SecureList

MAY 6, 2024

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 81

Phishing Banking Mobile Scams 81

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 302

Mobile Accountability Data breaches Identity Theft 302

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction.

Accountability 129

Accountability Passwords Internet Internet 129

Bleeping Computer

JANUARY 26, 2024

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. [.]

Accountability 139

Accountability Hacking 139

Bleeping Computer

FEBRUARY 12, 2024

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. [.]

Accountability 121

Accountability Phishing 121

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Your account may have been one of those accessed.” ” continues the notification.

Accountability 109

Accountability Passwords Data breaches Hacking 109

Bleeping Computer

JANUARY 24, 2024

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. [.]

Accountability 135

Accountability Internet Internet 135

The Hacker News

SEPTEMBER 26, 2022

Wearable technology company Fitbit has announced a new clause that requires users to switch to a Google account "sometime" in 2023. "In In 2023, we plan to launch Google accounts on Fitbit, which will enable use of Fitbit with a Google account," the Google-owned fitness devices maker said.

Accountability 88

Accountability Technology 88

Security Affairs

JANUARY 13, 2024

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. CVE-2023-4812 : Bypass CODEOWNERS approval removal.

Accountability 115

Accountability Passwords Hacking Information Security 115

Bleeping Computer

DECEMBER 4, 2023

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [.]

Accountability 135

Accountability 135

Security Affairs

DECEMBER 23, 2023

The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data. The LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to disclose the alleged stolen data. Account balances. Xeinadin has over 60,000 clients across the UK and Ireland.

Accountability 123

Accountability Ransomware Data breaches Hacking 123

Thales Cloud Protection & Licensing

NOVEMBER 1, 2023

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes. Here at Thales, we believe that our research can transform the cybersecurity landscape for the better.

Marketing 144

Marketing Cybersecurity Technology CISO 144

Security Affairs

OCTOBER 18, 2023

Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Then they used the password to login to the admin account (after enabling it). The vendor addressed the vulnerability with the release of updates in June 2023. 64561 or above.”

Accountability 122

Accountability Passwords Hacking Internet 122

Anton on Security

APRIL 20, 2023

The famous Mandiant 2023 M-Trends (NOT G-Trends, mind you…) report is out, and here are some of the things that I found to be surprising and NOT surprising :-) Mandiant M-Trends 2023 Detection by Source SURPRISING “Mandiant experts note a decrease in the percentage of global intrusions involving ransomware between 2021 and 2022.

Social Engineering 130

Social Engineering Ransomware Cybercrime Cybersecurity 130

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 104

Ransomware Data collection Hacking Cybersecurity 104

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Accountability 103

Accountability Government Phishing Authentication 103

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts.

Cybersecurity 107

Cybersecurity Spyware Data breaches Passwords 107

Security Affairs

FEBRUARY 3, 2024

A vulnerability impacting the decentralized social network Mastodon can be exploited by threat actors to impersonate and take over any account. A security flaw, tracked as CVE-2024-23832 (CVSS score 9.4), in the decentralized social network Mastodon can be exploited to impersonate and take over any account. ” reads the advisory.

Accountability 104

Accountability Media Hacking Information Security 104

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 Additionally, Google Play strengthened its developer onboarding and review procedures, requesting a more accurate identification during account setup. These efforts resulted in the ban of 333,000 accounts for confirmed malware and repeated severe policy breaches.

Accountability 96

Accountability Malware Hacking Risk 96

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection. More than a third (39%) used the microservice architecture.

Passwords 101

Passwords Authentication Architecture Risk 101

Malwarebytes

NOVEMBER 7, 2023

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. Take your time.

Accountability 127

Accountability Passwords Data breaches Phishing 127

SecureList

DECEMBER 4, 2023

The statistics in this report cover the period from November 2022 through October 2023. Prevented the launch of malware designed to steal money via online access to bank accounts on the devices of 325 225 users. Fill the form below to download the Kaspersky Security Bulletin 2023. Found 106,357,530 unique malicious URLs.

Banking 88

Banking Malware Ransomware Accountability 88

Security Boulevard

JANUARY 16, 2024

GitLab is releasing a patch to fix a vulnerability in its email verification process that bad actors can exploit to reset user passwords and take over accounts. The flaw, CVE-2023-7028, was introduced in May 2023 in GitLab 16.1.0, in which a change was made that allowed users to reset their password through a secondary email.

Passwords 69

Passwords Accountability Software Cybersecurity 69

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 119

Ransomware Manufacturing Retail Insurance 119

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 125

Internet Internet Software Accountability 125

Malwarebytes

JANUARY 16, 2024

The vulnerability allows a successful attacker to easily take over users’ accounts without any interaction. CVE-2023-7028 ( CVSS score 10 out of 10): an issue has been discovered in GitLab CE/EE affecting all versions from 16.1 in which user account password reset emails could be delivered to an unverified email address.

Accountability 111

Accountability Passwords Authentication Password Management 111

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 118

Software Accountability Authentication Internet 118

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 264

Hacking Accountability Passwords Cybersecurity 264

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 120

Spyware Surveillance Software Hacking 120

Malwarebytes

FEBRUARY 6, 2024

The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware 107

Ransomware Cybercrime Malware Social Engineering 107

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 123

Accountability Data collection Cyber threats Cybersecurity 123

The Hacker News

JUNE 20, 2023

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials.

Accountability 110

Accountability Cybercrime 110

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. In September, they had a staggering 53 victims.

Ransomware 121

Ransomware Social Engineering Backups Engineering 121

Security Boulevard

JULY 21, 2023

Navigating Uncharted Waters: A look at auditing reforms in 2023 and the use of audit analyticsFor auditors, 2023 is shaping up to be an unprecedented year. Since 2021, there has been a notable surge in the efforts of financial and accounting regulators to address audit quality.

Accountability 96

Accountability 96

Malwarebytes

NOVEMBER 15, 2023

Just days later, the account announced that it was “putting an end to” the group after learning that six of its affiliates may have been arrested. Formed around 2016 to defend Ukraine’s cyberspace against Russian interference, the UCA used a public exploit for CVE-2023-22515 to gain access to Trigona infrastructure.

Ransomware 97

Ransomware Education Backups Cyber Insurance 97

Malwarebytes

FEBRUARY 9, 2024

2023 was an explosive year for ransomware. Through thec onsistenciess and evolutions over the last year, one fact remains clear: 2023 broke records with its total number of 4475 ransomware attacks, a 70% increase from 2022. Together, the top 10 sectors accounted for 80% of all ransomware attacks.

Ransomware 73

Ransomware Education Social Engineering Manufacturing 73

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 105

Social Engineering Authentication Engineering Accountability 105