Security Affairs

JUNE 5, 2024

A vulnerability in the popular video-sharing platform TikTok allowed threat actors to take over the accounts of celebrities. Threat actors exploited a zero-day vulnerability in the video-sharing platform TikTok to hijack high-profile accounts. The compromised accounts did not post content, and the extent of the impact is unclear.

Accountability 136

Accountability Hacking Malware Information Security 136

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 145

Accountability Hacking Banking Government 145

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry. I sent the unlock command.

Hacking 128

Hacking Accountability Authentication Passwords 128

Security Affairs

NOVEMBER 21, 2024

Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts. Victims included gaming, telecom, and cryptocurrency firms, with losses reaching millions in stolen cryptocurrency and data from hundreds of thousands of accounts.

Cybercrime 112

Cybercrime Identity Theft Cryptocurrency Phishing 112

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

IoT 138

IoT VPN Cybersecurity Hacking 138

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. Follow me on Twitter: @securityaffairs and Facebook.

Scams 145

Scams Accountability Mobile Hacking 145

Security Affairs

OCTOBER 15, 2024

post-April 2022. The malicious code intercepts declined magnetic swipe transactions and authorizes them with random amounts in Turkish Lira for specific cardholder accounts. The previously undetected Linux variant was first submitted to VirusTotal in June 2023, however it was likely developed on a VMware VM for Ubuntu 20.04

Malware 135

Malware Banking Hacking Accountability 135

Security Affairs

OCTOBER 16, 2024

“All information related to the cybercriminal has already been handed over to the authorities. Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. The man used of the same email and phrases across social media and forums.

Data breaches 129

Data breaches Media Cybercrime Accountability 129

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 137

Accountability Phishing Passwords Hacking 137

Security Affairs

NOVEMBER 15, 2024

In February 2022, Ilya Lichtenstein (35) and his wife, Heather Morgan (32), were arrested for alleged conspiracy to launder $4.5 The duo used fake identities to set up online accounts and software to automate transactions, exchanged part of stolen funds into gold coins and other crypto assets, and used mixing services like ChipMixer.

Cryptocurrency 107

Cryptocurrency Hacking Government Accountability 107

Krebs on Security

APRIL 27, 2023

Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant’s full name, Social Security number, address, phone number, email, and bank account number.

Banking 344

Banking Government Information Security Authentication 344

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 331

Malware Software Technology Accountability 331

Security Affairs

FEBRUARY 19, 2025

Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence.

Phishing 83

Phishing Accountability Social Engineering Malware 83

Security Affairs

MAY 23, 2022

“I found that we can pass another tokens type, and this leads to stealing money from victim’s PayPal account.” “there are online services that let you add balance using Paypal to your account for example steam! I can use the same exploit and force the user to add money to my account!”

Accountability 133

Accountability Hacking Cybersecurity Information Security 133

Security Affairs

OCTOBER 23, 2024

Here, Data Security Posture Management (DSPM) comes into play– an essential solution for addressing evolving data security and privacy requirements. What is Data Security Posture Management? DSPM also provides visibility of security and privacy posture, alerting potential gaps.

Data privacy 128

Data privacy Unstructured Data Risk Data breaches 128

Security Affairs

JUNE 9, 2025

accounts to hide their origins. citizen, hosting company laptops at his home, unauthorized software installation to facilitate access, and laundering payments for the remote work through accounts linked to North Korean and Chinese individuals. According to a May 2022 advisory, they can earn up to $300,000 annually each.

Scams 98

Scams Identity Theft Cryptocurrency Accountability 98

eSecurity Planet

JUNE 7, 2022

They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. Application security, information security, network security, disaster recovery, operational security, etc.

Cybersecurity 127

Cybersecurity Identity Theft Encryption Antivirus 127

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. ” reads trhe announcement published by DKWOC. “Activities using CVE-2023-23397 were first discovered by CERT-UA[2] and publicly described by Microsoft[3].

Accountability 132

Accountability Government Authentication Phishing 132

Security Affairs

JUNE 6, 2025

.” Maxim Rudometov has been closely involved with the RedLine infostealer operation, regularly managing its technical infrastructure and handling cryptocurrency accounts used to receive and launder payments. After Russia’s invasion of Ukraine in February 2022, Rudometov reportedly fled to Krasnodar, Russia.

Malware 81

Malware Passwords Identity Theft Government 81

SecureList

FEBRUARY 20, 2025

Human-driven targeted attacks accounted for 43% of high-severity incidents 74% more than in 2023 and 43% more than in 2022. A significant number of incidents are linked to unauthorized changes, such as adding accounts to privileged groups or weakening secure configurations. Human-driven targeted attacks are increasing.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

Zero Day

JUNE 6, 2025

Collectively, they could easily put affected customers at risk for account takeovers and identity theft. Affecting "nearly all AT&T cellular customers," the company said at the time that the data included phone numbers and certain phone call data stemming from May 1, 2022, to October 31, 2022, and on January 2, 2023.

Password Management 98

Password Management Passwords Artificial Intelligence Software 98

Security Affairs

DECEMBER 17, 2024

” The Remote Access Trojan (RAT) has been active since July 2022. . “Private sector partners are encouraged to implement the recommendations listed in the Mitigation column of the table below to reduce the likelihood and impact of these attack campaigns.” The feds urge to report any signs of compromise to the FBI or IC3.

Architecture 110

Architecture Internet Internet Malware 110

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. build and the then-canary 22.9

Phishing 315

Phishing Architecture Passwords Accountability 315

Security Affairs

JULY 29, 2022

Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. Once installed the Questions for Confluence app (versions 2.7.34, 2.7.35, and 3.0.2), a Confluence user account with the username “ disabledsystemuser ” is created.

Passwords 137

Passwords Accountability Hacking Ransomware 137

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities.

Phishing 135

Phishing Accountability Information Security Cyber Attacks 135

Security Affairs

NOVEMBER 20, 2023

US teenager Joseph Garrison (19) has pleaded guilty to his involvement in a credential stuffing campaign that targeted user accounts at a fantasy sports and betting website.3 3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts.

Accountability 140

Accountability Hacking Passwords Cybercrime 140

SecureList

NOVEMBER 23, 2021

For example, a popular tactic in spyware attacks is now to send phishing e-mails from compromised corporate mail accounts of a partner organization of the intended victim. And plans to improve information security and introduce new protection tools and measures are predicated, in some way, on the chosen adversary model.

Spyware 139

Spyware Phishing Cybercrime Energy and Utilities 139

Security Affairs

DECEMBER 3, 2024

At the time, cryptocurrency security firm Elliptic reported that this incident would be the eighth-largest crypto heist of all time, and the largest since the $477 million hack suffered by FTX, in November 2022. SBI VC Trade published a notice regarding the basic agreement on the transfer of accounts and assets held by DMM Bitcoin.

Cryptocurrency 64

Cryptocurrency Financial Services Accountability Hacking 64

Security Affairs

FEBRUARY 11, 2022

One of the vulnerabilities is an elevation of privilege vulnerability in Microsoft Windows SAM (Security Accounts Manager) vulnerability. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.An ” reads the advisory published by Microsoft.

IoT 141

IoT Accountability Authentication Hacking 141

Security Affairs

APRIL 7, 2025

“In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” He was accused of stealing at least $800,000 from five victims between August 2022 and March 2023. ” reported News4Jax.

Cybercrime 68

Cybercrime Identity Theft Social Engineering Hacking 68

Security Affairs

MARCH 3, 2025

An attacker could exploit the vulnerability to run arbitrary code in kernel mode, and then install programs; view, change, or delete data; or create new accounts with full user rights. The US Agency also added two Hitachi Vantara Pentaho BA Server flaws, respectively tracked as CVE-2022-43939 and CVE-2022-43769 , to the catalog.

Small Business 60

Small Business Authentication Hacking Accountability 60

Security Affairs

SEPTEMBER 16, 2022

— Uber Comms (@Uber_Comms) September 16, 2022. According to the New York Times , the threat actors hacked an employee’s Slack account and used it to inform internal personnel that the company had “suffered a data breach” and provided a list of allegedly hacked internal databases.

Hacking 144

Hacking Data breaches Information Security Engineering 144

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime 145

Cybercrime Education Accountability Phishing 145

Security Affairs

APRIL 4, 2022

pic.twitter.com/BQSB2uV1JW — Life in DeFi (@lifeindefi) April 3, 2022. 1/ — Trezor (@Trezor) April 3, 2022. A statement shared by Mailchimp CISO Siobhan Smyth with TechCrunch revealed that the company discovered the security breach on March 26. You may want to warn everyone.

Phishing 139

Phishing Data breaches Cryptocurrency Social Engineering 139

SecureList

DECEMBER 12, 2023

Every year is abundant with major data leaks, biggest data breaches and hacks drawing massive media attention (such as Medibank and Optus data breach, Twitter data breach, and Uber and Rockstar compromise in 2022 and in T-Mobile , MailChimp and OpenAI in 2023). But are we really conscious of the true scale of the threat?

Data breaches 131

Data breaches Accountability Telecommunications Malware 131

Security Affairs

NOVEMBER 4, 2022

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10 th edition of the annual report and analyzes events that took place between July 2021 and July 2022. ENISA Threat Landscape Report 2022.

Cyber threats 143

Cyber threats Phishing Social Engineering Ransomware 143

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.

Authentication 144

Authentication Passwords Hacking Accountability 144