2021, Information Security and Passwords

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords

Passwords Authentication Architecture Risk

BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. Now What?’

Security Boulevard

JULY 22, 2021

Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel. The post BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. ’ appeared first on Security Boulevard.

Passwords

Passwords Education InfoSec Information Security

BSidesKC 2021 – Alex Lauerman’s ‘Passwords are dead? Long live WebAuthn!’

Security Boulevard

DECEMBER 4, 2021

Our thanks to BSidesKC for publishing their outstanding BSidesKC 2021 videos on the Conferences’ YouTube channel. The post BSidesKC 2021 – Alex Lauerman’s ‘Passwords are dead? appeared first on Security Boulevard. Long live WebAuthn!’

Passwords

Passwords Education InfoSec Information Security

Study reveals top 200 most common passwords

Security Affairs

NOVEMBER 20, 2021

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords.

Passwords

Passwords Password Management Data breaches Authentication

BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’

Security Boulevard

MARCH 17, 2021

Many thanks to BSides Huntsville 2021 for publishing their tremendous conference videos on the organization's YouTube channel; a great BSides, don't miss this 10-video infosec event. The post BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’ appeared first on Security Boulevard.

Passwords

Passwords InfoSec Education Information Security

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. How Strong is Your Password? A favourite sports team accounted for 6% of passwords, while a favourite TV show accounted for 5%. Stay safe and secure.

Ransomware

Ransomware Passwords Scams Government

Security Affairs most-read cyber stories of 2021

Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. email and password pairs leaked online. The Largest compilation of emails and passwords (COMB), more than 3.2 COMB breach: 3.2B

Hacking

Hacking VPN Passwords Ransomware

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. Pierluigi Paganini.

DNS

DNS Cryptocurrency Internet Internet

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. The post Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021? Pierluigi Paganini.

Phishing

Phishing Authentication Social Engineering Passwords

The Consumer Authentication Strength Maturity Model (CASMM)

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene. How to use this model.

Authentication

Authentication Passwords Internet Internet

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

Security Affairs

NOVEMBER 5, 2021

have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc. have been hijacked, threat actors replaced them versions laced with password-stealing malware. The last stable coa version 2.0.2

Passwords

Passwords Malware Accountability Hacking

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Mobile

Mobile Cryptocurrency Authentication Accountability

Black Hat USA 2021 Network Operations Center

Cisco Security

AUGUST 12, 2021

Cisco Secure returned as a supporting partner of the Black Hat USA 2021 Network Operations Center (NOC) for the 5 th year ; joining conference producer Informa Tech and its other security partners. SECURITY CATEGORY (PHISHING). Date & Time: Aug 5, 2021 at 6:32 AM. app.nihaocloud[.]com. Event Details (1 of 2).

DNS

DNS Firewall Phishing Mobile

A supply chain attack compromised the update mechanism of Passwordstate Password Manager

Security Affairs

APRIL 25, 2021

The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Informacja od Tajemniczego Pedro) pic.twitter.com/PGHhmEKpje — Niebezpiecznik (@niebezpiecznik) April 23, 2021. Affected customers password records may have been harvested.”

Password Management

Password Management Passwords Software Malware

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware

Ransomware Firmware Antivirus Accountability

Twitter says recently leaked user data are from 2021 breach

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. ” the source told 9to5Mac.

Data breaches

Data breaches Accountability Media Hacking

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems.

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

2021 data breach exposed data of 70 Million Luxottica customers

Security Affairs

MAY 20, 2023

Luxottica has finally confirmed the 2021 data breach that exposed the personal information of 70 million customers. pic.twitter.com/62uQWT4YQB — Andrea Draghetti (@AndreaDraghetti) May 12, 2023 The most recent entry in the database is March 16th, 2021, a circumstance that suggests it is a new data breach suffered by Luxottica.

Data breaches

Data breaches Retail Hacking Ransomware

New GoDaddy data breach impacted 1.2 million customers

Security Affairs

NOVEMBER 22, 2021

Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. “On November 17, 2021, we discovered unauthorized third-party access to our Managed WordPress hosting environment.” We reset both passwords.

Data breaches

Data breaches Passwords Accountability Phishing

Venafi Wins 2021 CyberSecurity Breakthrough Awards

CyberSecurity Insiders

OCTOBER 1, 2021

SALT LAKE CITY–( BUSINESS WIRE )– Venafi , the inventor and leading provider of machine identity management, today announced that the company’s Trust Protection Platform won the “Identity Management Platform of the Year” award in the 2021 CyberSecurity Breakthrough Awards. For more information, visit: www.venafi.com.

Cybersecurity

Cybersecurity Digital transformation IoT Marketing

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. .” Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

Cyber CEO: A Look Back at Cybersecurity in 2021

Herjavec Group

DECEMBER 15, 2021

Needless to say, in 2021 cybersecurity was front and center for individuals, enterprises, and governments alike. This forced security leaders and enterprise executives to assess their information security operations and overall cybersecurity posture to ensure their organizations were ready to face the challenges ahead.

Cybersecurity

Cybersecurity Digital transformation Ransomware Cyber Risk

Experts found critical flaws in Nagios XI network monitoring software

Security Affairs

SEPTEMBER 20, 2023

An attacker can trigger the flaws to escalate privileges in the product and obtain sensitive user data, including password hashes and API tokens. An attacker can trigger the flaw to read and modify page data, including plain-text passwords from login forms. ” reads the post published by Outpost24.

Software

Software Passwords Hacking Cybersecurity

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

The flaws were discovered by Cisco Talos researchers, the first one tracked as CVE-2021-21818 is hard-coded password vulnerability in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03, while the second one is a hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03.

Firmware

Firmware Wireless Passwords Internet

LastPass investigated recent reports of blocked login attempts

Security Affairs

DECEMBER 28, 2021

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” reads the warnings. — Valcrist (@Valcristerra) December 28, 2021.

Password Management

Password Management Passwords Accountability Authentication

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

A few days ago the data breach hunter Bob Diachenko discovered an unsecured server exposing over 6 million RedLine logs containing data harvested between August and September 2021. Internationally sourced data, exfiltrated in Sept and Aug 2021. pic.twitter.com/kv9MNL8hAE — Bob Diachenko (@MayhemDayOne) December 25, 2021.

Accountability

Accountability Malware Data breaches Passwords

7 Top Tips for Accelerating your IoT Projects in 2021

CyberSecurity Insiders

MARCH 25, 2021

This is why it is essential to your device performance to make sure any endpoints include flexible, secure, default-settings and, in particular, optional mechanisms like password complexity, password expiration, and account lock-out, which forces users to modify the default credentials when setting up the device.

IoT

IoT Authentication Passwords Data collection

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 22, 2021

NEW YORK–( BUSINESS WIRE )– Veridium , a leading developer of frictionless, passwordless authentication solutions, is proud to announce that it’s won the 2021 Global InfoSec Award in the category of Next-Gen in Passwordless Authentication. “We For more information, please visit www.veridiumid.com.

InfoSec

InfoSec B2C B2B Authentication

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Security Affairs

JULY 10, 2021

An unauthorized person also potentially accessed subscribers’ personal information, including call history, names, addresses, emails, and passwords. In January, another US carrier disclosed a data breach, UScellular revealed that attackers had access to personal information of its customers. Pierluigi Paganini.

Mobile

Mobile Data breaches Telecommunications Passwords

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Well, don’t sweat it. Human Needs.

VPN

VPN Passwords Internet Internet

Your Guide to Hacker Summer Camp 2021

ForAllSecure

MAY 25, 2021

Black Hat Briefings USA ( Jul 31, 2021 through Thu, Aug 5, 2021). BsidesLV (July 31 and August 1, 2021). BSidesLV will be entirely virtual in 2021. For example, FuzzCON 2021 will be hybrid, in person and virtual, the Thursday night between Black Hat and DEF CON. Well, don’t sweat it. Human Needs.

VPN

VPN Passwords Internet Internet

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Security Affairs

MARCH 13, 2024

Compromised information varies from person to person, but they could include date of birth, Social Security number, government ID, passport number, driver’s license number, and other information collected by the Department of Public Safety in its operations.

Ransomware

Ransomware Data breaches Passwords Government

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

JANUARY 25, 2022

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038 , in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December.

Mobile

Mobile Passwords Firmware Firewall

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Firmware

Firmware Encryption Authentication Passwords

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

Source Hackread.com Diaconu was arrested in May 2021 while attempting to leave the United Kingdom 2021 and was extradited to the United States on October 13, 2023. The man operated a series of websites used to sell access to compromised computers worldwide, including servers belonging to companies and individuals in the United States.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 17, 2024

CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT.

Firmware

Firmware Authentication Passwords Hacking

Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks

Security Affairs

DECEMBER 11, 2021

The access to user’s private vault is protected by a personal password, and all the files are automatically encrypted. The software also uses a password hash with insufficient computational effort, as a consequence, an attacker can brute force user passwords leading to unauthorized access to user data.

Passwords

Passwords Software Encryption Hacking

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

DECEMBER 30, 2021

Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues. An attacker can exploit the flaws to obtain user passwords. ” The vulnerabilities have been tracked as CVE-2021-36750 and CVE-2021-36751.

Encryption

Encryption Software Passwords Engineering

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. Implement network segmentation.

Ransomware

Ransomware Passwords Backups Firmware

Fortinet addressed multiple vulnerabilities in several products

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication

Authentication Passwords Hacking Accountability

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. This attack could’ve easily been avoided if Yahoo had invested more in the security infrastructure. In February 2021, several U.S. Weak passwords are the easiest way hackers can hack into a system.

Data breaches

Data breaches Passwords Social Engineering Encryption

Trend Micro fixes 3 flaws in Home Network Security Devices

Security Affairs

MAY 25, 2021

The flaws addressed by the security firm were reported by experts from Cisco Talos. “ TALOS-2021-1230 (CVE-2021-32457) and TALOS-2021-1231 (CVE-2021-32458) are elevation of privilege vulnerabilities that could allow an attacker to obtain elevate permissions on the targeted device.

Network Security

Network Security Authentication Firmware Passwords

Oracle fixes critical RCE vulnerabilities in Weblogic Server

Security Affairs

JULY 22, 2021

Oracle released its Critical Patch Update for July 2021 , it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. and 11.2.5.0.

Authentication

Authentication Passwords Hacking Technology

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

Security Affairs

OCTOBER 11, 2021

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Threat actors are launching extensive password spraying attacks aimed at the target organizations, the malicious campaign was first spotted in July 2021.

Technology

Technology Passwords Accountability Authentication

Top 10 web application vulnerabilities in 2021–2023

BSides Vancouver 2021 – Chris Timmons’s ‘So You Cracked A Bunch Of Passwords. Now What?’

Trending Sources

BSidesKC 2021 – Alex Lauerman’s ‘Passwords are dead? Long live WebAuthn!’

Study reveals top 200 most common passwords

BSides Huntsville 2021 – Steven Kirby’s ‘Requiem For The Password’

Cyber Security Roundup for May 2021

Security Affairs most-read cyber stories of 2021

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

The Consumer Authentication Strength Maturity Model (CASMM)

npm libraries coa and rc. have been hijacked to deliver password-stealing malware

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Black Hat USA 2021 Network Operations Center

A supply chain attack compromised the update mechanism of Passwordstate Password Manager

Ranzy Locker ransomware hit tens of US companies in 2021

Twitter says recently leaked user data are from 2021 breach

Cyber Security Roundup for April 2021

2021 data breach exposed data of 70 Million Luxottica customers

New GoDaddy data breach impacted 1.2 million customers

Venafi Wins 2021 CyberSecurity Breakthrough Awards

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Cyber CEO: A Look Back at Cybersecurity in 2021

Experts found critical flaws in Nagios XI network monitoring software

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

LastPass investigated recent reports of blocked login attempts

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

7 Top Tips for Accelerating your IoT Projects in 2021

Veridium Named Winner in the Coveted Global InfoSec Awards During RSA Conference 2021

Hackers accessed Mint Mobile subscribers’ data and ported some numbers

Your Guide to Hacker Summer Camp 2021

Your Guide to Hacker Summer Camp 2021

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks

Flaws in DataVault encryption software impact multiple storage devices

FBI warns of ransomware attacks targeting the food and agriculture sector

Fortinet addressed multiple vulnerabilities in several products

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Trend Micro fixes 3 flaws in Home Network Security Devices

Oracle fixes critical RCE vulnerabilities in Weblogic Server

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

Stay Connected