Krebs on Security

JANUARY 7, 2025

This domain was featured in a writeup from February 2024 by the security firm Lookout , which found it was one of dozens being used by a prolific and audacious voice phishing group it dubbed “ Crypto Chameleon.” “Yeah, that’s definitely not me trying to reset my password.” “ Annie.”

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Krebs on Security

DECEMBER 18, 2024

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. You may also wish to download Google Authenticator to another mobile device that you control.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. police as part of an FBI investigation into the MGM hack.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Security Affairs

OCTOBER 11, 2024

As of September 5, 2024, the Internet Archive held more than 42.1 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. ” New breach: Internet Archive had 31M records breached last month including email address, screen name and bcrypt password hash.

Data breaches 123

Data breaches Internet Internet DDOS 123

SecureList

MARCH 12, 2025

Regions and industries of incident response requests In 2024, we saw the share of incident response requests rise in most of the regions, with the majority of investigations conducted in the CIS (50.6%), the Middle East (15.7%) and Europe (10.8%). They are commonly used during post-exploitation for password extraction and lateral movement.

Ransomware 94

Ransomware Passwords Government Security Awareness 94

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. .” The phony booking.com website generated by visiting the link in the text message.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Security Affairs

NOVEMBER 15, 2024

Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.” CVE-2024-9464 (CVSS 9.3) – An authenticated OS command injection vulnerability allows attackers root access, leading to data exposure similar to CVE-2024-9463.

Firewall 110

Firewall Passwords Authentication Phishing 110

Tech Republic Security

DECEMBER 11, 2024

Keepers extensive authentication options and generous discounts make it an alluring password manager to try this year. Read more about it in our full review.

Password Management 153

Password Management Passwords Authentication 153

Malwarebytes

FEBRUARY 11, 2025

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device.

Phishing 137

Phishing Passwords Mobile Authentication 137

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 123

Firmware Manufacturing IoT Healthcare 123

Malwarebytes

OCTOBER 25, 2024

UnitedHealth CEO Andrew Witty estimated the attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC. Change your password. You can make a stolen password useless to thieves by changing it. He wasn’t exaggerating.

Healthcare 129

Healthcare Data breaches Passwords Identity Theft 129

Malwarebytes

NOVEMBER 4, 2024

The City of Columbus was attacked by a ransomware group on July 18, 2024. On September 12, 2024, the city of Columbus issued a notice of breach that was sent to its clients. Change your password. You can make a stolen password useless to thieves by changing it. Better yet, let a password manager choose one for you.

Data breaches 127

Data breaches Passwords Ransomware Phishing 127

Security Affairs

OCTOBER 24, 2024

Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-20481 (CVSS score of 5.8) ” reads the advisory.

VPN 124

VPN Firewall Passwords Software 124

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Krebs on Security

APRIL 30, 2025

Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024. Buchanan was arrested in June 2024 at the airport in Palma de Mallorca while trying to board a flight to Italy. As first reported by KrebsOnSecurity, Buchanan (a.k.a. ” U.S.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Malwarebytes

FEBRUARY 25, 2025

DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. DISA discovered the breach on April 22, 2024, and has since conducted an investigation with the help of third-party forensic experts. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 112

Data breaches Passwords Phishing Password Management 112

Malwarebytes

APRIL 15, 2025

In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 117

Data breaches Ransomware B2B Passwords 117

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 77

Phishing Banking Scams Mobile 77

Malwarebytes

MARCH 19, 2025

The data breach notification states that the breach occurred on April 20, 2024 and CCB discovered it on October 4, 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Enable two-factor authentication (2FA).

Banking 107

Banking Data breaches Computers and Electronics Insurance 107

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 259

Hacking Government Identity Theft Accountability 259

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes.

Internet 130

Internet Internet Data breaches Authentication 130

Security Affairs

NOVEMBER 5, 2024

These cameras, which feature an embedded web server allowing for direct access by web browser, are reportedly deployed in environments where reliability and privacy are crucial” CVE-2024-8956 (CVSS score of 9.1) CVE-2024-8957 (CVSS score of CVSS 7.2) CISA orders federal agencies to fix this vulnerability by November 25, 2024.

Firmware 127

Firmware Manufacturing Authentication IoT 127

NetSpi Technical

MARCH 10, 2025

This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. TL;DR an attacker with access to a Web Help Desk backup file may be able to recover some of the encrypted passwords stored within it.

Encryption 97

Encryption Backups Passwords Software 97

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 65

Passwords Password Management Accountability Malware 65

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

VPN 114

VPN Firewall Technology Passwords 114

Malwarebytes

APRIL 24, 2025

” The transmission of data took place between April 2021 and January 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Watch out for fake vendors.

Insurance 127

Insurance Data breaches Passwords Phishing 127

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks.

Phishing 114

Phishing Accountability Authentication Advertising 114

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. Cookies track users with unique IDs.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

BH Consulting

NOVEMBER 22, 2024

When admins choose ‘Run as Administrator’ mode, they’ll now be prompted to authenticate with a password, PIN, or other methods, rather than just clicking ‘Yes’ or ‘No’. Sign up here The post Security Roundup November 2024 appeared first on BH Consulting. MORE Have you signed up to our monthly newsletter?

Accountability 72

Accountability Data privacy Scams Cybersecurity 72

Security Affairs

FEBRUARY 10, 2025

Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. ” The group was spotted using zero-day vulnerabilities in Advantive VeraCore respectively tracked as CVE-2024-57968 (CVSS score of 9.9) ” reads the analysis published by Intezer.

Manufacturing 112

Manufacturing Cybercrime Authentication Passwords 112

Security Affairs

JANUARY 25, 2025

The duo found Subaru’s admin panel hosted on a subdomain, allowing password resets for employee accounts without confirmation, bypassing two-factor authentication. Researchers used the valid employee email to reset the password, bypass two-factor authentication, and gain access to the panels functionality.

Hacking 127

Hacking Accountability Authentication Passwords 127

SecureWorld News

MAY 2, 2024

In our digitally connected world, passwords are the gateway to protecting our online lives—from email and social media accounts to banking and private data. Yet, many of us still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.

Passwords 113

Passwords Password Management Identity Theft Authentication 113

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Security Affairs

NOVEMBER 13, 2024

ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. This unique password is uploaded to a server controlled by the attacker.

Ransomware 124

Ransomware Encryption Passwords Backups 124

Malwarebytes

JANUARY 10, 2025

In a breach notification , the company disclosed that on October 11, 2024 it learned about an incident that disrupted the operations of some of its IT systems. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else.

Ransomware 109

Ransomware Data breaches Passwords Phishing 109

Malwarebytes

FEBRUARY 14, 2025

The data contains names, email addresses, usernames, passwords, phone numbers, addresses, company names, and additional personal information. As with other recent claims by criminals on BreachForums we have to be careful to take their word for anything, but Jurak claims they breached Zacks themselves in June 2024. Change your password.

Accountability 97

Accountability Data breaches Passwords Phishing 97

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344