Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 132

Engineering VPN Accountability Software 132

Security Affairs

DECEMBER 4, 2020

VMware addressed CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. VMware has finally released security updates to fix the CVE-2020-4006 zero-day flaw in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

Passwords 126

Passwords Accountability Malware Hacking 126

Security Affairs

FEBRUARY 26, 2023

Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

Identity Theft 96

Identity Theft Data breaches Insurance Hacking 96

Security Affairs

NOVEMBER 11, 2020

Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest.

Hacking 103

Hacking Government Accountability Cybersecurity 103

Security Affairs

NOVEMBER 16, 2020

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. ” reads the analysis published vpnMentor.

Scams 110

Scams Accountability Hacking Passwords 110

Security Affairs

OCTOBER 31, 2020

XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft. ” reads The 4th Hacker-Powered Security Report. million / €33.4

Accountability 124

Accountability Advertising Architecture Hacking 124

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 142

Accountability Malware Data breaches Passwords 142

Security Affairs

AUGUST 19, 2021

Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. The report states that the servers did not provide access to 2020 decennial census networks, this means that the attacker did not interfere with the results of the census.

Hacking 117

Hacking Firewall Accountability Technology 117

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Pierluigi Paganini.

Accountability 104

Accountability Advertising Media Government 104

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. c25e6559668942[.]xyz.

Malware 108

Malware DDOS Hacking Cybercrime 108

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 94

Accountability Hacking Financial Services Cybersecurity 94

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability 139

Accountability Hacking Data breaches Passwords 139

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 120

Accountability Passwords Encryption Mobile 120

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 117

Advertising Government Healthcare Education 117

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.

Accountability 107

Accountability Hacking Data breaches Advertising 107

Security Affairs

FEBRUARY 24, 2020

According to legitimate sources, Portuguese banking teams have detected irregular accesses to banking portals usually carried out through compromised accounts via the Lampion infections. Crooks are using compromised devices to access the banking portal in order to make online bank transfers to accounts they are controlling. com/P-14-7.dll

Malware 81

Malware Banking Antivirus Advertising 81

Malwarebytes

FEBRUARY 17, 2021

Yandex, a European multinational technology firm best known for being the most-used search engine in Russia, has revealed it had a security breach, leading to the compromise of almost 5,000 Yandex email accounts. The company says it spotted the breach after a routine check by its security team.

Accountability 99

Accountability Social Engineering System Administration Engineering 99

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 137

Accountability Advertising Account Security Authentication 137

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9 — Toneman (@Toneman) February 21, 2020. ” reported Slashgear. . ” reported Slashgear.

Accountability 100

Accountability Data breaches Passwords Advertising 100

Security Affairs

MARCH 14, 2020

Slack addressed a critical flaw within 24 hours from its disclosure, the issue allowed attackers to carry out automate account takeover. The researcher Evan Custodio discovered a critical vulnerability in Slack that could have allowed attackers to launch automate account takeover. TE-based hijack onto neighboring customer requests.”

Accountability 127

Accountability Advertising Data breaches Hacking 127

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 112

Accountability VPN Social Engineering Phishing 112

Security Affairs

JUNE 4, 2020

The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. “The domain registration information has been amended at around 20:52 on June 1, 2020, and there is no impact on the customer’s assets at this time.”

Accountability 96

Accountability Phishing DNS Cryptocurrency 96

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 129

Data breaches Accountability Passwords Encryption 129

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the first six months of 2020, CERT-GIB blocked a total of 9 304 phishing web resources, which is an increase of 9 percent compared to the previous year.

Phishing 108

Phishing Ransomware Spyware Banking 108

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 95

Accountability Hacking Advertising Media 95

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. Within hacking, web applications accounted for over 95% of breaches. He looks at the key findings and talks about what they might mean to us going forward. The newsletter serves as the show notes for the podcast.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Affairs

MAY 13, 2020

Below a list of the most severe issues fixed by Microsoft with May 2020 Patch Tuesday security updates: – CVE-2020-1071 – Windows Remote Access Common Dialog Elevation of Privilege Vulnerability – An attacker could exploit the bug in the Remote Access Common Dialog to run arbitrary code with elevated privileges.

Engineering 74

Engineering Internet Internet Media 74

Security Affairs

JANUARY 18, 2020

Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability (CVE-2020-0674) that is currently being exploited in the wild. The tech giant confirmed that the CVE-2020-0674 zero-day vulnerability has been actively exploited in the wild. SecurityAffairs – CVE-2020-0674 , hacking).

Internet 93

Internet Internet Advertising Engineering 93

Hot for Security

FEBRUARY 23, 2021

Personal information on a total of 25.15 Computer viruses and unauthorized access accounted for about half of the total cases reported,” according to the Japan Times. a server containing information on all 2.6 Such errors as sending emails by mistake made up some 30%.”. In the case of PayPay Corp.,

Accountability 111

Accountability Information Security Malware Data breaches 111

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft. P residential campaign.

Accountability 79

Accountability Passwords Advertising Government 79

Security Affairs

AUGUST 3, 2020

As a precaution, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with external security experts to investigate this matter.” Read more [link] — Have I Been Pwned (@haveibeenpwned) August 2, 2020.

Data breaches 111

Data breaches Accountability Passwords Advertising 111

Security Affairs

APRIL 24, 2020

Nintendo has disconnected the NNID legacy login system from main Nintendo profiles after it has discovered a massive account hijacking campaign. The gaming giant Nintendo announced that hackers gained accessed at least 160,000 user accounts as part of an account hijacking campaign since early April. ” reported ZDNet.

Accountability 99

Accountability Passwords Data breaches Advertising 99

Security Affairs

FEBRUARY 12, 2020

Microsoft February 2020 Patch Tuesday updates address a total of 99 new vulnerabilities, including an Internet Explorer zero-day exploited in the wild. In January, Microsoft has published a security advisory ( ADV200001 ) that includes mitigations for the CVE-2020-0674 zero-day remote code execution (RCE) flaw.

Internet 76

Internet Internet Engineering Advertising 76

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 240

Scams DDOS Cryptocurrency Accountability 240

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. ”The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files.” 5, 2021 Oct.

Accountability 129

Accountability Backups Risk Passwords 129

McAfee

FEBRUARY 26, 2020

The McAfee team is proud to announce today that, for the third year in a row, McAfee was named a 2020 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers (CASB) for its MVISION Cloud solution. rating for McAfee MVISION Cloud as of February 20, 2020. stars or higher. You can read all reviews for McAfee here.

Marketing 73

Marketing Healthcare Accountability Technology 73