Security Affairs

NOVEMBER 28, 2021

0patch released free unofficial patches for Windows local privilege escalation zero-day ( CVE-2021-24084 ) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. SecurityAffairs – hacking, Windows).

Accountability 132

Accountability Mobile Hacking Information Security 132

Security Affairs

NOVEMBER 18, 2021

Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’ accounts. ” reads the report published by Abnormal Security.

Accountability 97

Accountability Phishing Media Scams 97

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source: Twitter account @sonoclaudio.

Data breaches 94

Data breaches Accountability Media Hacking 94

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. ” Experts believe that FlyTrap belongs to a family of trojans that employ social engineering tricks to compromise Facebook accounts as part of a session hijacking campaign. .

Accountability 125

Accountability Social Engineering Media Malware 125

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The US Cybersecurity and Infrastructure Security Agency (CISA) also issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.

Cyber Attacks 110

Cyber Attacks Ransomware Insurance Hacking 110

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Some users with AT&T email addresses wrote on Reddit that they have been hacked, and some of them claim they had the same issue for months.

Cryptocurrency 76

Cryptocurrency Accountability Passwords Hacking 76

Security Affairs

FEBRUARY 2, 2021

Cyber Defense Magazine February 2021 Edition has arrived. 108 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

InfoSec 103

InfoSec DNS Media Marketing 103

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 95

Authentication Accountability Passwords Phishing 95

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported.

Accountability 89

Accountability Phishing Financial Services Surveillance 89

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers.

Data breaches 119

Data breaches Hacking Banking Financial Services 119

Security Affairs

MARCH 10, 2023

AT&T is warning some of its customers that some of their information was exposed after the hack of a third-party vendor’s system. AT&T is notifying millions of customers that some of their information was exposed after a third-party vendor was hacked. Social Security Number, account passwords).

Data breaches 89

Data breaches Hacking Wireless Telecommunications 89

Security Affairs

MAY 27, 2021

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username “elie” to gain persistence on the network.

VPN 120

VPN Government Hacking Accountability 120

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The company has more than 5,000 employees in 17 countries, and its revenues in 2021 are US$2.84 We have since identified and removed unauthorized devices from these Authy accounts.”

Accountability 91

Accountability Authentication Phishing Data breaches 91

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 113

Accountability Authentication Passwords Data breaches 113

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. ” reads the Twitter’s advisory.

Accountability 104

Accountability Data breaches Authentication Media 104

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. How not to disclosure a Hack. UK fashion retailer FatFace angered customers in its handling of a customer data theft hack. conduct employee phishing tests.

Energy and Utilities 122

Energy and Utilities Ransomware Banking Hacking 122

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 127

Ransomware Firmware Antivirus Accountability 127

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 110

Accountability Passwords Encryption Mobile 110

Security Affairs

JANUARY 18, 2021

The attack took place on Saturday, around 04:00 (GMT), when threat actors compromised an administrator account and downloaded a copy of the list of users. “Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum ( [link] ) was breached. SecurityAffairs – hacking, data breach).

Hacking 129

Hacking Data breaches Passwords Accountability 129

Security Affairs

JULY 28, 2022

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. SecurityAffairs – hacking, telecom security incidents).

Authentication 94

Authentication Hacking Accountability Information Security 94

Security Affairs

FEBRUARY 27, 2021

‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. ?A breach #infosec #deepwebnews @FinanzasEc @EcuCERT_EC pic.twitter.com/WTbXz8EYLx — Security Chronicle (@SecurChronicle) February 23, 2021. Pierluigi Paganini.

Hacking 139

Hacking Banking Ransomware Passwords 139

Security Affairs

NOVEMBER 10, 2021

Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. Cyber security department director Chien Hung-wei told parliament representatives that government infrastructure faces “five million attacks and scans a day” . Pierluigi Paganini.

Government 123

Government Hacking Cyber Attacks Information Security 123

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. million current AT&T account holders and approximately 65.4

Data breaches 133

Data breaches Telecommunications Cybercrime Hacking 133

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption 117

Encryption Accountability Software Hacking 117

Security Affairs

JANUARY 2, 2022

In 2021 we observed a spike in crypto heists, $4.25 billion worth of cryptos were stolen by cybercriminals in 2021. It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 billion from organizations in the industry and attacks against DeFi platforms accounted for $1.76

Cryptocurrency 104

Cryptocurrency Scams Marketing Hacking 104

Security Affairs

APRIL 3, 2021

On April 3, a user has leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. Bad news for Facebook, a user in a hacking forum has published the phone numbers and personal data of 533 million Facebook users. SecurityAffairs – hacking, data leak). Pierluigi Paganini.

Hacking 137

Hacking Accountability Passwords Data breaches 137

Security Affairs

NOVEMBER 28, 2022

million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook in 2021 that exposed the data belonging to millions of Facebook users. On April 3rd, 2021, a user leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. ” reported the WSJ.

Hacking 92

Hacking Media Accountability Data breaches 92

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 105

Banking Accountability Mobile Cryptocurrency 105

Security Affairs

JANUARY 26, 2023

Experts warn of a spike in the attacks that between August and October 2022 attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394). Palo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted to exploit a Realtek Jungle SDK RCE ( CVE-2021-35394 ) (CVSS score 9.8)

DDOS 93

DDOS IoT Manufacturing Malware 93

Security Affairs

OCTOBER 30, 2023

The man was sentenced for his role in a hacking scheme that led to the theft of approximately $1M worth of cryptocurrency from dozens of victims. Persad and his co-conspirators hacked the email accounts of the victims, hijacked their cell phone numbers, and took over their online cryptocurrency accounts.

Cryptocurrency 113

Cryptocurrency Accountability Hacking Cybercrime 113

Security Affairs

JANUARY 30, 2022

A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. The US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. In fact, 45% of reports of money lost to social media scams in 2021 were about online shopping.”

Media 86

Media Scams Cryptocurrency Marketing 86

Security Affairs

JULY 12, 2022

Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021. ” Once the attackers have captured the session cookie, they have injected it into their browser to skip the authentication process, even if the recipient enabled the MFA for his account.

Phishing 128

Phishing Authentication Social Engineering Passwords 128

Security Affairs

JANUARY 31, 2022

Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. accounts too.” I submitted these bugs to Apple in mid July 2021. Pierluigi Paganini.

Hacking 82

Hacking Accountability Mobile Malware 82

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile 90

Mobile Cryptocurrency Authentication Accountability 90

Security Affairs

JULY 31, 2022

North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. In the last 12 months.

Accountability 82

Accountability Malware Passwords Hacking 82

Security Affairs

FEBRUARY 4, 2022

billion phishing emails with Microsoft Defender for Office 365 in 2021. Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. From January 2021 through December 2021, we’ve blocked more than 25.6 ” states Microsoft.

Phishing 90

Phishing Authentication Education Cyber threats 90

Security Affairs

APRIL 10, 2024

The seller, who goes online with the moniker MajorNelson, claimed that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. The archive contains 73.481.539 records. “It It was leaked online today.”

Data breaches 99

Data breaches Telecommunications Identity Theft Hacking 99