2022, Accountability, Authentication and Information Security

Google Authenticator App now supports Google Account synchronization

Security Affairs

APRIL 25, 2023

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account.

Authentication

Authentication Accountability Backups Education

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability

Accountability Phishing Authentication Architecture

Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams

Security Affairs

JULY 5, 2022

Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway.

Scams

Scams Accountability Authentication Cryptocurrency

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

CISA orders federal agencies to patch CVE-2022-26925 by July 22

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. “Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.” Pierluigi Paganini.

Authentication

Authentication Risk Hacking Accountability

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

Security Affairs

NOVEMBER 23, 2022

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. ” continues the advisory.

Authentication

Authentication Encryption Hacking Accountability

Atlassian fixed critical authentication vulnerability in Jira Software

Security Affairs

FEBRUARY 3, 2023

Atlassian has released security updates to address a critical vulnerability in Jira Service Management Server and Data Center, tracked as CVE-2023-22501 (CVSS score: 9.4), that could be exploited by an attacker to impersonate another user and gain unauthorized access to other Jira Service Management instances under certain circumstances.

Authentication

Authentication Software Hacking Accountability

New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts

Security Affairs

OCTOBER 15, 2022

In July 2022, researchers from WithSecure (formerly F-Secure Business) discovered a DUCKTAIL campaign targeting individuals and organizations that operate on Facebook’s Business and Ads platform. The end goal is to hijack Facebook Business accounts managed by the victims. ” reads the analysis published by Zscaler.

Accountability

Accountability Malware Cryptocurrency Media

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads trhe announcement published by DKWOC.

Accountability

Accountability Government Phishing Authentication

Twitter confirms zero-day used to access data of 5.4 million accounts

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. Twitter confirmed that the recent data breach that exposed data of 5.4 At the end of July, a threat actor leaked data of 5.4

Accountability

Accountability Data breaches Authentication Media

Twilio breach let attackers access Authy two-factor accounts of 93 users

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.

Accountability

Accountability Authentication Phishing Data breaches

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. He said that on Oct 2., 2 was not a result of a breach in its systems. But she said that by Oct.

Social Engineering

Social Engineering Engineering Accountability Hacking

GunAuction site was hacked and data of 565k accounts were exposed

Security Affairs

MARCH 2, 2023

At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. TechCrunch was able to verify the authenticity of the data for a sample they analyzed, however it is unclear how recent the data is. New breach: GunAuction[.]com 83% were already in @haveibeenpwned.

Accountability

Accountability Hacking Data breaches Passwords

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Authentication Passwords Accountability

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability

Accountability Education Media Authentication

A flaw in TikTok Android app could have allowed the hijacking of users’ accounts

Security Affairs

SEPTEMBER 1, 2022

Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. ” concludes the report.

Accountability

Accountability Authentication Hacking Mobile

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw

Security Affairs

SEPTEMBER 23, 2022

Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. The CVE-2022-24086 has received a CVSS score of 9.8 reads the advisory published by Adobe.

Media

Media Hacking Malware Accountability

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Security Affairs

MARCH 23, 2022

On March 22, 2022 night the group shared a torrent for a 7zip archive containing 9 GB of Microsoft source code. Microsoft has now confirmed that the attackers have compromised the account of one of its employees gaining limited access to source code repositories. . No customer code or data was involved in the observed activities.

Accountability

Accountability VPN Social Engineering Hacking

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

SEPTEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.

Social Engineering

Social Engineering Engineering Authentication Accountability

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking

Banking Government Information Security Authentication

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

APRIL 3, 2023

” The issues were reported to Microsoft in January and February 2022, following which the tech giant applied fixes and awarded Wiz a $40,000 bug bounty. ’ The shared responsibility model allows application owners to add an authentication function by simply clicking a button. Below is the disclosure timeline: Jan.

Accountability

Accountability Education Media Authentication

Fortinet addressed multiple vulnerabilities in several products

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication

Authentication Passwords Hacking Accountability

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

. “North Korean hacking organizations sometimes infiltrated defense companies directly, and their security is relatively low. Hacking into vulnerable defense industry partners and stealing the defense industry company’s server account information.

Hacking

Hacking Malware Accountability Technology

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.”

Software

Software Accountability Authentication Internet

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

JULY 31, 2022

A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ).

Surveillance

Surveillance Authentication Telecommunications Manufacturing

Okta customer support system breach impacted 134 customers

Security Affairs

NOVEMBER 3, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. ” continues the post.

Data breaches

Data breaches Social Engineering Accountability Authentication

Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram

Security Affairs

JANUARY 30, 2023

A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability affecting Instagram and Facebook. ” reads the post published by the researcher.

Accountability

Accountability Authentication Mobile Hacking

Experts found SSRF flaws in four different Microsoft Azure services

Security Affairs

JANUARY 18, 2023

The researchers successfully exploited two vulnerabilities without requiring any authentication on the Azure Functions and Azure Digital Twins services. The attacks allowed the experts to send requests in the name of the server without even having an Azure account. ” reads the analysis published by Orca.

Authentication

Authentication Hacking Accountability Risk

Fortinet fixed a critical vulnerability in its Data Analytics product

Security Affairs

APRIL 13, 2023

Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution. Successful exploitation can lead to remote, unauthenticated access to Redis and MongoDB instances via crafted authentication requests. ” reads the advisory published by the vendor.

Authentication

Authentication Education Media Hacking

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Security Affairs

NOVEMBER 29, 2022

Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684 , in Fortinet products. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild.

VPN

VPN Firewall Authentication Internet

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . NetWitness PCAP file carving and submission to Cisco Secure Malware Analytics (formerly Threat Grid) for analysis. New Integrations Created at Black Hat Asia 2022. Meraki MR, MS, MX and Systems Manager by Paul Fidler .

Malware

Malware Accountability DNS Technology

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. ” concludes the advisory.

Firmware

Firmware Authentication Passwords Manufacturing

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. CVSS score: 8.1).

Backups

Backups Ransomware Authentication Penetration Testing

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs

MAY 5, 2024

. “The Federal Government’s national attribution procedure regarding this campaign has concluded that, for a relatively long period, the cyber actor APT28 used a critical vulnerability in Microsoft Outlook that remained unidentified at the time to compromise numerous email accounts.” reads the report published by the company.

Government

Government Accountability Cyber Attacks Telecommunications

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker.

Firewall

Firewall Authentication Architecture Backups

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Security Affairs

SEPTEMBER 29, 2023

Authentication is not required to exploit this vulnerability.” An attacker can leverage this vulnerability to execute code in the context of the service account.” ” An anonymous researcher disclosed the flaw through the ZDI on June 6, 2022, and ZDI reported the vulnerability to the vendor on June 14, 2022.

Software

Software Authentication Internet Internet

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The procedures allow administrators to provide device information such as server addresses, account information, and firmware updates. The researchers discovered that client-side authentication while fetching configuration files from the ZTP service is not implemented. ” reads the advisory.

Firmware

Firmware Authentication Passwords Hacking

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Security Affairs

JANUARY 29, 2024

The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords. NTLMv2, which stands for NT LAN Manager version 2, is an authentication protocol used in Microsoft Windows networks.

Passwords

Passwords Authentication Hacking Accountability

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

In this attack scenario, threat actors use one password against many different accounts on the application to avoid account lockouts that would normally trigger when brute forcing a single account with many passwords. ” Microsoft concludes.

Passwords

Passwords Accountability Authentication Hacking

Twitter says recently leaked user data are from 2021 breach

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source: Twitter account @sonoclaudio.

Data breaches

Data breaches Accountability Media Hacking

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

“CertiK analysis reveals that this community manager, account –@BorisVagner (“BorisVagner | SBS” on Discord)– posted a message to BAYC’s Discord server with a phishing link that led to the fake site. This then granted the scam the appearance of authenticity and made it easier to dupe the NFT holders.”

Phishing

Phishing Hacking Accountability Scams

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

PayPal notifies 34942 users of data breach over credential stuffing attack

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. ” reads the letter sent by the company to the affected customers.

Data breaches

Data breaches Identity Theft Accountability Passwords

Okta reveals additional attackers’ activities in October 2023 Breach

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. Many users of the customer support system are Okta administrators.

Social Engineering

Social Engineering Authentication Engineering Accountability

Google Authenticator App now supports Google Account synchronization

EvilProxy used in massive cloud account takeover scheme

Webinars

Trending Sources

Threat actors compromised British Army ’s Twitter, YouTube accounts to promote crypto scams

Webinars

CISA orders federal agencies to patch CVE-2022-26925 by July 22

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

Atlassian fixed critical authentication vulnerability in Jira Software

New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Twitter confirms zero-day used to access data of 5.4 million accounts

Twilio breach let attackers access Authy two-factor accounts of 93 users

Hackers Stole Access Tokens from Okta’s Support Unit

GunAuction site was hacked and data of 565k accounts were exposed

Threat actors hacked the Dropbox Sign production environment

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

A flaw in TikTok Android app could have allowed the hijacking of users’ accounts

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw

It’s official, Lapsus$ gang compromised a Microsoft employee’s account

Social engineering attacks target Okta customers to achieve a highly privileged role

Many Public Salesforce Sites are Leaking Private Data

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Fortinet addressed multiple vulnerabilities in several products

North Korea-linked APT groups target South Korean defense contractors

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

A flaw in Dahua IP Cameras allows full take over of the devices

Okta customer support system breach impacted 134 customers

Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram

Experts found SSRF flaws in four different Microsoft Azure services

Fortinet fixed a critical vulnerability in its Data Analytics product

Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Black Hat Asia 2022 Continued: Cisco Secure Integrations

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Iranian Peach Sandstorm group behind recent password spray attacks

Twitter says recently leaked user data are from 2021 breach

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

New Version of Meduza Stealer Released in Dark Web

PayPal notifies 34942 users of data breach over credential stuffing attack

Okta reveals additional attackers’ activities in October 2023 Breach

Stay Connected