Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. ” continues the report.

Advertising 95

Advertising Malware IoT Technology 95

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking 97

Hacking VPN Ransomware Authentication 97

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking 102

Hacking Ransomware Banking Mobile 102

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . SecurityAffairs – Poloniex exchange, hacking).

Passwords 59

Passwords Cryptocurrency Data breaches Advertising 59

Security Affairs

JANUARY 2, 2021

Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The attacks aimed at stealing information to gain an advantage over CrowdSurge, which was acquired by Warner Music Group (WMG) in 2017. On October 18, 2019, Zaidi pled guilty for his participation in the hacking activity.

Hacking 86

Hacking Passwords Accountability Cybercrime 86

Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. ” continues the report.

Government 83

Government Advertising Passwords Banking 83

Security Affairs

FEBRUARY 3, 2020

Apple researcher discovered an important vulnerability ( CVE-2019-18634 ) in ‘ sudo’ utility that allows non-privileged Li nux and m acOS users to run commands as Root. The Sudo’s pwfeedback option allows providing visual feedback when the user is inputting their password. ” wrote Sudo developer Todd C. .”

Passwords 80

Passwords Advertising Hacking Information Security 80

Security Affairs

NOVEMBER 22, 2021

.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” The original WordPress Admin password that was set at the time of provisioning was exposed.

Data breaches 122

Data breaches Passwords Accountability Phishing 122

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. The flaw, tracked as CVE-2019-14684, could allow an authenticated attacker to run with SYSTEM privileges an arbitrary, unsigned DLL file within a trusted process. . Another researcher, Tr?n

Password Management 81

Password Management Passwords Advertising Authentication 81

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. to address the recently fixed CVE-2019-11707 zero-day flaw in Mozilla Firefox.

Cryptocurrency 75

Cryptocurrency Malware Advertising Passwords 75

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. On September 12, 2019, LastPass has released an update to address the vulnerability with the release of the version 4.33.0.

Password Management 94

Password Management Passwords Advertising Mobile 94

Security Affairs

DECEMBER 10, 2019

Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Experts from the Microsoft threat research team analyzed a database containing 3 billion leaked credentials from different security breaches. Pierluigi Paganini.

Accountability 80

Accountability Hacking Passwords Advertising 80

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management 126

Password Management Cryptocurrency Passwords Authentication 126

Security Affairs

OCTOBER 23, 2020

In at least one compromise, the APT actor laterally traversed an SLTT victim network and accessed documents related to sensitive network configurations and passwords, standard operating procedures (SOP), IT instructions, such as requesting password resets, vendors and purchasing information. printing access badges.

Government 114

Government Hacking Advertising Passwords 114

Security Affairs

DECEMBER 28, 2019

At the time, Gnosticplayers shared a sample of stolen data with The Hacker News, exposed records included: Names Email addresses Login IDs Hashed passwords, SHA1 with salt Password reset token (if ever requested) Phone numbers (if provided) Facebook ID (if connected) Zynga account ID. The data was provided to HIBP by dehashed.com.”

Accountability 62

Accountability Hacking Data breaches Passwords 62

The Last Watchdog

JUNE 21, 2020

The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked. In many cases, the crooks hack managed service providers (MSPs) first and then use this access to compromise the partnering organizations.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Security Affairs

OCTOBER 8, 2019

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group. SecurityAffairs – Muhstik ransomware, hacking).

Hacking 83

Hacking Ransomware Advertising Passwords 83

Security Affairs

MARCH 18, 2020

While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases while that data was being entered, between August 3, 2019 and January 14, 2020.” reads the Notice Of Data Breach.

Hacking 100

Hacking Data breaches Advertising Accountability 100

Security Affairs

MAY 25, 2020

“The number of abuse reports for these two wallets is over 200, the oldest being from September 20, 2019. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., SecurityAffairs – SQL databases, hacking). ” reported BleepingComputer.

Hacking 91

Hacking Advertising Authentication Passwords 91

Security Affairs

JANUARY 2, 2020

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys. sniko_) December 31, 2019.

Passwords 65

Passwords Cryptocurrency Advertising Antivirus 65

Security Affairs

JUNE 8, 2022

After identifying a critical Remote Authentication Dial-In User Service (RADIUS) server, the cyber actors gained credentials to access the underlying Structured Query Language (SQL) database [ T1078 ] and utilized SQL commands to dump the credentials [ T1555 ], which contained both cleartext and hashed passwords for user and administrative accounts.”

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

Security Affairs

NOVEMBER 11, 2019

The company sent a data breach notification mail to forum users urging them to change their forum account passwords. The message revealed that attackers gained unauthorized access to forum members data, including names, email addresses, hashed passwords, and date of births. SecurityAffairs – hacking, data breach).

Hacking 66

Hacking Data breaches Passwords Advertising 66

Security Affairs

NOVEMBER 16, 2023

Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020.

Data breaches 126

Data breaches eCommerce Hacking Authentication 126

Security Affairs

NOVEMBER 15, 2019

The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials. The incident was revealed by Senate President Scott Ryan that informed the parliamentary committee of the intrusion, according to the ABC. ” reported the ABC.

Hacking 79

Hacking Advertising Malware Government 79

Security Affairs

FEBRUARY 12, 2024

. “According to court documents authorizing the seizures, the Warzone RAT provided cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission.”

Malware 100

Malware Hacking Cybercrime Advertising 100

Security Affairs

SEPTEMBER 22, 2022

The gang has been active since at least 2019 and today it is one of the most active ransomware gangs. Unknown person @ali_qushji said his team has hacked the LockBit servers and found the possible builder of LockBit Black (3.0) The builder is contained in a password-protected 7z archive, “LockBit3Builder.7z,”

Ransomware 109

Ransomware Hacking Passwords Accountability 109

Security Affairs

AUGUST 13, 2023

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, exposing operational technology (OT) environments to hacking.

Authentication 87

Authentication Firmware Hacking Passwords 87

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media 113

Media Accountability Telecommunications Government 113

Security Affairs

JULY 22, 2021

The CVE-2019-2729 flaw is a remote code execution vulnerability that could be exploited by an unauthenticated attacker. “This Security Alert addresses CVE-2019-2729, a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. Oracle urges customers to install security updates immediately.

Authentication 130

Authentication Passwords Hacking Technology 130

Security Affairs

DECEMBER 27, 2021

At this time, it is not clear how threat actors compromised the QNAP devices, some users claim that attackers exploited a flaw in the Photo Station software to hack them. “It is important to note that there is a free decryptor for files locked with an older version (before July 17th, 2019) of eCh0raix ransomware. TXTT” extension.

Ransomware 125

Ransomware Encryption Manufacturing Hacking 125

Security Affairs

JULY 30, 2019

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack. Experts discovered two critical security issues that affect recent versions of Enterprise, Professional, and Community Editions of OXID eShop software. Pierluigi Paganini. SecurityAffairs –.

eCommerce 63

eCommerce Hacking Advertising Software 63

Security Affairs

DECEMBER 13, 2022

CVE-2019-5544 and CVE-2020-3992 ) in ESXi’s OpenSLP service. The webserver accepts password-protected POST requests from the attackers, each request can include a base-64 encoded command payload or launch a reverse shell on the host. “The hashed password in vmtools.py SecurityAffairs – hacking, vmware).

Passwords 134

Passwords Hacking Cybercrime Information Security 134

Security Affairs

APRIL 23, 2020

It’s become evident that many businesses lack the necessary anti-hacking training. billion between 2017 and 2019 alone. By automating password generation and access windows, companies can ensure they have exclusive, secure access to their RPA. SecurityAffairs – RPA software, hacking). Rising RPA Adoption.

Software 98

Software Hacking Data breaches Cybersecurity 98

Security Affairs

SEPTEMBER 10, 2019

The security researcher Benjamin Kunz from Vulnerability-Lab disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack devices without any user interaction. The vulnerabilities have been tracked as CVE-2019-13473 and CVE-2019-13474. . Pierluigi Paganini.

IoT 84

IoT Hacking Firmware Advertising 84

Security Affairs

JULY 15, 2021

SonicWall also provides recommendations to customers that can’t update their installs, the vendor suggests disconnecting devices immediately and reset their access passwords, and enable account multi-factor authentication, if supported. Continued use of this firmware or end-of-life devices is an active security risk,” states the alert.

Firmware 111

Firmware Ransomware Passwords Mobile 111

Security Affairs

SEPTEMBER 12, 2023

We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. The group does not appear to be linked to the original Anonymous Sudan hacktivists, which have been active since 2019 and emerged in Sudan.

DDOS 117

DDOS Accountability InfoSec Hacking 117

Security Affairs

SEPTEMBER 15, 2023

The man listed the credentials of more than 35,000 compromised computers for sale and according to the investigators, he obtained more than $350,000 in illicit proceeds between 2016 and 2019. The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords.

Malware 95

Malware Marketing Passwords Hacking 95