Security Affairs

NOVEMBER 16, 2020

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. ” reads the analysis published vpnMentor.

Scams 112

Scams Accountability Hacking Passwords 112

Security Affairs

DECEMBER 11, 2020

“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. The company recommends users to remain vigilant by monitoring their account closely and to report any suspicious activity on their account. Pierluigi Paganini.

Passwords 102

Passwords Accountability Hacking Data breaches 102

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 114

Accountability Passwords Encryption Mobile 114

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 123

Data breaches Accountability Passwords Encryption 123

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. 2020 AP controllers NXC2500 V6.10

Firewall 141

Firewall VPN Firmware Passwords 141

Security Affairs

APRIL 24, 2020

Nintendo has disconnected the NNID legacy login system from main Nintendo profiles after it has discovered a massive account hijacking campaign. The gaming giant Nintendo announced that hackers gained accessed at least 160,000 user accounts as part of an account hijacking campaign since early April. ” reported ZDNet.

Accountability 99

Accountability Passwords Data breaches Advertising 99

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. ” reads the security update published by the company. Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9 — Toneman (@Toneman) February 21, 2020.

Accountability 95

Accountability Data breaches Passwords Advertising 95

Security Affairs

AUGUST 3, 2020

The leaked records included a login name, full name, MD5 hashed password, email address, phone number, zip, and other data related. The company has notified impacted users via email, it admitted to having recently discovered the data breach, in response to the incident it has forced a password reset. Pierluigi Paganini.

Data breaches 102

Data breaches Accountability Passwords Advertising 102

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.

Accountability 103

Accountability Hacking Data breaches Advertising 103

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” Attackers also sent out spam messages through compromised email accounts to make messages appear to be from legitimate sources. . ” continues the post.

Phishing 122

Phishing Passwords Manufacturing Healthcare 122

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 109

Advertising Government Healthcare Education 109

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. “The targeted accounts are associated with a U.S. ” reads the analysis published by Microsoft. P residential campaign.

Accountability 76

Accountability Passwords Advertising Government 76

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. ”The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files.” 5, 2021 Oct.

Accountability 131

Accountability Backups Risk Passwords 131

Daniel Miessler

MAY 19, 2020

TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations Report. The top malware type is Password Dumper, because it really is about getting those creds. Within hacking, web applications accounted for over 95% of breaches. The newsletter serves as the show notes for the podcast.

Data breaches 130

Data breaches Phishing Malware Hacking 130

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking 117

Banking Cybercrime Malware Accountability 117

Security Affairs

NOVEMBER 22, 2021

million of its managed WordPress customer accounts. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. ” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. We reset both passwords.

Data breaches 124

Data breaches Passwords Accountability Phishing 124

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 133

Hacking Accountability Passwords InfoSec 133

Security Affairs

JUNE 13, 2023

According to HIBP, the records in the database contain names, addresses, phone numbers, email addresses, usernames, and passwords stored as unsalted SHA-256 hashes. The company attempted to downplay the security breach by telling Have I Been Pwned that threat actors only had access to encrypted passwords. ” reported HIBP.

Data breaches 86

Data breaches Passwords Cybercrime Encryption 86

Security Affairs

JANUARY 7, 2024

. “The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals.” Sea Turtle also used code from a publicly accessible GitHub account, which is likely under the control of the threat actor. Enable 2FA on all externally exposed accounts.

Media 115

Media Accountability Telecommunications Government 115

Security Affairs

JUNE 18, 2021

In 2020, the company was ranked at number three on the Fortune List of the Top 100 Companies to Work For in 2020 based on an employee survey of satisfaction, currently, it has more than 50,000 employees. It is generally a good idea to use a unique password for each online account you may have.”

Data breaches 108

Data breaches Passwords Accountability Marketing 108

Security Affairs

OCTOBER 17, 2022

As soon the company became aware of the security breach it blocked access to all affected systems. . In September 2020, 80% of MyDeal were acquired by Woolworths, anyway Woolworths was not impacted by the security breach. Payment, drivers licence, or passport details were accessed because MyDeal does not store this information.

Retail 117

Retail Data breaches Passwords Accountability 117

Security Affairs

NOVEMBER 15, 2020

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack. Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th.

Passwords 118

Passwords Retail Data breaches Accountability 118

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Image: Mandiant.

Malware 281

Malware Software Technology Accountability 281

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Feedback message data contained Account id, feedback rating given, and users’ email addresses. What’s Happening? AMT Games is a mobile and browser game developer based in China.

Data breaches 109

Data breaches Accountability Mobile Phishing 109

Security Affairs

NOVEMBER 24, 2020

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. ” reads the post published by vpnMentor.

Identity Theft 104

Identity Theft Accountability Passwords Phishing 104

Security Affairs

JANUARY 30, 2023

Sports fashion retail JD Sports discloses a data breach that explosed data of about 10M customers who placed orders between 2018 and 2020. UK sports fashion chain JD Sports disclosed a data breach that exposed customer data from orders placed between November 2018 and October 2020. The affected JD Sports group brands are JD, Size?,

Data breaches 91

Data breaches Retail Passwords Scams 91

Security Affairs

NOVEMBER 23, 2020

VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network.

Passwords 86

Passwords Authentication Accountability Hacking 86

CyberSecurity Insiders

JANUARY 30, 2023

Details are in that the info belongs to all those customers who booked their orders on the platform from the past few years(say between Nov’18 to Oct’2020) and might include sensitive details of half of the affected consumers.

Data breaches 109

Data breaches Retail Identity Theft Social Engineering 109

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 109

Hacking Data breaches Accountability Passwords 109

Security Affairs

OCTOBER 1, 2021

The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and contact information, usernames, passwords, and answers to security questions associated with online accounts.

Data breaches 93

Data breaches Retail Passwords Accountability 93

Security Affairs

MARCH 7, 2023

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. The hackers installed a keylogger on the DevOp engineer’s computed and captured his master password. “We have recently been made aware of a security vulnerability related to Plex Media Server. .

Software 98

Software Hacking Data breaches Media 98

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches 105

Data breaches Passwords Advertising Accountability 105

Security Affairs

JULY 28, 2020

Million March 26th, 2020 Yes Dave.com 7 Million July 2020 * Yes Drizly.com 2.4 Million July 2020 * No GGumim.co.kr Million March 2020 * Yes Havenly.com 1.3 Million June 2020 * No Hurb.com 20 Million N/A Yes Indabamusic.com 475 Thousand N/A No Ivoy.mx com 3 Million July 2020 * No Scentbird.com 5.8

Passwords 131

Passwords Advertising Education Banking 131

Security Affairs

FEBRUARY 20, 2020

One of the flaws patched the IT giant is a critical issue, tracked as CVE-2020-3158 , while six vulnerabilities are rated as high-risk severity. The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool.

Software 109

Software System Administration Advertising Accountability 109

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime 132

Cybercrime Education Accountability Phishing 132

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 96

Telecommunications Authentication Passwords Accountability 96

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. 5.38?????????????? 5.38??????????????1.72????????????0.177???????????????

Accountability 113

Accountability Passwords Advertising Internet 113