Security Affairs

JULY 8, 2020

Early June, researchers at F5 Networks have addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP product. The CVE-2020-5902 vulnerability received a CVSS score of 10, this means that is quite easy to exploit.

Advertising 145

Advertising InfoSec Government Healthcare 145

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions.

Passwords 144

Passwords Advertising Hacking Software 144

Security Affairs

MARCH 22, 2021

The Kaspersky ICS CERT published a report that provided details about the threat landscape for computers in the ICS engineering and integration sector in 2020. Kaspersky ICS CERT published a report that provided details about the threat landscape for ICS engineering and integration sector in 2020. In H2 2020, 39.3%

Engineering 142

Engineering VPN Accountability Software 142

Security Affairs

DECEMBER 11, 2020

The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender. The post Spotify reset user passwords after accidentally personal information exposure appeared first on Security Affairs.

Passwords 135

Passwords Accountability Hacking Data breaches 135

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “This Alert also provides additional detection measures and mitigations for victim organizations to help recover from attacks resulting from CVE-2020-5902.

Advertising 135

Advertising Government Healthcare Education 135

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. ” reads the post published by Check Point. ” continues the post.

Phishing 145

Phishing Passwords Manufacturing Healthcare 145

Security Affairs

DECEMBER 4, 2020

Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913. The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library.

Hacking 136

Hacking Mobile Risk Cyber Attacks 136

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture 109

Architecture Internet Internet Malware 109

Malwarebytes

NOVEMBER 12, 2024

In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. In 2020, Ancestry was acquired by investment firm Blackstone for $4.7 Since those early days, we’ve had several warnings about how submitting your genetic data can go sideways.

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. .

Firewall 145

Firewall VPN Firmware Passwords 145

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Attackers also employ encrypted or password-protected files to evade security detection. The.zip often contains a password-protected, obfuscated VBS script. contaboserver[.]net.

Banking 89

Banking Phishing Malware Passwords 89

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Ahead of the 2020 Presidential election a mysterious transaction was noticed by cyber security experts and researchers. I have the wallet, @Google hook me up with a quantum computer please.

Cryptocurrency 145

Cryptocurrency Passwords Advertising Hacking 145

Security Affairs

JUNE 30, 2020

A threat actor is selling databases containing data belonging to 14 different companies he claimed were hacked in 2020. The databases are available for sale on multiple hacker forums, the all includes usernames and hashed passwords. Company # of records Alleged Breach Date DarkThrone 282,825 June 2020 Efun 2.2

Data breaches 145

Data breaches Hacking Passwords Risk 145

Security Affairs

FEBRUARY 2, 2025

The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S. DomainTools also uncovered evidence that the computers used by The Manipulaters were all infected with the same password-stealing malware, and that vast numbers of credentials were stolen from the group and sold online.”

Cybercrime 110

Cybercrime Advertising Phishing Hacking 110

Security Affairs

JULY 28, 2020

Million March 26th, 2020 Yes Dave.com 7 Million July 2020 * Yes Drizly.com 2.4 Million July 2020 * No GGumim.co.kr Million March 2020 * Yes Havenly.com 1.3 Million June 2020 * No Hurb.com 20 Million N/A Yes Indabamusic.com 475 Thousand N/A No Ivoy.mx com 3 Million July 2020 * No Scentbird.com 5.8

Passwords 145

Passwords Advertising Education Banking 145

Krebs on Security

MARCH 1, 2022

Shouting “Glory for Ukraine,” the Contileaks account has since published additional Conti employee conversations from June 22, 2020 to Nov. 22, 2020, the U.S. By late October 2020, Conti’s network of infected systems had grown to include 428 medical facilities throughout the United States. On Sunday, Feb.

Ransomware 301

Ransomware Healthcare Cybercrime Government 301

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 144

Hacking Accountability Passwords Advertising 144

Security Affairs

NOVEMBER 22, 2021

.” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Using a compromised password, an unauthorized third party accessed the provisioning system in our legacy code base for Managed WordPress.” The original WordPress Admin password that was set at the time of provisioning was exposed.

Data breaches 142

Data breaches Passwords Accountability Information Security 142

Security Affairs

NOVEMBER 23, 2020

VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attacker to hijack traffic or shut down an enterprise network.

Passwords 125

Passwords Authentication Accountability Hacking 125

Security Affairs

MARCH 16, 2020

Last week, Open Exchange Rates disclosed a data breach that exposed the personal information and hashed passwords for customers of its API service. Last week, the currency data provider Open Exchange Rates has disclosed a data breach that exposed the personal information and salted and hashed passwords for customers of its API service.

Data breaches 138

Data breaches Passwords Advertising Accountability 138

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. The double supply chain compromise that led to malware being pushed out to some 3CX customers. Image: Mandiant. Microsoft Corp.

Malware 329

Malware Software Technology Accountability 329

Security Affairs

FEBRUARY 20, 2020

One of the flaws patched the IT giant is a critical issue, tracked as CVE-2020-3158 , while six vulnerabilities are rated as high-risk severity. The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool.

Software 142

Software System Administration Advertising Accountability 142

Security Affairs

SEPTEMBER 14, 2020

Zerologon attack allows threat actors to take over enterprise networks by exploiting the CVE-2020-1472 patched in the August 2020 Patch Tuesday. Administrators of enterprise Windows Servers have to install the August 2020 Patch Tuesday as soon as possible to protect their systems from Zerologon attack that exploits the CVE-2020-1472.

Authentication 133

Authentication Passwords Advertising Architecture 133

Security Affairs

JANUARY 25, 2020

Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. reads the security advisory published by Cisco. reads the security advisory published by Cisco. “An

Mobile 143

Mobile Passwords Advertising Authentication 143

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 357

Hacking Ransomware Banking Accountability 357

Security Affairs

SEPTEMBER 24, 2020

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. — Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020. We strongly recommend customers to immediately apply security updates for CVE-2020-1472.

Security Intelligence 141

Security Intelligence Authentication Advertising Passwords 141

Security Affairs

MARCH 5, 2025

Silk Typhoon targets multiple sectors worldwide, including information technology (IT) services and infrastructure, remote monitoring and management (RMM) companies, managed service providers (MSPs) and affiliates, healthcare, legal services, higher education, defense, government, non-governmental organizations (NGOs), and energy.

Energy and Utilities 63

Energy and Utilities Passwords VPN Healthcare 63

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability 145

Accountability Hacking Data breaches Passwords 145

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS 145

DNS Malware Internet Internet 145

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The dump doesn’t include Weibo users’ passwords. ” reported the website PingWest. ?????????????

Accountability 144

Accountability Passwords Advertising Internet 144

Security Affairs

NOVEMBER 15, 2020

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack. Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th.

Passwords 135

Passwords Data breaches Retail Accountability 135

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. An attacker could also exploit the flaw to disable security features in the Netlogon authentication process and change a computer’s password on the domain controller’s Active Directory.

Authentication 144

Authentication Advertising Architecture Cybercrime 144

Security Affairs

NOVEMBER 13, 2020

” The flaws in the PLCs are: CVE-2020-7565 – A high-severity issue described as an inadequate encryption strength flaw that could be exploited to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine – Basic software and Modicon M221 controller.

Encryption 132

Encryption Passwords Authentication Software 132

Security Affairs

SEPTEMBER 24, 2020

The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past. Emotet joined the password-protected attachment bandwagon with a campaign starting Friday. Heaviest I can remember in some time. Shared templates in paste.

Malware 144

Malware Passwords Advertising Ransomware 144

Security Affairs

MARCH 31, 2025

The platform bypasses security with obfuscated code, dynamic translations, and redirects suspicious users to real sites. “We discovered cyber campaigns that used the phishing kits as early as January 2020. To ensure accuracy, victims see an Invalid Password error, prompting them to re-enter credentials.

DNS 86

DNS Phishing Banking Passwords 86

Security Affairs

SEPTEMBER 21, 2020

Change your Activision account passwords and add 2FA immediately. Activision @ATVIAssist [link] — Okami (@Okami13_) September 21, 2020. Activision accounts are apparently being leaked so change your password, although that might not even help because they're apparently generating 1,000 accounts every 10 minutes.

Hacking 143

Hacking Data breaches Accountability Passwords 143

Security Affairs

OCTOBER 23, 2020

Officials said the group has been targeting dozens of US state, local, territorial, and tribal (SLTT) government networks since at least February 2020. Energetic Bear successfully compromised the infrastructure and as of October 1, 2020, exfiltrated data from at least two victim servers. ” reads the advisory.

Government 143

Government Hacking Advertising Passwords 143