Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, APT28) ” reads trhe announcement published by DKWOC.

Accountability 110

Accountability Government Phishing Authentication 110

Security Affairs

NOVEMBER 4, 2020

Cyber Defense Magazine November 2020 Edition has arrived. 150 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. SecurityAffairs – hacking, Cyber Defense Magazine November 2020 ).

InfoSec 123

InfoSec DNS Advertising Marketing 123

Security Affairs

OCTOBER 1, 2020

Twitter removed around 130 Iranian accounts for attempting to disrupt the public recent US Presidential Debate. The social media giant Twitter announced to have removed around 130 Iranian Twitter accounts that attempted to disrupt the public conversation during the recent first Presidential Debate for the US 2020 Presidential Election.

Accountability 136

Accountability Advertising Media Hacking 136

Security Affairs

JANUARY 6, 2021

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account.

Firmware 113

Firmware Passwords Accountability VPN 113

Security Affairs

MARCH 18, 2021

The FBI’s Internet Crime Complaint Center has released its annual report, the 2020 Internet Crime Report , which includes data from 791,790 complaints of suspected cybercrimes. Data that emerged from the report are worrisome, in 2020 the reported losses exceeded $4.2 ” reads 2020 Internet Crime Report. billion in losses.

Internet 110

Internet Internet Scams Identity Theft 110

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 134

Hacking Accountability Passwords InfoSec 134

Security Affairs

FEBRUARY 26, 2023

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

Identity Theft 92

Identity Theft Data breaches Insurance Hacking 92

Security Affairs

NOVEMBER 16, 2020

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. SecurityAffairs – hacking, scam).

Scams 111

Scams Accountability Hacking Passwords 111

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 133

Engineering VPN Accountability Software 133

Security Affairs

DECEMBER 4, 2020

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

Passwords 119

Passwords Accountability Malware Hacking 119

Security Affairs

MARCH 7, 2023

Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. “We have recently been made aware of a security vulnerability related to Plex Media Server. .

Software 98

Software Hacking Data breaches Media 98

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” concludes Dexerto.

Hacking 112

Hacking Data breaches Accountability Passwords 112

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 342

Hacking Ransomware Banking Accountability 342

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 137

Accountability Malware Data breaches Passwords 137

Security Affairs

OCTOBER 31, 2020

XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft. ” reads The 4th Hacker-Powered Security Report. million / €33.4

Accountability 124

Accountability Advertising Architecture Hacking 124

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. c25e6559668942[.]xyz.

Malware 102

Malware DDOS Hacking Cybercrime 102

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 129

Government Hacking Cyber Attacks Information Security 129

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Pierluigi Paganini.

Accountability 99

Accountability Advertising Media Government 99

Security Affairs

MAY 27, 2021

The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username “elie” to gain persistence on the network. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

VPN 123

VPN Government Hacking Accountability 123

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers.

Data breaches 120

Data breaches Hacking Banking Financial Services 120

Security Affairs

JUNE 4, 2020

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. “The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

Accountability 95

Accountability Phishing DNS Cryptocurrency 95

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. 45% of breaches involved Hacking. Hacking, social, and malware have fallen the most. Hacking types and vectors. Within hacking, web applications accounted for over 95% of breaches. The Dataviz Game on Point.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 116

Accountability Passwords Encryption Mobile 116

Security Affairs

AUGUST 28, 2020

A former Cisco employee has pleaded guilty to hacking charges and intentionally causing damage to the systems of his company. ” The Ramesh’s sabotage caused the shut down of over 16,000 WebEx Teams accounts for up to two weeks. . SecurityAffairs – hacking, hacking). Pierluigi Paganini.

Hacking 126

Hacking Advertising Accountability Risk 126

Security Affairs

FEBRUARY 28, 2021

Currently in the exchange is in liquidation, but the bad news is not ended here, because it was hacked again. in total, had been dormant since the Cryptopia hack in January 2019.” ” At the time of the second hack, the wallet contained around 2.7 SecurityAffairs – hacking, Cryptopia). Pierluigi Paganini.

Cryptocurrency 110

Cryptocurrency Hacking Cyber Attacks Accountability 110

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 133

Accountability Advertising Account Security Authentication 133

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 112

Advertising Government Healthcare Education 112

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 126

Data breaches Accountability Passwords Encryption 126

Security Affairs

JUNE 20, 2021

APT31 (aka Zirconium) is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.

Government 130

Government Hacking Cyber Attacks Passwords 130

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. SecurityAffairs – hacking, vishing).

Accountability 106

Accountability VPN Social Engineering Phishing 106

Malwarebytes

FEBRUARY 17, 2021

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team.

Accountability 100

Accountability Social Engineering System Administration Engineering 100

Security Affairs

MARCH 14, 2020

Slack addressed a critical flaw within 24 hours from its disclosure, the issue allowed attackers to carry out automate account takeover. The researcher Evan Custodio discovered a critical vulnerability in Slack that could have allowed attackers to launch automate account takeover. SecurityAffairs – hacking). Pierluigi Paganini.

Accountability 120

Accountability Advertising Data breaches Hacking 120

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9 — Toneman (@Toneman) February 21, 2020. SecurityAffairs – hacking , Slickwraps ).

Accountability 96

Accountability Data breaches Passwords Advertising 96

Security Affairs

APRIL 9, 2023

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. “Shevlyakov also attempted to acquire computer hacking tools.” In May 2020, Shevlyakov used one of his front companies to buy a licensed copy of the penetration testing platform Metasploit Pro.

Computers and Electronics 88

Computers and Electronics Hacking Penetration Testing Manufacturing 88

Security Affairs

JULY 14, 2020

The company confirmed the security breach over the weekend, it revealed that unknown threat actors accessed a partner’s systems in June stealing user information. The company confirmed that the an investigation into the hack is still ongoing. SecurityAffairs – hacking, LiveAuctioneers ). million LiveAuctioneers users.”

Hacking 103

Hacking Data breaches Identity Theft Advertising 103

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. The only place I ever used this email address was on your website pic.twitter.com/epdqaMDsqI — Steve Worswick – Kuki's Developer (@KukiChatbotDev) December 11, 2020. Pierluigi Paganini.

Marketing 137

Marketing Phishing Hacking Data breaches 137