Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source: Twitter account @sonoclaudio.

Data breaches 94

Data breaches Accountability Media Hacking 94

Security Affairs

JULY 12, 2022

Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. and certificate-based authentication. appeared first on Security Affairs.

Phishing 128

Phishing Authentication Social Engineering Passwords 128

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The company has more than 5,000 employees in 17 countries, and its revenues in 2021 are US$2.84 We have since identified and removed unauthorized devices from these Authy accounts.”

Accountability 91

Accountability Authentication Phishing Data breaches 91

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. “This bug resulted from an update to our code in June 2021. Twitter confirmed that the recent data breach that exposed data of 5.4

Accountability 104

Accountability Data breaches Authentication Media 104

Security Affairs

MAY 5, 2021

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. “A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. .

Authentication 91

Authentication Passwords Accountability System Administration 91

SC Magazine

APRIL 27, 2021

FireEye CEO Kevin Mandia testifies during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. But the same campaign relied on takeovers of AD FS servers to overtake Microsoft 365 accounts for espionage purposes. Photo by Drew Angerer/Getty Images).

Authentication 105

Authentication Accountability Media Government 105

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile 90

Mobile Cryptocurrency Authentication Accountability 90

Security Affairs

FEBRUARY 4, 2022

billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021. Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. ” states Microsoft.

Phishing 90

Phishing Authentication Education Cyber threats 90

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 105

Banking Accountability Mobile Cryptocurrency 105

Google Security

JUNE 3, 2022

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). 2021 saw some amazing work from the security research community. We paid a total of $8.7 million in rewards, our highest amount yet.

Engineering 132

Engineering Authentication Internet Internet 132

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

JULY 28, 2022

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. SecurityAffairs – hacking, telecom security incidents).

Authentication 94

Authentication Hacking Accountability Information Security 94

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. ” reads the analysis published by Microsoft.

Accountability 107

Accountability Government Authentication Engineering 107

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. million current AT&T account holders and approximately 65.4

Data breaches 133

Data breaches Telecommunications Cybercrime Hacking 133

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 294

Banking Government Information Security Authentication 294

Security Affairs

FEBRUARY 3, 2021

Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156 , that has allowed any local user to gain root privileges on Unix-like operating systems without authentication. News of the day is that the CVE-2021-3156 flaw also impacts the latest version of Apple macOS Big Sur, and Apple has yet to address it.

Authentication 123

Authentication Hacking Accountability Cybersecurity 123

Security Affairs

OCTOBER 20, 2023

US CISA added the vulnerability CVE-2021-1435 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2021-1435 in Cisco IOS XE. ” reads the report published by Cisco Talos.

Authentication 114

Authentication Hacking Accountability Software 114

Security Affairs

APRIL 10, 2024

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches 99

Data breaches Telecommunications Identity Theft Hacking 99

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication 138

Authentication Passwords Hacking Accountability 138

Security Affairs

SEPTEMBER 29, 2023

State Department accounts, a Senate staffer told Reuters this week. State Department IT officials, officials told lawmakers that threat actors stole at least 60,000 emails from a 1 total of 10 State Department accounts. The accounts belong to State Department officials who were working in East Asia, the Pacific, and Europe.

Accountability 104

Accountability Government Hacking Authentication 104

Security Affairs

APRIL 21, 2021

The three vulnerabilities addressed by the security vendor are: CVE-2021-20021 : Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security version 10.0.9.x ” reads the advisory published by FireEye.

Authentication 113

Authentication Accountability Encryption Hacking 113

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 115

Cryptocurrency Data breaches Authentication Accountability 115

CyberSecurity Insiders

OCTOBER 1, 2021

SALT LAKE CITY–( BUSINESS WIRE )– Venafi , the inventor and leading provider of machine identity management, today announced that the company’s Trust Protection Platform won the “Identity Management Platform of the Year” award in the 2021 CyberSecurity Breakthrough Awards. For more information, visit: www.venafi.com.

Cybersecurity 52

Cybersecurity Digital transformation IoT Marketing 52

Security Affairs

SEPTEMBER 2, 2021

Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code is available. An attacker can exploit the issue to bypass authentication and log in as an administrator to the affected device. ” reads the advisory published by Cisco. Pierluigi Paganini.

Authentication 95

Authentication Software Accountability Hacking 95

Security Affairs

APRIL 4, 2023

Below is the list of flaws exploited by the ransomware gang’s affiliate: CVE-2021-27876 : The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. CVE-2021-27877 : An issue was discovered in Veritas Backup Exec before 21.2.

Backups 93

Backups Ransomware Authentication Penetration Testing 93

Malwarebytes

FEBRUARY 22, 2023

DNA Diagnostics Center (DDC), an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents ' personal details. Overall the attack compromised over 2.1

Penetration Testing 89

Penetration Testing InfoSec Accountability Authentication 89

Security Affairs

NOVEMBER 10, 2021

A critical vulnerability in the WP Reset PRO WordPress plugin can allow an authenticated user to wipe the entire database of WordPress sites. Then the attacker can create an administrator account associated with the installation process. 27-09-2021 – We reached out to the developer of the plugin.

Authentication 89

Authentication Accountability Hacking Cybersecurity 89

Security Affairs

NOVEMBER 18, 2021

Microsoft recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306 , affecting Azure AD. Microsoft has recently addressed an information disclosure vulnerability, tracked as CVE-2021-42306 , affecting Azure AD. ” reads the analysis published by NetSPI.

Accountability 112

Accountability Authentication Hacking Information Security 112

CyberSecurity Insiders

MARCH 25, 2021

This is why it is essential to your device performance to make sure any endpoints include flexible, secure, default-settings and, in particular, optional mechanisms like password complexity, password expiration, and account lock-out, which forces users to modify the default credentials when setting up the device.

IoT 100

IoT Authentication Passwords Data collection 100

Security Affairs

AUGUST 31, 2021

ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. Technical details of a serious vulnerability in the Microsoft Exchange Server, dubbed ProxyToken (CVE-2021-33766), were publicly disclosed. ” continues the analysis.

Authentication 79

Authentication Telecommunications Accountability Information Security 79

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large.

Engineering 145

Engineering Authentication Accountability Internet 145

Security Boulevard

FEBRUARY 1, 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, January 2021. Cyber Security Careers Advice. I also updated the Cyber Security Careers Advice page on The IT Security Expert website. Stay safe and secure.

Artificial Intelligence 58

Artificial Intelligence Ransomware Education Cybersecurity 58

Security Affairs

MARCH 16, 2022

The nation-state actors gained access to the network by exploiting default MFA protocols and the Windows Print Spooler vulnerability, “PrintNightmare” ( CVE-2021-34527 ), reads the advisory. In order to compromise the target network, the attackers conducted a brute-force password guessing attack against an un-enrolled and inactive account.

Accountability 91

Accountability Passwords Authentication Firmware 91

CyberSecurity Insiders

OCTOBER 2, 2021

SAN FRANCISCO–( BUSINESS WIRE )– Onfido , the global identity verification and authentication company, today announced that it has been honored for its innovative fraud prevention technology. This means businesses can see their customers for who they are, without compromising on experience, conversion, privacy or security.

Cybersecurity 40

Cybersecurity Artificial Intelligence Digital transformation Threat Detection 40

Security Affairs

MARCH 2, 2021

Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Patches available now, action required to apply* Full remote code execution, without authentication. link] — Kevin Beaumont (@GossiTheDog) March 2, 2021.

Authentication 100

Authentication Internet Internet Hacking 100

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Energy and Utilities 96

Energy and Utilities Government Firewall Malware 96

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 95

Telecommunications Authentication Passwords Accountability 95