2022, Authentication, Information Security and Passwords

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords

Passwords Authentication Hacking Accountability

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium , APT33 , Elfin , and Magic Hound ).

Passwords

Passwords Accountability Authentication Hacking

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% The post Slack resets passwords for about 0.5% Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions. The company, with reported revenue of $950 million in 2022, is a trusted strategic partner to more than 40 US Federal agencies.

Passwords

Passwords Penetration Testing Engineering Manufacturing

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Authentication Passwords Accountability

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

DECEMBER 2, 2022

CyRC experts warn of weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities in the three apps. “An exploit of the authentication and authorization vulnerabilities could allow remote unauthenticated attackers to execute arbitrary commands. PC Keyboard versions 30 and prior.

Hacking

Hacking Authentication Mobile Passwords

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of incentive to focus on what works best in achieving their goals.

IoT

IoT Phishing Passwords Scams

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management

Password Management Cryptocurrency Passwords Authentication

Pro-Russia hackers target critical infrastructure in North America and Europe

Security Affairs

MAY 2, 2024

The threat actors were observed using methods such as exploiting virtual network computing (VNC) remote access software and default passwords. The malicious activity began in 2022 and is still ongoing. ” The pro-Russia hacktivists tend to over exaggerate their the effects of the attacks. ” concludes the advisory.

Passwords

Passwords Internet Internet Software

Fortinet addressed multiple vulnerabilities in several products

Security Affairs

JULY 9, 2022

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Authentication

Authentication Passwords Hacking Accountability

LastPass revealed that intruders had internal access for four days during the August hack

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. ” ?? . the developer?had ” states the notice.

Hacking

Hacking Password Management Passwords Authentication

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Security Affairs

NOVEMBER 10, 2022

The vulnerability, CVE-2022-0902 (CVSS score: 8.1), is a path-traversal issue that can be exploited by an attacker to inject and execute arbitrary code. “Team82 found a high-severity path-traversal vulnerability (CVE-2022-0902) in ABB’s TotalFlow Flow Computers and Remote Controllers. ” concludes the advisory.

Firmware

Firmware Authentication Passwords Manufacturing

Fortinet fixed 16 vulnerabilities, 6 rated as high severity

Security Affairs

NOVEMBER 3, 2022

One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374 , in Log pages of FortiADC. Another issue addressed by the company is a command injection in CLI command, tracked as CVE-2022-33870 , of FortiTester. The full list of vulnerabilities addressed in November 2022 is available here. Pierluigi Paganini.

Firewall

Firewall Authentication Passwords Hacking

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

.” The vulnerabilities, tracked as CVE-2023-27357 , CVE-2023-27367 , CVE-2023-27368 , CVE-2023-27369 , CVE-2023-27370 , were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit. “NETGEAR is aware of multiple security vulnerabilities on the RAX30. We are in the final!

Hacking

Hacking Firmware Authentication DNS

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Security Affairs

FEBRUARY 27, 2023

Password management software firm LastPass disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. The hackers installed a keylogger on the DevOp engineer’s computed and captured his master password.

Engineering

Engineering Backups Data breaches Passwords

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

The flaws were discovered by BitSight researchers, they have been tracked as CVE-2022-2107; CVE-2022-2141; CVE-2022-2199; CVE-2022-34150; and CVE-2022-33944. CVE-2022-2141 (CVSS score: 9.8) – Improper authentication allows a user to send some SMS commands to the GPS tracker without a password.

Manufacturing

Manufacturing Passwords Mobile Authentication

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Security Affairs

AUGUST 14, 2023

The researchers discovered that client-side authentication while fetching configuration files from the ZTP service is not implemented. The researchers also discovered multiple authentication issues in the cryptographic routines of AudioCodes VoIP desk phones.

Firmware

Firmware Authentication Passwords Hacking

Incident response analyst report 2023

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Ransomware targeted organizations indiscriminately, regardless of industry.

Ransomware

Ransomware Authentication Passwords Government

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

SEPTEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. The provider reported also that the threat actor removed the second factor for authentication policies. The company did not attribute the attack to a specific threat actor.

Social Engineering

Social Engineering Engineering Authentication Accountability

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

AUGUST 5, 2022

RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bulk of the malware code contains an implementation of an SSH 2.0

IoT

IoT Malware Passwords Authentication

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Security Affairs

AUGUST 13, 2023

The CVE-2022-47391 received a severity rating of 7.5, “The discovery of these vulnerabilities highlights the critical importance of ensuring the security of industrial control systems and underscores the need for continuous monitoring and protection of these environments.” ” reads the advisory published by Microsoft.

Authentication

Authentication Firmware Hacking Passwords

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

The company pointed out that no one’s content, passwords, or payment information were accessed, it also remarked that the issue was quickly resolved. The investigation revealed that the code accessed by the attackers contained some credentials, primarily, API keys, used by the development team.

Phishing

Phishing Authentication Passwords Accountability

Social Blade discloses security breach

Security Affairs

DECEMBER 16, 2022

million records dated September 2022. “Looking to sell SocialBlade.com dumped September 2022. The exposed data include email addresses, password hashes, client IDs, IP addresses, and tokens for business API users, authentication tokens for connected accounts, and non-personal and internal data was compromised.

Data breaches

Data breaches Passwords Media Phishing

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware

Ransomware Backups VPN Authentication

Malware-laced npm packages used to target Discord users

Security Affairs

JULY 29, 2022

The malicious code can detect when a user logs in, change email or password, enable/disable multi-factor authentication (MFA) and add new payment methods, including complete bank card details. 2022-07-17 20:28:29 small-sm 4.2.0 2022-07-17 19:47:56 small-sm 4.0.0 2022-07-17 19:43:57 small-sm 1.1.0

Malware

Malware Banking Authentication Passwords

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . NetWitness PCAP file carving and submission to Cisco Secure Malware Analytics (formerly Threat Grid) for analysis. New Integrations Created at Black Hat Asia 2022. Meraki MR, MS, MX and Systems Manager by Paul Fidler .

Malware

Malware Accountability DNS Technology

Twitter: 200M dataset was not obtained through the exploitation of flaws in its systems

Security Affairs

JANUARY 12, 2023

million user accounts reported in November were the same exposed in August 2022. None of the datasets analyzed contained passwords or information that could lead to passwords being compromised. The company has found “no evidence” that the data were obtained by hacking into its systems. ” said Gal.

Data breaches

Data breaches Authentication Passwords Hacking

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Security Affairs

APRIL 15, 2022

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass authentication and log in to the device through the management interface. or Release 8.10.162.0

Wireless

Wireless Software Authentication Mobile

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

AiTM phishing allows threat actors to circumvent multifactor authentication (MFA) through reverse-proxy functionality. The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. As of this writing, the actor offers the tool for $300, with VIP licenses at $1,000.

Phishing

Phishing Cybercrime Authentication Mobile

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

The group gained access to the network of a defense industry company since November 2022. The hackers deployed a malware and took control of the company’s internal network and exfiltrared important data from, including information stored on the computers of employees in the development team. concludes the advisory.

Hacking

Hacking Malware Accountability Technology

Black Hat Europe 2022 NOC: When planning meets execution

Cisco Security

DECEMBER 22, 2022

2022 was Cisco’s sixth year as a NOC partner for Black Hat Europe. We used experiences of Black Hat Asia 2022 and Black Hat USA 2022 to refine the planning for network topology design and equipment. Below are our fellow NOC partners providing hardware, to build and secure the network, for our joint customer: Black Hat.

Engineering

Engineering Mobile Malware Wireless

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” The CVE-2023-30799 flaw can be exploited by a remote and an authenticated attacker to escalate privileges from admin to ‘super-admin’ which allows it to get a root shell on the router.

Hacking

Hacking Passwords Authentication Encryption

PayPal notifies 34942 users of data breach over credential stuffing attack

Security Affairs

JANUARY 20, 2023

The company is sending out breach notification letters to the impacted customers, threat actors had access to names, addresses, Social Security Numbers, individual tax identification numbers, dates of birth for PayPal users, and of course transaction histories. ” reads the letter sent by the company to the affected customers.

Data breaches

Data breaches Identity Theft Accountability Passwords

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

MARCH 5, 2022

FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022. The leaked data includes information related to the company's source code, and WellPro projects. OpRussia #FCKPTN pic.twitter.com/KVJ5Je47Aj — Anonymous TV (@YourAnonTV) March 4, 2022. ” reported Avionews.

Hacking

Hacking Government Banking Media

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

Researchers from FortiGuard Labs first discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. ” We are in the final!

IoT

IoT Malware Passwords Authentication

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

Security Affairs

NOVEMBER 18, 2022

Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center , and in the Bitbucket Server and Data Center , a self-managed solution that provides source code collaboration for professional teams. ” reads the advisory. .

Authentication

Authentication Passwords Hacking Information Security

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

We talked about NAS devices and ransomware in the weekly review 37/2022.” ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware

Ransomware Backups VPN Authentication

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Below are some cases included in the alert: April 2022: Threat actors posing as an employee of a healthcare company with more than 175 medical providers changed Automated Clearing House (ACH) instructions of one of their payment processing vendors to redirect the payments. Require all accounts with password logins (e.g.,

Healthcare

Healthcare Social Engineering Accountability Passwords

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

pic.twitter.com/wOCdRqOJej — NEXTA (@nexta_tv) March 6, 2022. Spurred into action by the invasion of Ukraine, Spielerkid89 decided to investigate whether he could find Russian IPs with disabled authentication to fool with. Ideally, VNC should be used only with authenticated users, such as system administrators.

Authentication

Authentication Cyber Attacks System Administration Internet

Black Hat Asia 2022: Building the Network

Cisco Security

MAY 26, 2022

Not only that, because of the training events happening during the week, as well as TWO dedicated SSIDs for the Registration and lead tracking iOS devices (more of which later), one for initial provisioning (which was later turned off), and one for certificated based authentication, for a very secure connection. Network Visibility.

Wireless

Wireless Mobile Engineering Firewall

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

Okta customer support system breach impacted 134 customers

Security Affairs

NOVEMBER 3, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. ” continues the post.

Data breaches

Data breaches Social Engineering Accountability Authentication

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Iranian Peach Sandstorm group behind recent password spray attacks

Webinars

Trending Sources

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Webinars

Defense contractor Belcan leaks admin password with a list of flaws

Threat actors hacked the Dropbox Sign production environment

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Top 5 Attack Vectors to Look Out For in 2022

New Version of Meduza Stealer Released in Dark Web

Pro-Russia hackers target critical infrastructure in North America and Europe

Fortinet addressed multiple vulnerabilities in several products

LastPass revealed that intruders had internal access for four days during the August hack

A bug in ABB Totalflow flow computers exposed oil and gas companies to attack

Fortinet fixed 16 vulnerabilities, 6 rated as high severity

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Incident response analyst report 2023

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Social engineering attacks target Okta customers to achieve a highly privileged role

New Linux botnet RapperBot brute-forces SSH servers

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS?

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Social Blade discloses security breach

Akira ransomware targets Finnish organizations

Malware-laced npm packages used to target Discord users

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Twitter: 200M dataset was not obtained through the exploitation of flaws in its systems

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

North Korea-linked APT groups target South Korean defense contractors

Black Hat Europe 2022 NOC: When planning meets execution

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

PayPal notifies 34942 users of data breach over credential stuffing attack

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Atlassian fixed 2 critical flaws in Crowd and Bitbucket products

China-linked threat actors have breached telcos and network service providers

Akira ransomware targets Finnish organizations

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Hacker breaches key Russian ministry in blink of an eye

Black Hat Asia 2022: Building the Network

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Okta customer support system breach impacted 134 customers

Stay Connected