Krebs on Security

DECEMBER 19, 2024

Rumors of a cracked version of Acunetix being used by attackers surfaced in June 2023 on Twitter/X , when researchers first posited a connection between observed scanning activity and Araneida. According to an August 2023 report (PDF) from the U.S. co — first came online in February 2023. 2023 on the forum Cracked.

Hacking 249

Hacking Cybercrime Advertising Data breaches 249

Krebs on Security

MARCH 15, 2023

The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest. While CVE-2023-23397 is labeled as an “Elevation of Privilege” vulnerability, that label doesn’t accurately reflect its severity, said Kevin Breen , director of cyber threat research at Immersive Labs.

Passwords 283

Passwords Cyber threats Authentication Internet 283

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile 339

Mobile Accountability Data breaches Identity Theft 339

Krebs on Security

AUGUST 8, 2023

They were assigned a single placeholder designation of CVE-2023-36884. Satnam Narang , senior staff research engineer at Tenable, said the August patch batch addresses CVE-2023-36884 , which involves bypassing the Windows Search Security feature. out of a possible 10, even though Microsoft rates it as an important flaw, not critical.

Accountability 240

Accountability Engineering Passwords Software 240

Malwarebytes

FEBRUARY 14, 2025

In 2023, data allegedly belonging to Zacks containing 8,615,098 records was leaked online. The data contains names, email addresses, usernames, passwords, phone numbers, addresses, company names, and additional personal information. Change your password. You can make a stolen password useless to thieves by changing it.

Accountability 94

Accountability Data breaches Passwords Phishing 94

Krebs on Security

APRIL 30, 2025

“tylerb”) fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 333

Hacking Accountability Passwords Cybersecurity 333

Malwarebytes

APRIL 16, 2025

Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately. December 2024 saw around 330,000 such incidents, up from around 190,000 in December 2023.

Internet 144

Internet Internet Passwords Artificial Intelligence 144

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S. Postal Service customers.

Phishing 301

Phishing Scams Mobile Authentication 301

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 259

Hacking Government Identity Theft Accountability 259

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems.

Cybercrime 344

Cybercrime Passwords Authentication Malware 344

Security Affairs

FEBRUARY 10, 2025

Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. reads a Form 8-K filing with the SEC.

Accountability 65

Accountability Passwords Marketing Cybersecurity 65

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 339

Accountability Cryptocurrency Passwords DNS 339

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. In January 2023 a witness confirmed there had been a data breach, which prompted the Indiana OIG to initiate a wider investigation to assess compliance with the HIPAA rules and state laws.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Zero Day

JUNE 6, 2025

X Trending Memorial Day tech sales 2025 Memorial Day TV sales 2025 Memorial Day lawn & outdoor sales 2025 Memorial Day phone sales 2025 Memorial Day health tracker sales 2025 Memorial Day headphone sales 2025 Memorial Day laptop sales 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best (..)

Password Management 128

Password Management Passwords Software Artificial Intelligence 128

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. . Then on Aug.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business 98

Small Business Cybersecurity Scams Passwords 98

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. Image: KrebsOnSecurity.

Marketing 363

Marketing Cybercrime Passwords Banking 363

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 109

Architecture Internet Internet Malware 109

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 274

Retail Advertising Cryptocurrency Cybercrime 274

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction.

Accountability 144

Accountability Passwords Internet Internet 144

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 125

Healthcare Data breaches Passwords Identity Theft 125

Krebs on Security

NOVEMBER 29, 2023

20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Authentication 312

Authentication Accountability Antivirus Passwords 312

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Earlier this year, AT&T reset passwords for millions of customers after the company finally acknowledged a data breach from 2018 involving approximately 7.6

Data breaches 347

Data breaches Passwords Authentication Accountability 347

Security Affairs

JANUARY 13, 2024

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. CVE-2023-4812 : Bypass CODEOWNERS approval removal.

Accountability 138

Accountability Passwords Hacking Information Security 138

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. The campaign targeted thousands of organizations worldwide between February and July 2023. ” Microsoft concludes.

Passwords 139

Passwords Accountability Authentication Hacking 139

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. The atlasbiomed.com domain appears to be inactive.

Insurance 145

Insurance Accountability Risk Data breaches 145

Krebs on Security

APRIL 18, 2023

In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices. MrMurza also told the admin that his account number at the now-defunct virtual currency Liberty Reserve was U1018928. The password chosen by this user was “ 1232.”

Malware 305

Malware Passwords Accountability Advertising 305

The Hacker News

MAY 1, 2024

Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email

Passwords 141

Passwords Accountability Cybersecurity 141

The Last Watchdog

MARCH 19, 2025

Holistic Identity: The New Cyber Battleground Organizations have traditionally focused on securing individual account credentials, but SpyClouds research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. ” Additional Report Findings: 17.3 ” Additional Report Findings: 17.3

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Threat actors exploited reused passwords obtained from third-party websites.

Accountability 140

Accountability Passwords Data breaches Hacking 140

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Mitigation: do not store files containing sensitive data, such as passwords or backups, in web application publish directories.

Passwords 140

Passwords Authentication Architecture Risk 140

Malwarebytes

JANUARY 16, 2024

The vulnerability allows a successful attacker to easily take over users’ accounts without any interaction. As we can see from the description in the database, the root of the problem is that it’s possible to direct password reset emails to unverified email addresses. Do not skip upgrade stops as this could create instability.

Accountability 136

Accountability Passwords Authentication Password Management 136

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. RESEARCHER DISCOVERED A NEW LOCK SCREEN BYPASS BUG FOR ANDROID 14 AND 13 Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. TWO SPYWARE SENDING DATA OF MORE THAN 1.5M

Cybersecurity 135

Cybersecurity Spyware Data breaches Passwords 135

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware 137

Malware Software Passwords Cryptocurrency 137

Malwarebytes

NOVEMBER 7, 2023

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. Change your password. Watch out for fake vendors.

Accountability 138

Accountability Passwords Data breaches Phishing 138