Krebs on Security

NOVEMBER 1, 2024

.” “That said, the phishing attacks stem from partners’ machines being compromised with malware, which has enabled them to also gain access to the partners’ accounts and to send the messages that your reader has flagged,” they continued. Snowflake responded by making 2FA mandatory for all new customers.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN 131

VPN Ransomware Firewall Internet 131

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry.

Hacking 127

Hacking Accountability Authentication Passwords 127

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords 122

Passwords Accountability Authentication Malware 122

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 116

Phishing Authentication Telecommunications Accountability 116

Security Affairs

DECEMBER 9, 2024

The Brain Cipher ransomware group has been active since at least April 2024.On On June 20, 2024, the group targeted an Indonesian data center causing the disruption of around 210 critical government services, including customs and immigration. Deloitte has faced hacking claims twice recently.

Hacking 125

Hacking Ransomware Accountability Architecture 125

Security Affairs

FEBRUARY 2, 2025

The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. In 2024, its U.S.

Spyware 110

Spyware Hacking Surveillance Malware 110

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing 285

Phishing Malware Scams Passwords 285

Schneier on Security

APRIL 9, 2024

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred.

Hacking 328

Hacking Government Accountability Technology 328

Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. In case you missed any of them, here’s a recap of 2024’s most-read stories.

Scams 241

Scams Cybercrime Cryptocurrency Social Engineering 241

Malwarebytes

FEBRUARY 14, 2025

In October 2024, we found data reported to belong to Zacks containing 8,441 records which includes email addresses, physical addresses, phone numbers, and full names, and potentially other compromised user details. This would be the 2nd (hacked back in 2020) major data breach for Zacks. Check the vendors advice. Take your time.

Accountability 99

Accountability Data breaches Passwords Phishing 99

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 132

Backups VPN Ransomware Authentication 132

Krebs on Security

APRIL 30, 2025

prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024. ” U.S.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware 116

Ransomware Identity Theft Data breaches Cyber threats 116

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 127

Firewall Authentication Accountability Risk 127

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

OCTOBER 14, 2024

The data breach occurred on August 17, 2024 and was discovered two days later, on August 19, 2024. “Between August 17 and August 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established.

Data breaches 135

Data breaches Financial Services Accountability Hacking 135

Krebs on Security

NOVEMBER 14, 2024

Nor did he respond to reporting here in January 2024 that he ran an IT company with a 34-year-old Russian man named Aleksandr Ermakov , who was sanctioned by authorities in Australia, the U.K. Shefel says he is now flat broke, and that he currently has little to show for a storied hacking career.

Retail 274

Retail Advertising Cryptocurrency Cybercrime 274

Security Affairs

OCTOBER 17, 2024

A critical, Kubernetes Image Builder vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), could allow attackers to gain root access if exploited under specific conditions. The fixed version sets a randomly-generated password for the duration of the image build and it disables the builder account at the conclusion of the image build.

Accountability 135

Accountability Passwords Hacking Cybersecurity 135

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) ” On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. CISA orders federal agencies to fix this vulnerability by November 11, 2024.

Encryption 124

Encryption Hacking Accountability Cybersecurity 124

Security Affairs

MAY 27, 2025

A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch police security breach in September 2024. In October 2024, the Dutch police blamed a state actor for the recent data breach that exposed officers contact details, the justice minister told lawmakers.

Data breaches 79

Data breaches Government Hacking Manufacturing 79

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts. million in restitution.

Scams 126

Scams Phishing Identity Theft Accountability 126

Security Affairs

DECEMBER 4, 2024

Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine.

Backups 114

Backups Ransomware Accountability Hacking 114

Security Affairs

FEBRUARY 3, 2025

The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” ” reads Google’s bulletin.

Media 117

Media Authentication Hacking Accountability 117

Graham Cluley

MAY 20, 2025

pleaded guilty to charges related to the January 2024 hack of the US Securities and Exchange Commission's (SEC) Twitter account, which saw a fake announcement about the Bitcoin cryptocurrency posted to its followers. Eric Council Jr. Read more in my article on the Hot for Security blog.

Hacking 98

Hacking Cryptocurrency Accountability 98

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. The experts observed a phishing campaign targeting Microsoft 365 users with adversary-in-the-middle attacks that has surged since August 2024. ” concludes the report.

Phishing 114

Phishing Accountability Authentication Advertising 114

Security Affairs

OCTOBER 23, 2024

For instance, organizations can leverage DSPM to detect and catalog personally identifiable information (PII) spread across the organization’s data stores, SaaS services, or multi-cloud accounts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, DSPM)

Data privacy 127

Data privacy Unstructured Data Risk Data breaches 127

Schneier on Security

MAY 17, 2024

The seizure messages include ways to contact the FBI about the seizure, including an email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3). “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc ”

Hacking 311

Hacking Accountability Ransomware Internet 311

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft SharePoint Deserialization Vulnerability CVE-2024-38094 (CVSS v4 score: 7.2) CISA orders federal agencies to fix this vulnerability by November 12, 2024. to its Known Exploited Vulnerabilities (KEV) catalog. ” reads the advisory published by Microsoft.

Encryption 123

Encryption Authentication Cybersecurity Accountability 123

Security Affairs

DECEMBER 6, 2024

.” Declassified documents from Romania’s security services revealed that Calin Georgescu, the pro-Russian presidential candidate, was “aggressively” promoted on TikTok through coordinated accounts and paid ads. 756/2024 and the implementation calendar approved by Government Decision no.

Government 140

Government Cybercrime Cyber Attacks Hacking 140

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 127

Cyber Attacks Telecommunications Data breaches Banking 127

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” Researchers attributed the hack of Harmonys Horizon bridge and Sky Mavis Ronin Bridge to North Korea-linked threat actors.

Cryptocurrency 124

Cryptocurrency Social Engineering Hacking Cybercrime 124

Security Affairs

DECEMBER 8, 2024

Anna Jaques Hospital completed the forensic investigation on November 5, 2024 and determined that the incident impacted 316,342 patients. While we conducted our investigation, out of anbundance of caution, on Janurary 24, 2024, Anna Jaques posted a notice on ther website.”

Data breaches 118

Data breaches Insurance Healthcare Ransomware 118

Security Affairs

MARCH 3, 2025

Amnesty International first found traces of this Cellebrite USB exploit used in a separate case in mid-2024.” ” In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. .” reads the advisory.

Hacking 69

Hacking Spyware Technology Surveillance 69

Security Affairs

APRIL 15, 2025

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. In December 2024, the U.S.

Data breaches 66

Data breaches Ransomware Software Hacking 66