Government 295

Security Affairs

APRIL 23, 2019

We engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018. ” The company hired a security firm to investigate the incident, it discovered that the attack begun with a phishing email received in July 2018.

Passwords 61

Passwords Retail Accountability Data breaches 61

Troy Hunt

JANUARY 3, 2019

Here's my 2018 highlights, starting with travel: Travel "Oh yeah, I'm totally gonna travel less this year" - me every single year In reality, my travel ended up looking like this: That's the same number as last year, 4 more days and another 8,000km. Probably with my 2018 events page which lists everything I did of a public nature.

Passwords 203

Passwords Technology Government InfoSec 203

Dark Reading

APRIL 8, 2019

Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.

Retail 82

Retail Passwords 82

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords 72

Passwords Encryption Advertising Accountability 72