Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services. The city added that the attack was successfully thwarted, and no systems were encrypted.

Ransomware 116

Ransomware Identity Theft Data breaches Cyber threats 116

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. Passwords for mail access could be intercepted, and exposed services may allow password guessing attacks on the server.

Encryption 73

Encryption Passwords Internet Internet 73

Troy Hunt

NOVEMBER 13, 2024

Additionally, the threat actor with… pic.twitter.com/tqsyb8plPG — HackManac (@H4ckManac) February 28, 2024 When Jason found his email address and other info in this corpus, he had the same question so many others do when their data turns up in a place they've never heard of before - how?

Data breaches 335

Data breaches Passwords B2B Technology 335

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. Passwordless Authentication without Secrets! Improving Shared Device Management with Badge Inc.’s

Authentication 132

Authentication Retail Healthcare Manufacturing 132

Security Affairs

MAY 27, 2025

Sophos states that DragonForce ransomware operators chainedthe three vulnerabilities, tracked as CVE-2024-57727 , CVE-2024-57728 , and CVE-2024-57726 , for initial access. It enables technicians to remotely connect to and control computers for troubleshooting, maintenance, and support purposes.

Ransomware 106

Ransomware Software Retail Data breaches 106

Security Affairs

NOVEMBER 26, 2024

In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. The code is now available on GitHub.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. No physical safeguards were implemented to limit access to servers containing patient data.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Security Affairs

MARCH 10, 2025

This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. pic.twitter.com/rLnVxwKfPK — ZachXBT (@zachxbt) February 1, 2024 Law enforcement traced $23,604,815.09 pic.twitter.com/rLnVxwKfPK — ZachXBT (@zachxbt) February 1, 2024 Law enforcement traced $23,604,815.09

Password Management 88

Password Management Cryptocurrency Passwords Data breaches 88

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers.

Malware 122

Malware Advertising Antivirus Cybercrime 122

IT Security Guru

JANUARY 9, 2025

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. Researchers say this limitation suggests that TerraStealerV2 is either outdated or still a work in progress.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Use Privileged Access Management (PAM) solutions.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

SecureList

OCTOBER 21, 2024

Also, they both use the same key for string encryption. In June 2024, we discovered a new domain delivering this malware. The stealer also embeds a specific trick to collect the macOS user password. The archive is password protected, but the password is found at the same URL as the archive.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. The experts believe threat actors exploited the zero-dayCVE-2024-24919 in Check Point Security Gateways with Remote Access VPN or Mobile Access features. locked extension to the filenames of encrypted files.

Healthcare 87

Healthcare Ransomware VPN Malware 87

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

APRIL 6, 2025

A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle is privately notifying customers of a breach affecting usernames, passkeys, and encrypted passwords, with the FBI and CrowdStrike investigating the incident.

Data breaches 127

Data breaches Encryption Hacking Authentication 127

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. The file with the data, titled rockyou2024.txt,

Passwords 127

Passwords Password Management Education Accountability 127

Krebs on Security

DECEMBER 18, 2024

On the evening of May 15, 2024, Tony was putting his three- and one-year-old boys to bed when he received a message from Google about an account security issue, followed by a phone call from a “Daniel Alexander” at Google who said his account was compromised by hackers. Nevertheless, Soundcloud removed the audio file.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta.

Passwords 134

Passwords Media Encryption Internet 134

Zero Day

JUNE 6, 2025

The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text. Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more Individually, any one of those pieces of data can be exploited by the wrong people.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

eSecurity Planet

MAY 25, 2022

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms.

Encryption 138

Encryption Computers and Electronics Password Management Passwords 138

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. Cookies track users with unique IDs.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. According to an Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Malwarebytes

MAY 1, 2025

These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business 101

Small Business Cybersecurity Scams Passwords 101

eSecurity Planet

DECEMBER 4, 2024

During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns. Improving Identity Protection According to Microsoft’s Entra ID data, more than 600 million identity attacks occur daily, and 99% of them are password based.

Encryption 107

Encryption Phishing Authentication Passwords 107

Security Affairs

JANUARY 28, 2025

Horizon3 researchers discovered three vulnerabilities, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, that could be used to compromise a SimpleHelp server, as well as clients machines being managed by SimpleHelp. This grants access to customer machines and makes the server vulnerable to further exploits. .

Software 71

Software Passwords Accountability Encryption 71

CyberSecurity Insiders

MAY 6, 2021

If anyone wants their online activity to be secure and private, password usage helps them in doing so; as it blocks unauthorized access to a service and access to personal information. So, all the data that is moving to & from the website to the servers is encrypted, making it tough for the hackers get is a sniff of what is going on.

Passwords 128

Passwords Firewall DDOS Backups 128

Security Affairs

DECEMBER 7, 2024

” In June 2024, Parubets reported to First Department that during a 15-day administrative detention authorities confiscated his Android device. Parubets disclosed that his apartment was searched, and he was beaten to force him to reveal his device password. ” continues the report.

Spyware 127

Spyware Passwords Encryption Surveillance 127

SecureWorld News

JUNE 9, 2025

Much of the industry still relies on legacy operational tech (OT) systems that lack modern security features such as automated patch management and encryption by default. In July 2024, Delta Air Lines experienced a catastrophic IT outage when a faulty software update from cybersecurity vendor CrowdStrike crashed approximately 8.5

Cybersecurity 118

Cybersecurity Social Engineering Computers and Electronics Risk 118

Malwarebytes

OCTOBER 8, 2021

Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with a variety of services and websites once that deadline hit. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. So what happened?

Encryption 128

Encryption Authentication IoT Passwords 128

SecureList

FEBRUARY 5, 2025

In late 2024, we discovered a new malware campaign we dubbed “SparkCat”, whose operators used similar tactics while attacking Android and iOS users through both official and unofficial app stores. It encrypts data with AES-256 in CBC mode before sending and decrypts server responses with AES-128 in CBC mode.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Troy Hunt

FEBRUARY 4, 2024

That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Yep, that's exactly what it is : The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.

Passwords 364

Passwords Accountability Backups Data breaches 364

Thales Cloud Protection & Licensing

OCTOBER 16, 2024

Solid Data Security: The Foundation of a Safe Digital World madhav Thu, 10/17/2024 - 04:58 It’s that time of year again. The State of Data Security in 2024 However, not only individuals must protect their digital assets; organizations do, too. The answer is three-fold: data encryption, strong access controls, and application security.

DDOS 62

DDOS Encryption Data breaches Identity Theft 62

Security Affairs

MARCH 18, 2025

In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. StilachiRAT can extract Chromes encrypted encryption_key and decrypts it using Windows APIs to access stored credentials. Analysis of its WWStartupCtrl64.dll

Malware 114

Malware Cryptocurrency Encryption Passwords 114

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

NOVEMBER 12, 2024

The auto-reboot feature returns devices to a “Before First Unlock” restricting app access to encryption keys. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.” The feature erases sensitive data from memory to prevent unauthorized extraction.

Media 130

Media Wireless Mobile Encryption 130