Security Affairs

NOVEMBER 28, 2021

0patch released free unofficial patches for Windows local privilege escalation zero-day ( CVE-2021-24084 ) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. Pierluigi Paganini.

Accountability 137

Accountability Mobile Hacking Information Security 137

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. Internationally sourced data, exfiltrated in Sept and Aug 2021. Pierluigi Paganini.

Accountability 138

Accountability Malware Data breaches Passwords 138

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. ” Experts believe that FlyTrap belongs to a family of trojans that employ social engineering tricks to compromise Facebook accounts as part of a session hijacking campaign. .

Accountability 127

Accountability Social Engineering Media Malware 127

Security Affairs

JANUARY 7, 2022

million accounts. Threat actors compromised the FlexBooker accounts of more than 3.7 FlexBooker recommends users stay vigilant and review account statements and credit reports for suspicious transactions. The data breach notification service Have I Been Pwned reports that 3,756,794 accounts were compromised in the attack.

Data breaches 141

Data breaches Accountability Passwords Cybercrime 141

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source: Twitter account @sonoclaudio.

Data breaches 99

Data breaches Accountability Media Hacking 99

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The US Cybersecurity and Infrastructure Security Agency (CISA) also issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.

Cyber Attacks 119

Cyber Attacks Ransomware Insurance Hacking 119

Security Boulevard

MAY 11, 2021

Our sincere thanks to CPDP 2021 - Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization's YouTube channel. The post CPDP 2021 – Moderator: Eduard Fosch-Villaronga ‘Artountability: Accountability, AI, And Art’ appeared first on Security Boulevard.

Accountability 48

Accountability Education InfoSec Information Security 48

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. Microsoft says the feature will be rolled out over the coming weeks, it already provides passwordless methods to enterprise users since March 2021, and plans to roll out it for Azure AD accounts.

Authentication 104

Authentication Accountability Passwords Phishing 104

Security Affairs

FEBRUARY 2, 2021

Cyber Defense Magazine February 2021 Edition has arrived. 108 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

InfoSec 105

InfoSec DNS Media Marketing 105

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 118

Accountability Authentication Passwords Data breaches 118

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 118

Accountability Passwords Encryption Mobile 118

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported.

Accountability 94

Accountability Phishing Financial Services Surveillance 94

Google Security

JUNE 3, 2022

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). 2021 saw some amazing work from the security research community. We paid a total of $8.7 million in rewards, our highest amount yet.

Engineering 132

Engineering Authentication Internet Internet 132

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 134

Ransomware Firmware Antivirus Accountability 134

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency 83

Cryptocurrency Accountability Passwords Hacking 83

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 112

Banking Accountability Mobile Cryptocurrency 112

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption 120

Encryption Accountability Software Hacking 120

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. “This bug resulted from an update to our code in June 2021. . “This bug resulted from an update to our code in June 2021.

Accountability 105

Accountability Data breaches Authentication Media 105

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 89

Accountability Hacking Financial Services Cybersecurity 89

Security Affairs

JULY 28, 2022

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. SecurityAffairs – hacking, telecom security incidents).

Authentication 97

Authentication Hacking Accountability Information Security 97

Security Boulevard

AUGUST 5, 2021

Our thanks to Security BSides Athens for publishing their outstanding Security BSides Athens 2021 Conference videos on the groups' YouTube channel. The post Security BSides Athens 2021 – Talk 8: Leonidas Tsaousis’ ‘Click Here For Free TV!

Accountability 52

Accountability Education InfoSec Information Security 52

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The company has more than 5,000 employees in 17 countries, and its revenues in 2021 are US$2.84 We have since identified and removed unauthorized devices from these Authy accounts.”

Accountability 96

Accountability Authentication Phishing Data breaches 96

Security Affairs

JANUARY 2, 2022

In 2021 we observed a spike in crypto heists, $4.25 billion worth of cryptos were stolen by cybercriminals in 2021. It is estimated that the cryptocurrencies stolen between January 2011 and December 2021 amount to $12.1 billion from organizations in the industry and attacks against DeFi platforms accounted for $1.76

Cryptocurrency 108

Cryptocurrency Scams Marketing Hacking 108

Security Affairs

JANUARY 26, 2023

Experts warn of a spike in the attacks that between August and October 2022 attempted to exploit a Realtek Jungle SDK RCE (CVE-2021-35394). Palo Alto Networks researchers reported that between August and October 2022 the number of attacks that attempted to exploit a Realtek Jungle SDK RCE ( CVE-2021-35394 ) (CVSS score 9.8)

DDOS 96

DDOS IoT Manufacturing Malware 96

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile 96

Mobile Cryptocurrency Authentication Accountability 96

Security Affairs

JULY 12, 2022

Microsoft experts believe that the AiTM phishing campaign was used to target more than 10,000 organizations since September 2021. ” Once the attackers have captured the session cookie, they have injected it into their browser to skip the authentication process, even if the recipient enabled the MFA for his account.

Phishing 134

Phishing Authentication Social Engineering Passwords 134

Security Affairs

JULY 31, 2022

North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. In the last 12 months.

Accountability 89

Accountability Malware Passwords Hacking 89

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware 124

Ransomware Passwords Scams Government 124

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems. Covid Fraud: £34.5m

Energy and Utilities 120

Energy and Utilities Ransomware Banking Hacking 120

Security Affairs

JANUARY 30, 2022

A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. The US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. In fact, 45% of reports of money lost to social media scams in 2021 were about online shopping.”

Media 92

Media Scams Cryptocurrency Marketing 92

Security Affairs

NOVEMBER 28, 2022

million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook in 2021 that exposed the data belonging to millions of Facebook users. On April 3rd, 2021, a user leaked the phone numbers and personal data of 533 million Facebook users in a hacking forum for free online. ” reported the WSJ.

Hacking 99

Hacking Media Accountability Data breaches 99

Security Affairs

FEBRUARY 23, 2021

Twitter removed dozens of accounts allegedly used by Russia-linked threat actors to disseminate disinformation and target western countries. Twitter has removed dozens of accounts used by Russia-linked threat actors that were used to disseminate disinformation and to target the European Union, the United States, and the NATO alliance.

Accountability 83

Accountability Government Internet Internet 83

Security Affairs

FEBRUARY 4, 2022

billion phishing emails with Microsoft Defender for Office 365 in 2021. Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. From January 2021 through December 2021, we’ve blocked more than 25.6 ” states Microsoft.

Phishing 97

Phishing Authentication Cyber threats Education 97

Security Affairs

FEBRUARY 3, 2021

Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156 , that has allowed any local user to gain root privileges on Unix-like operating systems without authentication. News of the day is that the CVE-2021-3156 flaw also impacts the latest version of Apple macOS Big Sur, and Apple has yet to address it.

Authentication 130

Authentication Hacking Accountability Cybersecurity 130

Security Affairs

MARCH 3, 2021

Cyber Defense Magazine March 2021 Edition has arrived. 110 PAGESLOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. The post Cyber Defense Magazine – March 2021 has arrived.

InfoSec 65

InfoSec DNS Media Marketing 65

Security Affairs

FEBRUARY 13, 2022

Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Last week, cybersecurity agencies from the U.K., added the company. .”

Ransomware 94

Ransomware Cryptocurrency Cybercrime Malware 94

Security Affairs

MARCH 30, 2024

The seller, who goes online with the moniker MajorNelson, claims that the data was obtained from an unnamed AT&T division by @ ShinyHunters in 2021. It should be noted before anyone hits us with an “aktschually” – the data was stolen in 2021. million current AT&T account holders and approximately 65.4

Data breaches 138

Data breaches Telecommunications Cybercrime Hacking 138