Security Affairs

MAY 29, 2024

A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous data breaches, phishing campaigns, or info-stealer infections, to gain unauthorized access to user accounts on various online services. ” reads advisory.

Authentication 96

Authentication Accountability Passwords Data breaches 96

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. ” reads the advisory published by Okta. ” continues the advisory.

VPN 112

VPN Accountability Firewall Data breaches 112

Security Affairs

MAY 2, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset. prior to 16.1.6, prior to 16.2.9,

Passwords 116

Passwords Accountability Hacking Risk 116

Security Affairs

MAY 31, 2024

ShinyHunters claims to have stolen information for 30 million customers, employees, and bank account data. The bank pointed out that the database did not store transactional data, online banking details, passwords, or other data that would allow someone to conduct transactions. “No continues the statement.

Banking 110

Banking Data breaches Cybercrime Passwords 110

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 102

Malware Cybercrime Hacking Cyber threats 102

Security Affairs

FEBRUARY 23, 2024

Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The security breach occurred on Sunday 18 February 2024, but Tangerine management became aware of the incident on Tuesday 20 February 2024. Access to the affected legacy database has also been closed.”continues

Data breaches 96

Data breaches Telecommunications Banking Mobile 96

Security Affairs

JUNE 3, 2024

The attack involves searching for a specific target using their identifiable information, such as name, phone number, email address, or account number. This compromises the security of the target’s network and endangers their personal and business data. Cox addressed the vulnerabilities within 24 hours.

Hacking 101

Hacking Accountability Passwords Information Security 101

Security Affairs

FEBRUARY 4, 2024

Notably, per additional context acquired from the actor, the majority of exposed accounts on the Dark Web didn’t have 2FA enabled. Notably, the timestamps visible on the shared screenshots by the actor illustrate successful unauthorized access with sessions dated Feb 3, 2024 (post-incident disclosure).

Scams 128

Scams Passwords Phishing Accountability 128

Security Affairs

MAY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2014-100005 Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. CISA orders federal agencies to fix these vulnerabilities by June 6, 2024.

Firmware 98

Firmware Authentication Passwords Hacking 98

Security Affairs

JANUARY 22, 2024

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said. billion records – only 12% of the supermassive MOAB of 2024.

Identity Theft 129

Identity Theft Data breaches Accountability Phishing 129

Security Affairs

JANUARY 30, 2024

Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.

Engineering 123

Engineering Passwords Telecommunications Accountability 123

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 128

Password Management Cryptocurrency Passwords Authentication 128

Webroot

APRIL 3, 2024

Mark your calendars for April 9, 2024 The second Tuesday of April marks Identity Management Day — a day dedicated to raising awareness about the importance of safeguarding your digital identity. Simply put, it’s the practice of ensuring that only authorized individuals have access to your sensitive information and online accounts.

VPN 84

VPN Passwords Scams Accountability 84

Security Affairs

JANUARY 19, 2024

.” reads a Form 8-K filed with the Securities and Exchange Commission (SEC) on January 18, 2024. ” The company pointed out that it does not store Social Security numbers and financial information in its systems. .” VF Corp also added that it has found no evidence that customer passwords were stolen.

Data breaches 115

Data breaches Retail Insurance Passwords 115

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Image: Mandiant.

Malware 287

Malware Software Technology Accountability 287

Krebs on Security

MARCH 12, 2024

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6. CVE-2024-21435 is a CVSS 8.8

Authentication 244

Authentication Engineering Accountability Internet 244

Security Boulevard

MAY 15, 2024

TABLE OF CONTENTS Understanding HIPAA Mental health apps collect a wealth of personal information Information collection extends past user disclosure Mental health apps may share your information with third parties Can users protect their privacy while using mental health apps?

Advertising 52

Advertising Insurance Accountability Data Analyst 52

Security Affairs

MAY 23, 2024

Some of the email attachment names used in the attacks are: SUMMARIZE SPECIAL ORDERS FOR PROMOTIONS CY2023 Data Doc Startechup_fINAL The payload employed in the attacks is a backdoor named SerialPktdoor, however, in March 2024, the researchers observed the threat actors using a new initial access archive files.

Malware 112

Malware Accountability Phishing Data collection 112

Security Affairs

FEBRUARY 28, 2024

” In February 2024, a court order allowed US authorities to neutralize the Moobot botnet, a network of hundreds of small office/home office (SOHO) routers under the control of the Russia-linked group APT28. APT28 group deployed Python scripts on compromised EdgeRouters to collect and validate stolen webmail account credentials.

Energy and Utilities 99

Energy and Utilities Government Firewall Malware 99

Security Affairs

JANUARY 3, 2024

For the tool to function, the operator must input a list of compromised email accounts to be scanned. It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. and various EU countries, including but not limited to Spain, France, Poland, Italy, Germany, Switzerland, among others.

Artificial Intelligence 119

Artificial Intelligence Banking Scams Cybercrime 119

SecureList

FEBRUARY 27, 2024

Possible attack vectors Parents app The robot needs to be linked to a parent’s account before it can be used. From a security researcher’s perspective, this application is particularly interesting because it allows calling to the robot, and monitoring the child’s activities and learning progress.

Education 94

Education Manufacturing Firmware Internet 94

Centraleyes

DECEMBER 17, 2023

in March of 2024. ” It keeps the core security principles intact while adding a dash of flexibility to accommodate diverse technology setups. These changes are backed by extra guidance to help organizations tackle PCI audit requirements and secure account data today and in the future. On that date, PCI DSS v4.0

Passwords 52

Passwords Computers and Electronics Software Risk 52

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. Sorry, change password please.”

Accountability 120

Accountability Hacking Cryptocurrency Cybersecurity 120

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Market Growth: AI cyber security technology is projected to grow by 23.6% every year until 2027, pointing to rapid progress and investment in AI-based security. million per incident.

Social Engineering 124

Social Engineering Cyber Attacks Cyber Insurance IoT 124

eSecurity Planet

MAY 30, 2024

2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. million for the first three quarters of FY 2024. million patient’s information caused by a third party tracker installed on the Kaiser patient portal.

Healthcare 123

Healthcare Cybersecurity Backups Ransomware 123

Security Affairs

FEBRUARY 4, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Identity Theft 108

Identity Theft VPN Malware Ransomware 108

The Last Watchdog

MAY 2, 2024

Tel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors.

Marketing 130

Marketing Technology Phishing Risk 130

Cisco Security

DECEMBER 22, 2022

Wi-Fi Air Marshal, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. In part two, we are going deep with security: Integrating Security. First Time at Black Hat, by Jérémy Couture, Head of SOC, Paris 2024 Olympic Games. Automated Account Provisioning, by Adi Sankar. Integrating Security.

DNS 72

DNS Malware Accountability Wireless 72

Centraleyes

JANUARY 14, 2024

Obtaining PCI DSS certification is not impossible and usually takes companies between one day and two weeks to complete, depending on the complexity of payments within the company and the state of information security. which gracefully exits in March 2024, making way for the solo performance of v4.0.

Computers and Electronics 52

Computers and Electronics Risk Software Information Security 52

SecureWorld News

MAY 29, 2024

Protecting manufacturing operations requires a shared responsibility model, which includes local plant leadership, manufacturing engineering and operations, and information technology and security teams. In the realm of building control systems, each structure can harbor anywhere from four to eight distinct systems.

Manufacturing 92

Manufacturing CISO Artificial Intelligence Cyber threats 92

Pen Test Partners

OCTOBER 9, 2023

For example: a user enumeration vulnerability, a weak password policy, and a lack of brute force protection and lockout can still lead to an attacker gaining access to an account. The CoP includes the following recommendations for manufacturers: No default passwords. Securely store credentials and other sensitive data.

IoT 52

IoT Firmware Mobile Manufacturing 52

Security Affairs

MARCH 31, 2024

Statistics for H2 2023 AT&T says personal data from 73 million current and former account holders leaked onto dark web US critical infrastructure cyberattack reporting rules inch closer to reality Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Artificial Intelligence 98

Artificial Intelligence Scams Hacking Cybercrime 98

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Data breaches 98

Data breaches Identity Theft Ransomware Hacking 98

Security Affairs

JANUARY 25, 2024

Recently Microsoft warned that some of its corporate email accounts were compromised by the same Russia-linked group Midnight Blizzard. Microsoft discovered the intrusion on January 12, 2024, and immediately launched an investigation into the security breach. reads a Form 8-K filing with the SEC.

Hacking 115

Hacking Accountability Passwords Cybersecurity 115

Security Affairs

MARCH 8, 2024

Microsoft published an update on the attack that hit the company on January 12, 2024, the IT giant revealed that the Russia-linked Midnight Blizzard recently breached again its internal systems and source code repositories. The state-sponsored hackers first compromised the company systems in late November 2023 with a password spray attack.

Passwords 100

Passwords Accountability Hacking Cybersecurity 100

Security Affairs

JANUARY 20, 2024

Microsoft revealed that the Russia-linked APT Midnight Blizzard has compromised some of its corporate email accounts. Microsoft warned that some of its corporate email accounts were compromised by a Russia-linked cyberespionage group known as Midnight Blizzard. Microsoft notified law enforcement and relevant regulatory authorities.

Hacking 97

Hacking Passwords Accountability Authentication 97

Security Affairs

FEBRUARY 13, 2024

Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. It’s perhaps the election year.”

Cyber threats 107

Cyber threats Passwords Hacking Government 107