Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. police as part of an FBI investigation into the MGM hack.

Identity Theft 267

Identity Theft Phishing Cryptocurrency Accountability 267

Security Affairs

OCTOBER 11, 2024

As of September 5, 2024, the Internet Archive held more than 42.1 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. ” New breach: Internet Archive had 31M records breached last month including email address, screen name and bcrypt password hash.

Data breaches 122

Data breaches Internet Internet DDOS 122

SecureList

MARCH 12, 2025

Regions and industries of incident response requests In 2024, we saw the share of incident response requests rise in most of the regions, with the majority of investigations conducted in the CIS (50.6%), the Middle East (15.7%) and Europe (10.8%). They are commonly used during post-exploitation for password extraction and lateral movement.

Ransomware 97

Ransomware Passwords Government Security Awareness 97

Tech Republic Security

DECEMBER 11, 2024

Keepers extensive authentication options and generous discounts make it an alluring password manager to try this year. Read more about it in our full review.

Password Management 158

Password Management Passwords Authentication 158

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. .” The phony booking.com website generated by visiting the link in the text message.

Phishing 275

Phishing Accountability Artificial Intelligence Cybercrime 275

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 122

Firmware Manufacturing IoT Healthcare 122

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Malwarebytes

FEBRUARY 11, 2025

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device.

Phishing 125

Phishing Passwords Mobile Authentication 125

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 81

Phishing Banking Scams Mobile 81

Krebs on Security

APRIL 30, 2025

Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024. Buchanan was arrested in June 2024 at the airport in Palma de Mallorca while trying to board a flight to Italy. As first reported by KrebsOnSecurity, Buchanan (a.k.a. ” U.S.

Identity Theft 194

Identity Theft Phishing Cryptocurrency Cybercrime 194

Malwarebytes

OCTOBER 25, 2024

UnitedHealth CEO Andrew Witty estimated the attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC. Change your password. You can make a stolen password useless to thieves by changing it. He wasn’t exaggerating.

Healthcare 115

Healthcare Data breaches Passwords Identity Theft 115

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 257

Hacking Government Identity Theft Accountability 257

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes.

Internet 129

Internet Internet Data breaches Authentication 129

Malwarebytes

NOVEMBER 4, 2024

The City of Columbus was attacked by a ransomware group on July 18, 2024. On September 12, 2024, the city of Columbus issued a notice of breach that was sent to its clients. Change your password. You can make a stolen password useless to thieves by changing it. Better yet, let a password manager choose one for you.

Data breaches 111

Data breaches Passwords Ransomware Phishing 111

NetSpi Technical

MARCH 10, 2025

This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. TL;DR an attacker with access to a Web Help Desk backup file may be able to recover some of the encrypted passwords stored within it.

Encryption 99

Encryption Backups Passwords Software 99

Security Affairs

OCTOBER 25, 2024

The vulnerability CVE-2024-20481 (CVSS score of 5.8) An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

VPN 114

VPN Firewall Technology Passwords 114

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. Cookies track users with unique IDs.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Security Affairs

NOVEMBER 29, 2024

Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks.

Phishing 114

Phishing Accountability Authentication Advertising 114

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 62

Passwords Password Management Malware Accountability 62

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 343

Hacking Phishing Cybercrime Passwords 343

BH Consulting

NOVEMBER 22, 2024

When admins choose ‘Run as Administrator’ mode, they’ll now be prompted to authenticate with a password, PIN, or other methods, rather than just clicking ‘Yes’ or ‘No’. Sign up here The post Security Roundup November 2024 appeared first on BH Consulting. MORE Have you signed up to our monthly newsletter?

Accountability 72

Accountability Data privacy Scams Cybersecurity 72

Security Affairs

FEBRUARY 10, 2025

Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. ” The group was spotted using zero-day vulnerabilities in Advantive VeraCore respectively tracked as CVE-2024-57968 (CVSS score of 9.9) ” reads the analysis published by Intezer.

Manufacturing 111

Manufacturing Cybercrime Passwords Authentication 111

Malwarebytes

APRIL 15, 2025

In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 99

Data breaches Ransomware Passwords B2B 99

Malwarebytes

FEBRUARY 25, 2025

DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. DISA discovered the breach on April 22, 2024, and has since conducted an investigation with the help of third-party forensic experts. Change your password. You can make a stolen password useless to thieves by changing it.

Data breaches 95

Data breaches Passwords Phishing Password Management 95

Malwarebytes

MARCH 19, 2025

The data breach notification states that the breach occurred on April 20, 2024 and CCB discovered it on October 4, 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Enable two-factor authentication (2FA).

Banking 92

Banking Data breaches Computers and Electronics Passwords 92

Security Affairs

JANUARY 25, 2025

The duo found Subaru’s admin panel hosted on a subdomain, allowing password resets for employee accounts without confirmation, bypassing two-factor authentication. Researchers used the valid employee email to reset the password, bypass two-factor authentication, and gain access to the panels functionality.

Hacking 126

Hacking Accountability Passwords Authentication 126

SecureWorld News

MAY 2, 2024

In our digitally connected world, passwords are the gateway to protecting our online lives—from email and social media accounts to banking and private data. Yet, many of us still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.

Passwords 113

Passwords Password Management Identity Theft Authentication 113

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Security Affairs

NOVEMBER 13, 2024

ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. This unique password is uploaded to a server controlled by the attacker.

Ransomware 123

Ransomware Encryption Passwords Backups 123

Thales Cloud Protection & Licensing

MAY 7, 2025

Traditional Multi-Factor Authentication (MFA), while a step up from password-only security, is no longer enough to fight modern phishing schemes. As malefactors hone their methods, entities must adopt phishing-resistant multi-factor authentication to secure their digital identities.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. The file with the data, titled rockyou2024.txt,

Passwords 127

Passwords Password Management Education Accountability 127

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. The issue is due to an improper implementation in the password-change process. “This vulnerability is due to improper implementation of the password-change process. .

Passwords 140

Passwords Software Authentication Hacking 140

Malwarebytes

APRIL 24, 2025

” The transmission of data took place between April 2021 and January 2024. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Watch out for fake vendors.

Insurance 111

Insurance Data breaches Passwords Phishing 111

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication 138

Authentication Passwords CISO Password Management 138

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

NOVEMBER 19, 2024

Experts noticed that due to this vulnerability, user credentials remain in process memory after a user authenticates to the VPN. Volexity reported this vulnerability to Fortinet on July 18, 2024, and Fortinet acknowledged the issue on July 24, 2024.” ” reads the advisory.

VPN 119

VPN Malware Spyware Passwords 119

SecureList

JUNE 18, 2024

A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of same-case English letters and digits, or 36 combinable characters, within just 17 seconds.

Passwords 138

Passwords Password Management Hacking Authentication 138