CyberSecurity Insiders

JUNE 15, 2021

Apple Inc, the iPhone maker from America has decided to wage a war against the use of passwords by releasing a new tech for security authentication. Dubbed as PassKeys, the new tech will eliminate the need for users to remember passwords for online service usage. .

Passwords 95

Passwords Technology Authentication Hacking 95

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking 118

Hacking Risk Mobile Banking 118

Security Affairs

MARCH 7, 2023

Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack.

Software 98

Software Hacking Data breaches Media 98

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 138

Hacking Accountability Passwords InfoSec 138

Troy Hunt

OCTOBER 2, 2020

I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived. The account takeover all began with the Grindr password reset page: I entered Scott's address, solved a Captcha and then received the following response: I've popped open the dev tools because the reset token in the response is key.

Accountability 363

Accountability Hacking Passwords InfoSec 363

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability 299

Accountability Hacking Media Mobile 299

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. The hacker has shared 15 million user records calling for action in cracking the passwords that are hashed using the SHA2-384 hashing algorithm. ZDNet confirmed the authenticity of the leaked data.

Accountability 121

Accountability Hacking Passwords Data breaches 121

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. “The compromised data sets were originally posted on March 12th, 2020 and self-attributed to a threat actor named “Protag”. .

Accountability 141

Accountability Hacking Data breaches Passwords 141

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN 140

VPN Passwords Banking Advertising 140

Approachable Cyber Threats

SEPTEMBER 30, 2021

You just heard in the news about another online company getting hacked and all of their password’s getting stolen; including yours. It could mean that even though it was an online retailer who got hacked, your bank account could ultimately be emptied. Let’s first look at how companies store passwords.

Passwords 98

Passwords Password Management Hacking Accountability 98

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Change your Activision account passwords and add 2FA immediately.

Hacking 117

Hacking Data breaches Accountability Passwords 117

Security Affairs

NOVEMBER 2, 2020

Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. The advisory states that this vulnerability is related to the CVE-2020-14882 flaw that was addressed in the October 2020 Critical Patch Update. . 12.2.1.4.0,

Advertising 105

Advertising Authentication Passwords Hacking 105

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 315

Social Engineering Mobile Cybercrime Passwords 315

Security Affairs

JULY 14, 2020

“As of July 11th, 2020, our cybersecurity team has confirmed that an unauthorized third party accessed certain user data through a security breach at a LiveAuctioneers data processing partner that occurred on June 19, 2020.” The company confirmed that the an investigation into the hack is still ongoing. The post 3.4

Hacking 106

Hacking Data breaches Identity Theft Advertising 106

Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising 129

Advertising InfoSec Government Healthcare 129

The Security Ledger

FEBRUARY 24, 2020

Small and medium-sized businesses find themselves in the cross hairs of sophisticated hacking groups. The post As Cyber Attacks Mount, Small Businesses seek Authentication. » Related Stories Opinion: AI and Machine Learning will power both Cyber Offense and Defense in 2020 Passwordless? . » But what do SMBs want?

Small Business 52

Small Business Authentication Cyber Attacks Cyber Risk 52

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 324

Accountability Passwords Advertising Phishing 324

Security Affairs

JANUARY 12, 2024

In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467 , to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF). in the Apache OfBiz.

Authentication 135

Authentication Software Passwords Hacking 135

Krebs on Security

AUGUST 17, 2023

The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries. For example, in 2019 McAfee found that for targets in Japan, the 16Shop kit would also collect Web ID and Card Password, while US victims will be asked for their Social Security Number. Image: Akamai. Image: ZeroFox.

Phishing 190

Phishing Passwords Internet Internet 190

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 117

Advertising Government Healthcare Education 117

eSecurity Planet

APRIL 15, 2022

Not everyone adopts multi-factor authentication (MFA) to secure their accounts. Many stick with simple username and password combinations despite the weaknesses of this authentication method. The Problem with Passwords. Passwords are the most common method of authentication. Passwordless Authentication 101.

Authentication 130

Authentication Passwords Password Management Accountability 130

Security Affairs

DECEMBER 13, 2020

It ranks fourth among all database management systems (DBMS) as of November 2020. The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication. Pierluigi Paganini.

Hacking 140

Hacking Cryptocurrency Authentication Passwords 140

Security Affairs

NOVEMBER 11, 2021

The hacked server was used by the company to manage customer information for the Queensland water supplier. The security breach took place between August 2020 and May 2021, the intrusion has been attributed to a financially motivated attacker that deployed a custom implant to redirect visitor traffic to an online video platform.

Hacking 96

Hacking Passwords Government Security Awareness 96

CyberSecurity Insiders

SEPTEMBER 2, 2022

FBI has issued a warning that cybercriminals are hiding credentials on home IP addresses after hacking connected devices like IP cams and routers. To avoid such troubles with passwords, tech companies are coming up with ways to avoid passwords such as 2FA, thus paving the way for password-less authentication environments.

Cyber Attacks 127

Cyber Attacks Passwords Authentication Accountability 127

SecureWorld News

JANUARY 22, 2024

Microsoft disclosed that it recently fell victim to a cyberattack by Nobelium, the Russian state-sponsored hacking group infamously responsible for the 2020 SolarWinds supply chain attack. In this case, an old fashioned 'password spray attack' worked just fine to let attackers in to read management emails.

Passwords 101

Passwords Accountability Backups Hacking 101

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability 105

Accountability Hacking Data breaches Advertising 105

Security Affairs

NOVEMBER 23, 2020

VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack. The SQL injection vulnerability in SD-WAN Orchestrator, tracked as CVE-2020-3984, is caused by improper input validation. SecurityAffairs – hacking, VMware). Pierluigi Paganini.

Passwords 94

Passwords Authentication Accountability Hacking 94

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking 112

Hacking Data breaches Advertising Backups 112

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication 99

Authentication Accountability Advertising Passwords 99

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. The Indian Government fixed a flaw in the secure document wallet service Digilocker that could have potentially allowed anyone’s access without password. SecurityAffairs – digilocker, hacking). The service has over 38 million registered users.

Authentication 98

Authentication Mobile Accountability Passwords 98

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472. Pierluigi Paganini.

Security Intelligence 132

Security Intelligence Authentication Advertising Passwords 132

Security Affairs

OCTOBER 6, 2019

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. Microsoft notified all the impacted users about the hacks and provided supports to the victims to secure their accounts. government officials.

Accountability 79

Accountability Passwords Advertising Government 79

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 312

Accountability Passwords Authentication Password Management 312

Security Affairs

SEPTEMBER 10, 2021

It seems that the Umoja account used in the attacks wasn’t not protected with two-factor authentication because the security feature was made available only in July by the software vendor. According to the report, attackers did not access passwords. SecurityAffairs – hacking, United Nations). Pierluigi Paganini.

Hacking 118

Hacking Data breaches Cyber Attacks Software 118

Security Affairs

MAY 25, 2020

Some of the databases are dated as 2016, but data starts from March 28, 2020. ” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S.,

Hacking 99

Hacking Advertising Authentication Passwords 99

Security Affairs

SEPTEMBER 14, 2020

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472.

Authentication 100

Authentication Passwords Advertising Architecture 100

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

Authentication 139

Authentication Advertising Architecture Cybercrime 139