Krebs on Security

JUNE 27, 2023

Joseph James “PlugwalkJoe” O’Connor , a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter , has been sentenced to five years in a U.S. 02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. They can come arrest me.

Cryptocurrency 219

Cryptocurrency Accountability Mobile Hacking 219

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The hackers hijacked the official Barcelona and Olympic Twitter accounts and posted some tweets to claim responsibility for the hack.

Accountability 89

Accountability Hacking Advertising Media 89

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads trhe announcement published by DKWOC.

Accountability 104

Accountability Government Phishing Authentication 104

Security Affairs

MARCH 7, 2023

LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack. The attackers hacked the employee’s home computer by exploiting a deserialization of untrusted data in Plex Media Server on Windows. ” reads the advisory published by Plex.

Software 97

Software Hacking Data breaches Media 97

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 131

Hacking Accountability Passwords InfoSec 131

The Last Watchdog

JANUARY 25, 2021

Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map. Similarly, the SolarWinds and Mimecast hacks are precursors of increasingly clever and deeply-damaging hacks of the global supply chain sure to come.

Hacking 228

Hacking B2B Authentication Software 228

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” concludes Dexerto.

Hacking 107

Hacking Data breaches Accountability Passwords 107

The Last Watchdog

APRIL 7, 2021

Passwordless authentication as a default parameter can’t arrive too soon. That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. One recent hack highlights the scope and depth of these exposures.

Authentication 147

Authentication Digital transformation Passwords Password Management 147

Security Affairs

SEPTEMBER 30, 2020

More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server. The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

Advertising 101

Advertising Authentication Hacking Accountability 101

Krebs on Security

MAY 5, 2021

After logging in, the user might see a prompt that looks something like this: These malicious apps allow attackers to bypass multi-factor authentication, because they are approved by the user after that user has already logged in. “Now, they’re compromising accounts in credible tenants first,” Proofpoint explains.

Accountability 324

Accountability Passwords Advertising Phishing 324

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication 88

Authentication Accountability Advertising Passwords 88

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 128

Accountability Advertising Account Security Authentication 128

Security Affairs

APRIL 20, 2021

According to coordinated reports published by FireEye and Pulse Secure , two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. ” reads the report published by FireEye. ” continues the report.

VPN 114

VPN Hacking Authentication Government 114

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. SecurityAffairs – hacking, vishing).

Accountability 100

Accountability VPN Social Engineering Phishing 100

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 312

Accountability Passwords Authentication Password Management 312

Security Affairs

JULY 14, 2020

“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020.” The company confirmed that the an investigation into the hack is still ongoing. The post 3.4

Hacking 100

Hacking Data breaches Identity Theft Advertising 100

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9 — Toneman (@Toneman) February 21, 2020. SecurityAffairs – hacking , Slickwraps ). Pierluigi Paganini.

Accountability 93

Accountability Data breaches Passwords Advertising 93

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 103

Hacking Data breaches Advertising Backups 103

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 106

Advertising Government Healthcare Education 106

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 105

Ransomware Encryption Antivirus VPN 105

Security Affairs

JANUARY 22, 2021

Chaining the issues the attackers can obtain the device credentials, make purchases on the Kindle store using the victim’s credit card, or sell an e-book on the store and transfer money to their account. Realmode Labs reported the flaws to Amazon on October 17 and the company released security updates to address them on December 10, 2020.

Hacking 135

Hacking Authentication Firmware Phishing 135

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates.

Authentication 90

Authentication Mobile Accountability Passwords 90

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec. ” Indeed, the NSA’s Dec.

Software 358

Software Authentication Hacking Government 358

Malwarebytes

JULY 25, 2022

Word is spreading of a compromise claimed to have accessed around 69 million user accounts. This compromise, posted to a hacking forum, is said to include both the database and around 460 MB of compressed source code from Neopets.com. In 2020, there were claims of ways to potentially gain access to user accounts.

Data breaches 77

Data breaches Accountability Passwords Password Management 77

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft. presidential campaign, current and former U.S.

Accountability 75

Accountability Passwords Advertising Government 75

Security Affairs

APRIL 28, 2020

A bug in the Real-Time Find and Replace WordPress plugin could allow hackers to hackers to create rogue admin accounts on over 100,000 sites. A vulnerability in the Real-Time Find and Replace WordPress plugin could be exploited by attackers to create rogue admin accounts. ” reads the analysis published by WordFence.

Hacking 118

Hacking Accountability Advertising Authentication 118

Security Affairs

MARCH 9, 2021

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks. The attackers were observed exploiting the CVE-2020-10148 authentication bypass issue in the SolarWinds Orion API to remotely execute API commands. ” reads the analysis published by Secureworks.

Hacking 82

Hacking Internet Internet Malware 82

SecureWorld News

JANUARY 22, 2024

Microsoft disclosed that it recently fell victim to a cyberattack by Nobelium, the Russian state-sponsored hacking group infamously responsible for the 2020 SolarWinds supply chain attack. The breach, detected on January 12th, allowed the hackers to access email accounts belonging to members of Microsoft's senior leadership team.

Passwords 101

Passwords Accountability Backups Hacking 101

Security Affairs

NOVEMBER 23, 2020

VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack. The SQL injection vulnerability in SD-WAN Orchestrator, tracked as CVE-2020-3984, is caused by improper input validation. SecurityAffairs – hacking, VMware). Pierluigi Paganini.

Passwords 84

Passwords Authentication Accountability Hacking 84

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 314

Social Engineering Mobile Cybercrime Passwords 314

CyberSecurity Insiders

DECEMBER 25, 2022

A hacker who is super-active on the hacking forum Ryushi is urging interested prospects to buy sensitive details that were stolen from over 400 million Twitter account users. The other issue is with the 2-factor authentication requests which most of the mobile service providers are rejecting for reasons. .

Data breaches 126

Data breaches Accountability Mobile Authentication 126

Security Affairs

SEPTEMBER 10, 2021

It seems that the Umoja account used in the attacks wasn’t not protected with two-factor authentication because the security feature was made available only in July by the software vendor. SecurityAffairs – hacking, United Nations). According to the report, attackers did not access passwords. Pierluigi Paganini.

Hacking 116

Hacking Data breaches Cyber Attacks Software 116

CyberSecurity Insiders

SEPTEMBER 2, 2022

FBI has issued a warning that cybercriminals are hiding credentials on home IP addresses after hacking connected devices like IP cams and routers. To avoid such troubles with passwords, tech companies are coming up with ways to avoid passwords such as 2FA, thus paving the way for password-less authentication environments.

Cyber Attacks 127

Cyber Attacks Passwords Authentication Accountability 127

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. “For accessing the APN networks of backend, one possibility would be using the e-sim of car-parts since the sim account wouldn’t log out automatically. ” the paper concluded.

Hacking 145

Hacking Advertising Mobile Engineering 145

Security Affairs

APRIL 3, 2020

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. “ The plugin has been closed on April 1, 2020, and is no more available for download. . link] — Wordfence (@wordfence) April 2, 2020.

Hacking 101

Hacking Advertising Authentication Accountability 101

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 133

Authentication Advertising Architecture Cybercrime 133

The Last Watchdog

AUGUST 29, 2023

The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Back in 2015, a security researcher decided to make that very point when he claimed to have hacked a plane , accessed the thrust system, and made it fly higher than intended.

Software 264

Software Risk Artificial Intelligence Engineering 264