Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

eCommerce 218

eCommerce Cybercrime Accountability Hacking 218

Troy Hunt

JANUARY 8, 2019

Very often, those addresses are accompanied by other personal information such as passwords. No, and the passwords are the very first thing that starts to give it all away. The attack is simple but effective due to the prevalence of password reuse. Clearly a Spotify breach, right? That's it, job done, they're into your account.

Hacking 261

Hacking Passwords Accountability Data breaches 261

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. This just feels wrong but I can’t come up with a strong argument against it.

Banking 273

Banking Passwords Accountability Authentication 273

Krebs on Security

MARCH 5, 2021

On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. The web shell gives the attackers administrative access to the victim’s computer servers.

Hacking 364

Hacking Software Government Internet 364

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking 348

Hacking Accountability Scams Media 348

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. ” WHOLESALE PASSWORD THEFT.

Passwords 271

Passwords Ransomware Password Management Malware 271

Adam Levin

AUGUST 31, 2019

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.

Hacking 172

Hacking Accountability Malware Passwords 172

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. in 2019 , according to data from S&P Global Market Intelligence.

Hacking 320

Hacking Identity Theft Government Phishing 320

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. com , a service that sold access to billions of passwords and other data exposed in countless data breaches. Abusewith[.]us

Hacking 242

Hacking Accountability Data breaches Marketing 242

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on. Is it legit?

Passwords 363

Passwords Password Management Hacking Accountability 363

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords 145

Passwords Data breaches Media Phishing 145

Adam Levin

JANUARY 22, 2019

According to a study published in December by SplashData of the more than 5 million passwords compromised by hacks last year, way too many were laughably inadequate. Another year has come and gone, and consumers are still using the same old bad passwords to protect their accounts. Here’s the top 25: 1. 123456789.

Passwords 158

Passwords Accountability Password Management Authentication 158

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 145

VPN Passwords Banking Advertising 145

Krebs on Security

MARCH 10, 2020

District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. An example seller’s panel at deer.io. Click image to enlarge.

Accountability 355

Accountability Advertising Hacking Cybercrime 355

Security Affairs

MARCH 27, 2020

Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019.

Phishing 145

Phishing Accountability Advertising Malware 145

Krebs on Security

JANUARY 19, 2021

He admitted to hacking a U.S.-based based e-commerce company, stealing personal and financial data on 1,300 government employees, and providing the data to an Islamic State hacking group. Between 2015 and 2019, Ferizi was imprisoned at a facility in Illinois that housed several other notable convicts.

Identity Theft 349

Identity Theft Government Social Engineering Accountability 349

Troy Hunt

JANUARY 1, 2021

Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.

Data breaches 333

Data breaches Password Management Scams Passwords 333

Security Affairs

FEBRUARY 24, 2020

The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity.

Passwords 140

Passwords Advertising Technology Hacking 140

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta.

Passwords 134

Passwords Media Encryption Internet 134

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 145

Accountability Hacking Data breaches Passwords 145

eSecurity Planet

JULY 23, 2021

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. LastPass disadvantages: history of hacking.

Password Management 133

Password Management Passwords Authentication Architecture 133

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 359

Passwords Accountability Cryptocurrency Phishing 359

Security Affairs

FEBRUARY 11, 2020

According to IBM, OT attacks increased by over 2000 percent in 2019, most of them involved the Echobot IoT malware. IBM’s 2020 X-Force Threat Intelligence Index report analyzes the threat landscape in 2019, the experts observed a spike in the number of OT attacks. “ OT attacks hit an all-time high. ” continues the report.

Advertising 137

Advertising Malware IoT Technology 137

Adam Levin

JULY 10, 2020

For comparison, that’s a 273% increase over the first two quarters of 2019 combined. While the number of publicly reported breaches in Q1 2020 decreased by 58% compared to 2019, the coronavirus pandemic gave cybercriminals new ways to thrive,” wrote Bitdefender researcher and blogger Alina Bizga. MGM Resorts (10.6 Marriott (5.2

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

Security Affairs

SEPTEMBER 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits.

Hacking 138

Hacking Accountability Passwords Cybercrime 138

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164

Passwords Authentication Data breaches Internet 164

Krebs on Security

NOVEMBER 3, 2020

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers. Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men. In a private message dated Nov.

Scams 356

Scams Wireless Identity Theft Mobile 356

Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. Not long after the Twitter hack, O’Connor was quoted in The New York Times denying any involvement. “I

Cryptocurrency 279

Cryptocurrency Accountability Hacking Mobile 279

CyberSecurity Insiders

OCTOBER 13, 2021

Problems arise for businesses when they base their access management programs entirely around passwords, however. Such programs overlook the burden that passwords can cause to users as well as to IT and security teams. Passwords: An unsustainable business cost. Users have too many passwords to remember on their own.

Passwords 141

Passwords Accountability Data breaches Authentication 141

Security Affairs

FEBRUARY 10, 2025

Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. The group was also observed exploiting vulnerabilities in Telerik UI such as CVE-2017-9248 and CVE-2019-18935. ” reads the analysis published by Intezer.

Manufacturing 112

Manufacturing Cybercrime Authentication Passwords 112

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. SecurityAffairs – hacking, data leak). Pierluigi Paganini.

Hacking 145

Hacking Accountability Passwords Data breaches 145

Security Affairs

JULY 23, 2021

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. SecurityAffairs – hacking, windows).

Passwords 139

Passwords Authentication Encryption Hacking 139

Security Affairs

DECEMBER 13, 2020

In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. Pierluigi Paganini.

Hacking 145

Hacking Cryptocurrency Authentication Passwords 145

The Last Watchdog

FEBRUARY 3, 2020

and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare. The Saudis aren’t known for being transparent.

Energy and Utilities 330

Energy and Utilities Malware Hacking Passwords 330

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 142

Hacking Data breaches Advertising Backups 142

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking 132

Hacking Ransomware Banking Mobile 132

Troy Hunt

DECEMBER 15, 2021

So, someone did that 167 million times, dumped the data and shared it on a popular hacking forum. Not hacked: Gravatar was not hacked. the Red Cross wasn't hacked either and that was clearly a data breach. the Red Cross wasn't hacked either and that was clearly a data breach.

Data breaches 359

Data breaches Hacking Passwords Accountability 359