Account Security, Hacking and Information Security

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

Security Affairs

NOVEMBER 24, 2020

Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel , a popular software suite that facilitates the management of a web hosting server.

Hacking

Hacking Authentication Accountability Software

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

This attack marks the third time the BAYC social media servers have been hacked by attackers this year. The first hack of the BAYC discord server took place on April 1st. On April 25th, BAYC was hit the victim of another phishing attack, threat actors compromised its Instagram account and stole 91 NFTs, equivalent to $1,345,472.34.

Phishing

Phishing Hacking Accountability Scams

Robinhood data breach exposes 7 Million users’ information

Security Affairs

NOVEMBER 9, 2021

“If you are a customer looking for information on how to keep your account secure, please visit Help Center > My Account & Login > Account Security. When in doubt, log in to view messages from Robinhood—we’ll never include a link to access your account in a security alert.”

Data breaches

Data breaches Accountability Account Security Banking

Data of 3,191 congressional staffers leaked in the dark web

Security Affairs

SEPTEMBER 25, 2024

. “The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.” ” said Proton’s head of account security Eamonn Maguire. Most leaked data email addresses belong to British MPs (68%), followed by EU MEPs (44%).

Passwords

Passwords Data breaches Media Accountability

MailChimp breached, intruders conducted phishing attacks against crypto customers

Security Affairs

APRIL 4, 2022

. ““When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access,” Smyth added. “We We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”

Phishing

Phishing Data breaches Cryptocurrency Social Engineering

Instagram implements ‘Security Checkup’ to help users recover compromised accounts

Security Affairs

JULY 18, 2021

Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature named ‘ Security Checkup ‘ feature that aims to keep accounts safe and help users to recover them. SecurityAffairs – hacking, social networks). ” states the company. . Pierluigi Paganini.

Accountability

Accountability Authentication Scams Hacking

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

Security Affairs

AUGUST 2, 2020

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. SecurityAffairs – hacking, wpDiscuz).

Accountability

Accountability Advertising Account Security Hacking

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability

Accountability Advertising Account Security Authentication

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

The researchers pointed out that the warning is related to hacking attempts and that not all the attacks have been successful, also thanks to the defense implemented by Google. The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions.

Phishing

Phishing Government Hacking Accountability

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

.” The exposed information may have included customers’ full name, address, email address, account number, social security number, customer account personal identification number (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed associated with the account.

Mobile

Mobile Data breaches Telecommunications Accountability

Plex discloses data breach and urges password reset

Security Affairs

AUGUST 24, 2022

Plex did share technical details about the security breach, below is the Plex data breach notification: We want you to be aware of an incident involving your Plex account information yesterday. SecurityAffairs – hacking, data breach). Yesterday, we discovered suspicious activity on one of our databases.

Data breaches

Data breaches Passwords Media Accountability

Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week

Security Affairs

APRIL 17, 2020

Below the recommendations provided by Google: “Admins can look at Google-recommended defenses on our advanced phishing and malware protection page, and may choose to enable the security sandbox. SecurityAffairs – Gmail, hacking). ” concludes Google. “Users should: . Pierluigi Paganini.

Phishing

Phishing Malware Government Small Business

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

The hacker explained that he did it to “prevent an actual bad threat actor from finding the account and compromising it”. I have fixed your RIPE admin account security. “We encourage account holders to please update their passwords and enable multi-factor authentication for their accounts.

Internet

Internet Internet Accountability Passwords

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

Please reset your password for account security — Poloniex Customer Support (@PoloSupport) December 30, 2019. SecurityAffairs – Poloniex exchange, hacking). The post Poloniex forces password reset following a data leak appeared first on Security Affairs. This is a real email! Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Data breaches Advertising

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

The content of the message attempt to trick the recipient into scanning the code to verify their account. “Email lures came in the form of updating account security surrounding 2FA, MFA, and general account security. The emails urge the recipient to complete the procedure in 2-3 days.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

ARCHIPELAGO “browser-in-the-browser” phishing page The ARCHIPELAGO group has shifted its phishing tactics over time to avoid detection, the attackers use phishing messages posing as Google account security alerts.

Phishing

Phishing Media Passwords Malware

Nude photo theft offers lessons in selfie security

Malwarebytes

FEBRUARY 12, 2021

Such familiarity may have helped the perpetrator in their social engineering efforts, and it may also have made guessing passwords and security questions easier. Nothing is 100% foolproof, but basic measures work wonders when it comes to keeping email accounts secure. Defending yourself. This is a great place to start.

Identity Theft

Identity Theft Social Engineering Passwords Accountability

CISO workshop slides

Notice Bored

AUGUST 5, 2022

Security Posture suggests a confusing mix of application and account security metrics. I'm really not sure what ' security posture ' even means in this context, and curious as to why those two aspects in particular have been selected as example metrics.

CISO

CISO Risk Artificial Intelligence Marketing

Twitter announces measures to protect accounts of people involved in 2020 Presidential election

Security Affairs

SEPTEMBER 18, 2020

. “As we learn from the experience of past security incidents and implement changes, we’re also focused on keeping high-profile accounts on Twitter safe and secure during the 2020 US election.” SecurityAffairs – hacking, Presidential Election). Pierluigi Paganini.

Accountability

Accountability Passwords Advertising Hacking

Updated: Data of 400 Million Twitter users up for sale

Security Affairs

DECEMBER 25, 2022

(the count would have been lower had it been a sample of non-verified accounts) I can’t share some sensitive information I have, but as time goes on I am more confident this is a 400,000,000 users leak, and as always, it will unfortunately leak to the hands of every hacker for free.” SecurityAffairs – hacking, data breach).

Data breaches

Data breaches Accountability Advertising Hacking

Data of 400 Million Twitter users up for sale

Security Affairs

DECEMBER 25, 2022

SecurityAffairs – hacking, data breach). The post Data of 400 Million Twitter users up for sale appeared first on Security Affairs. The Irish Data Protection Commission on Friday announced an investigation into a August incident that saw the contact records of 5.4 million Twitter users dumped on the same forum favored by Ryushi.

Data breaches

Data breaches Accountability Advertising Hacking

Google reveals that foreign hackers are already targeting Trump and Biden campaigns

Security Affairs

JUNE 5, 2020

. “From candidates to canvassers, every member of a campaign should understand how to add extra layers of security and protect their information. We recommend everyone associated with political campaigns enroll in our Advanced Protection Program , which bundles all our strongest Google Account security options together.”

Advertising

Advertising Accountability Account Security Phishing

Cyber Security Informer

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Trending Sources

Robinhood data breach exposes 7 Million users’ information

Data of 3,191 congressional staffers leaked in the dark web

MailChimp breached, intruders conducted phishing attacks against crypto customers

Instagram implements ‘Security Checkup’ to help users recover compromised accounts

A critical flaw in wpDiscuz WordPress plugin lets hackers take over hosting account

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Google warns of APT28 attack attempts against 14,000 Gmail users

T-Mobile customers were hit with SIM swapping attacks

Plex discloses data breach and urges password reset

Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Poloniex forces password reset following a data leak

A massive phishing campaign using QR codes targets the energy sector

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Nude photo theft offers lessons in selfie security

CISO workshop slides

Twitter announces measures to protect accounts of people involved in 2020 Presidential election

Updated: Data of 400 Million Twitter users up for sale

Data of 400 Million Twitter users up for sale

Google reveals that foreign hackers are already targeting Trump and Biden campaigns

Stay Connected