Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9 — Toneman (@Toneman) February 21, 2020. ” reported Slashgear. . ” reported Slashgear.

Accountability 93

Accountability Data breaches Passwords Advertising 93

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 101

Accountability VPN Social Engineering Phishing 101

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 90

Accountability Hacking Advertising Media 90

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft. P residential campaign.

Accountability 75

Accountability Passwords Advertising Government 75

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 131

Hacking Accountability Passwords InfoSec 131

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 133

Authentication Advertising Architecture Cybercrime 133

Security Affairs

NOVEMBER 23, 2020

VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network. Pierluigi Paganini.

Passwords 85

Passwords Authentication Accountability Hacking 85

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 106

Ransomware Encryption Antivirus VPN 106

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 91

Mobile Cryptocurrency Authentication Accountability 91

Security Affairs

OCTOBER 10, 2020

The malicious updates employed in the Zerologon attacks are able to bypass the user account control (UAC) security feature in Windows and abuse the Windows Script Host tool (wscript.exe) to execute malicious scripts. We’re seeing more activity leveraging the CVE-2020-1472 exploit (ZeroLogon). states Microsoft.

Cybercrime 118

Cybercrime Security Intelligence Authentication Banking 118

Security Affairs

NOVEMBER 24, 2020

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. ” reads the post published by vpnMentor.

Identity Theft 102

Identity Theft Accountability Passwords Phishing 102

Security Affairs

MARCH 7, 2023

The issue, tracked as CVE-2020-5741 (CVSS score: 7.2), can be exploited by a remote, authenticated attacker to execute arbitrary Python code. “We have recently been made aware of a security vulnerability related to Plex Media Server. ” reads the advisory published by Plex.

Software 97

Software Hacking Data breaches Media 97

Security Affairs

MARCH 26, 2021

The flaw is an RCE via Actions and JSON Deserialization that could be exploited by an authenticated attacker, it was reported via the ZDI Trend Micro initiative. An Orion authenticated user is required to exploit this.” “The vulnerability can be used to achieve authenticated RCE as Administrator.

Authentication 99

Authentication Accountability Hacking Software 99

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 107

Hacking Data breaches Accountability Passwords 107

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible. PIN Number 20201210-001.

Ransomware 139

Ransomware Backups Firmware Accountability 139

Security Affairs

MARCH 13, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Media 80

Media InfoSec Password Management Engineering 80

Security Affairs

JULY 28, 2022

Experts noticed a huge increase compared to 841 million user hours lost in 2020. This is the first time that incidents concerning confidentiality and authenticity were reported. The number of incidents labeled as malicious actions passed from 4% in 2020 to 8% in 2021. SecurityAffairs – hacking, telecom security incidents).

Authentication 94

Authentication Hacking Accountability Information Security 94

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information.

Authentication 113

Authentication Advertising Accountability Hacking 113

Security Affairs

DECEMBER 10, 2020

The proof-of-concept exploit code for the Kerberos Bronze Bit attack was published online, it allows intruders to bypass authentication and access sensitive network services. The proof-of-concept exploit code for the Kerberos Bronze Bit attack, tracked as CVE-2020-17049 , was published online this week. Pierluigi Paganini.

Authentication 106

Authentication Encryption Passwords Hacking 106

Security Affairs

JULY 28, 2020

BleepingComputer verified the authenticity of some of the exposed data and published the full list of the 18 archives leaked by the threat actor: Company User Records Reported Breach Date Known? Million March 26th, 2020 Yes Dave.com 7 Million July 2020 * Yes Drizly.com 2.4 Million July 2020 * No GGumim.co.kr Appen.com 5.8

Passwords 129

Passwords Advertising Education Banking 129

Security Affairs

DECEMBER 7, 2023

The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Government 109

Government Telecommunications Accountability Phishing 109

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. ” reads the advisories published by Microsoft.

Advertising 135

Advertising Firewall Education Engineering 135

Security Affairs

APRIL 11, 2021

The leaked records include Clubhouse user IDs, names, usernames, Twitter handles, Instagram handles, number of followers, number of people followed by the users, accounts’ creation date, and invited by user profile names. Enable two-factor authentication (2FA) on all your online accounts. photo URLs.

Identity Theft 141

Identity Theft Phishing Password Management Media 141

Security Affairs

OCTOBER 6, 2020

Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers. Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe. w4fz5uck5) September 8, 2020. Figure 2: PoC – CVE-2020-25213.

Social Engineering 102

Social Engineering Passwords Advertising Accountability 102

Security Affairs

OCTOBER 17, 2020

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts.

DDOS 88

DDOS Phishing Advertising Accountability 88

CyberSecurity Insiders

JANUARY 6, 2023

billion in 2020, a 43% increase. billion in payment card-related losses occurred in 2020 (over one-third of them in the U.S.). First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. and PCI v4.0:

Antivirus 138

Antivirus Retail Software Accountability 138

Security Affairs

FEBRUARY 10, 2021

The National Crime Agency revealed that the SIM swapping attacks targeted numerous victims throughout 2020, including well-known influencers, sports stars, musicians, and their families. “This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. .

Cybercrime 81

Cybercrime Cryptocurrency Accountability Authentication 81

Security Affairs

OCTOBER 26, 2021

The gang has been active since at least 2020, threat actors hit organizations from various industries. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

Ransomware 129

Ransomware Firmware Antivirus Accountability 129

Security Affairs

NOVEMBER 16, 2021

The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization. However, we can say with high confidence that this vulnerability has not been exploited maliciously during the timeframe for which we have available telemetry, which goes back to September 2020.”

Authentication 137

Authentication Architecture Hacking Accountability 137

Security Affairs

APRIL 20, 2021

However, based on analysis by Ivanti, we suspect some intrusions were due to the exploitation of previously disclosed Pulse Secure vulnerabilities from 2019 and 2020 while other intrusions were due to the exploitation of CVE-2021-22893.” “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN 115

VPN Hacking Authentication Government 115

Security Affairs

MARCH 11, 2020

In addition, there was no nonce check to verify the authenticity of the source.” An attacker could exploit several WordPress functions, such as the “wp_insert_user” function, to create administrative user accounts and take control of sites using the vulnerable plugin. ” continues the analysis. continues the analysis.

Advertising 112

Advertising Authentication Accountability Hacking 112

CyberSecurity Insiders

JULY 21, 2021

This means companies have to be proactive and instill the right habits, which often means resisting the bad habits that lead to millions of successful cyberattacks every year – from the use of generic and easy-to-crack account credentials to the willingness to click on suspicious links and attachments in emails from untrusted sources.

Social Engineering 145

Social Engineering Password Management Passwords Phishing 145

Security Affairs

NOVEMBER 3, 2020

According to the experts, the attackers also used an exploit for a recently addressed zero-day vulnerability( CVE-2020-14871 ) in Oracle Solaris. 519 later, in mid-2020, researchers observed another Solaris server that was connecting to the infrastructure previously associated with the attackers. .”

Authentication 100

Authentication Telecommunications Advertising Internet 100

Security Affairs

AUGUST 9, 2021

The Taiwanese company urges its customers to enable multi-factor authentication where available, enable auto block and account protection, and to use string administrative credentials, . System administrators that have noticed suspicious activity on their devices should report it to Synology technical support.

Ransomware 131

Ransomware System Administration Malware Authentication 131

Security Affairs

JULY 14, 2020

The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones. The poster is selling 3.4

Hacking 100

Hacking Data breaches Identity Theft Advertising 100