Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. 86 billion RUB ($27.4M

Government 83

Government Advertising Passwords Banking 83

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Feedback message data contained Account id, feedback rating given, and users’ email addresses. What’s Happening? AMT Games is a mobile and browser game developer based in China.

Data breaches 108

Data breaches Accountability Mobile Phishing 108

Security Affairs

NOVEMBER 22, 2021

million of its managed WordPress customer accounts. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. ” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. We reset both passwords.

Data breaches 120

Data breaches Passwords Accountability Phishing 120

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. The flaw, tracked as CVE-2019-14684, could allow an authenticated attacker to run with SYSTEM privileges an arbitrary, unsigned DLL file within a trusted process. . Another researcher, Tr?n

Password Management 81

Password Management Passwords Advertising Authentication 81

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media 111

Media Accountability Telecommunications Government 111

Malwarebytes

MARCH 16, 2022

According to Samuel Levine, Director of the FTC’s Bureau of Consumer Protection: “CafePress employed careless security practices and concealed multiple breaches from consumers.”. CafePress waited seven months to publicly disclose a 2019 breach, and only did so after it had been reported in the news. The breach.

Data breaches 120

Data breaches Passwords Authentication Social Engineering 120

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. 5.38?????????????? Good night.”

Accountability 110

Accountability Passwords Advertising Internet 110

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 124

Password Management Cryptocurrency Passwords Authentication 124

Security Affairs

SEPTEMBER 12, 2023

Anonymous Sudan launched a DDoS attack against Telegram after the company suspended the account of the group. The hacker collective Anonymous Sudan (aka Storm-1359) has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the suspension of their primary account. ” reported SOCRadar.

DDOS 115

DDOS Accountability InfoSec Hacking 115

Krebs on Security

JULY 18, 2023

In 2019, a Canadian company called Defiant Tech Inc. com , a service that sold access to billions of passwords and other data exposed in countless data breaches. LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. Abusewith[.]us

Hacking 192

Hacking Accountability Data breaches Marketing 192

Security Affairs

OCTOBER 30, 2019

Network Solutions, one of the world’s biggest domain registrars, disclosed a data breach that impacted 22 million accounts. Network Solutions , one of the world’s biggest domain registrars, disclosed a data breach that may have impacted 22 million accounts, no financial data was exposed. ” continues the notice.

Data breaches 51

Data breaches Accountability Advertising Encryption 51

Security Affairs

AUGUST 7, 2019

Accessing an online account, users could make several actions, such as manage insurance claims and pay bills. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. In response to the attacks, State Farm reset the passwords for impacted accounts.

Insurance 85

Insurance Data breaches Financial Services Passwords 85

Security Affairs

APRIL 3, 2021

Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.”

Hacking 138

Hacking Accountability Passwords Data breaches 138

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software 108

Software System Administration Advertising Accountability 108

Security Affairs

SEPTEMBER 15, 2022

The FBI also reported one attack in which the threat actors changed victims’ direct deposit information to a bank account under their control and redirected $3.1 “Cyber criminals are compromising user login credentials of healthcare payment processors and diverting payments to accounts controlled by the cyber criminals.

Healthcare 77

Healthcare Social Engineering Accountability Passwords 77

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware 124

Ransomware Passwords Scams Government 124

Hot for Security

MARCH 17, 2021

Fact: Zynga, the California-based social game developer, suffered a major data breach in 2019 when a malicious actor stole 218 million records belonging to “Words With Friends” players. If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already.

Data breaches 105

Data breaches Passwords Accountability Media 105

Security Affairs

MARCH 20, 2020

In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing 134

Phishing Accountability Advertising DNS 134

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising 94

Advertising Media Accountability Account Security 94

Security Affairs

AUGUST 29, 2019

Patch now or cry later Thanks to @iDefense for helping me disclose these — Pedro Ribeiro (@pedrib1337) August 28, 2019. In addition, there is a default unprivileged user with a known password that can login via SSH and execute commands on the virtual appliance provided by Cisco.” ” wrote the expert.

Big data 77

Big data Authentication Passwords Accountability 77

Security Affairs

NOVEMBER 23, 2019

. “We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party.” “We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed.

Data breaches 99

Data breaches Passwords Advertising Accountability 99

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware 110

Firmware Ransomware Passwords Mobile 110

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws. Implement the shortest acceptable timeframe for password changes.

Passwords 65

Passwords Government Firmware Accountability 65

Security Affairs

MAY 15, 2020

Below the list of databases, published by Bleepingcomputer , that are available for sale: Company Amount Data Breach Date Evite.com 101 million March 2019 Tokopedia.com 91 million April 2020 piZap.com 60.9 million February 2019 Wanelo.com Customers 23.2 million August 2019 SinglesNet.com 16.3 million May 2019 PumpUp.com 6.4

Data breaches 102

Data breaches Advertising Passwords Hacking 102

Security Affairs

SEPTEMBER 23, 2022

The intruders gained access to the personal information of both former and current customers. million subscribers as of 2019. “Following a cyberattack, Optus is investigating the possible unauthorised access of current and former customers’ information.” The company did not disclose details of the security breach.

Data breaches 81

Data breaches Accountability Mobile Passwords 81

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. reads the analysis published by the experts.

IoT 123

IoT DDOS Architecture Passwords 123

Security Affairs

JULY 7, 2019

Cyber criminals have exploited an unproperly implemented password reset process in 7-Eleven to make unwanted charges on 900 customers’ accounts. Crooks targeted approximately 900 customers the company, it has been estimated that they charged a total of ¥55 million ($510,000) on the 7pay app accounts. 7-Eleven Inc.

Mobile 74

Mobile Passwords Accountability Advertising 74

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches 133

Data breaches Mobile Telecommunications Wireless 133

Security Affairs

SEPTEMBER 3, 2019

.” read a message published on the XKCS forum “The data includes usernames , email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,”. New breach: XKCD had 562k accounts breached last month. Hunt added the data to the Have I Been Pwned (HIBP) website over the weekend.

Data breaches 82

Data breaches Passwords Advertising Data collection 82

Security Affairs

MAY 29, 2019

The news aggregator Flipboard announced that it suffered a breach, unauthorized users had access to some databases storing user account information. The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information.

Data breaches 64

Data breaches Accountability Passwords Advertising 64

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site The site looks exactly like the real Airbnb, includes pictures of the requested property, and steers visitors toward signing in or to creating a new account. co.uk , airbnb.pt-anuncio[.]com

Scams 243

Scams Advertising Accountability Phishing 243

Security Affairs

AUGUST 25, 2019

. “On August 23rd, 2019 we have received informational alerts that one of our servers has been accessed by an unauthorized third party. This API Server* is used to query the details about our clients and their accounts. Latest Edit on 2019-08-25 17:43 UTC]” reads the announcement published by the company.

Data breaches 86

Data breaches Passwords Advertising Hacking 86

Malwarebytes

MARCH 17, 2021

PYSA, also known as Mespinoza, was first spotted in the wild in October 2019 where it was initially used against large corporate networks. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released. Use multi-factor authentication wherever possible.

Education 109

Education Ransomware Phishing Passwords 109

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware.

Ransomware 71

Ransomware Antivirus Malware Banking 71

Security Affairs

JULY 21, 2021

The author of the post claims that the data was acquired from US insurance giant Humana and includes detailed medical records of the company’s health plan members dating back to 2019. The leaked information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.

Insurance 113

Insurance Identity Theft Passwords Phishing 113

Security Affairs

OCTOBER 2, 2019

Zendesk discloses a data breach that took place in 2016 when a hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. In 2016, customer service software company Zendesk suffered a security breach that exposed data of 10,000 users, including passwords, emails, names, and phone numbers.

Data breaches 77

Data breaches Passwords Authentication Accountability 77