Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 106

Banking Accountability Mobile Cryptocurrency 106

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. Bleeping Computer, which has validated the authenticity of the archive, reported that the latest record in the database was created on October 12th, 2018. accounts exposed appeared first on Security Affairs.

Accountability 98

Accountability Hacking Data breaches Passwords 98

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Twitter, like many other social media websites, asks users to provide their phone number and email address to better protect their account.

Advertising 93

Advertising Media Accountability Account Security 93

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 90

Accountability Hacking Advertising Media 90

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 129

Accountability Advertising Account Security Authentication 129

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. A USPS brochure advertising the features and benefits of Informed Visibility.

Accountability 264

Accountability Authentication Identity Theft Advertising 264

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Pierluigi Paganini.

Accountability 80

Accountability Hacking Passwords Advertising 80

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. ” reported Slashgear. Pierluigi Paganini.

Accountability 93

Accountability Data breaches Passwords Advertising 93

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication 107

Authentication Mobile Advertising Accountability 107

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. co.uk , airbnb.pt-anuncio[.]com

Scams 243

Scams Advertising Accountability Phishing 243

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 91

Mobile Cryptocurrency Authentication Accountability 91

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., However, Cleafy’s Threat Intelligence & Response Team reported having detected the first Nexus infections in June 2022, months before the MaaS was publicly advertised.

Banking 78

Banking Cryptocurrency Malware Advertising 78

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 107

Hacking Data breaches Accountability Passwords 107

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. The Russian man also advertised the platform on other hacking forums. “Thus far, law enforcement has found no legitimate business advertising its services and/or products through a DEER.IO

Accountability 111

Accountability Advertising Passwords Hacking 111

Security Affairs

JUNE 5, 2022

The website was advertised through the official BAYC Discord for a Yuga Labs community manager that was previously hackerd. “CertiK analysis reveals that this community manager, account –@BorisVagner (“BorisVagner | SBS” on Discord)– posted a message to BAYC’s Discord server with a phishing link that led to the fake site.

Phishing 133

Phishing Hacking Accountability Scams 133

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information.

Authentication 113

Authentication Advertising Accountability Hacking 113

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 145

Firewall Passwords Accountability Advertising 145

Security Affairs

AUGUST 4, 2020

Exposed records include information such as login credentials, full name, contact number, trip details, bank card details, account creation date. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking 145

Banking Data breaches Mobile Advertising 145

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication 133

Authentication Advertising Architecture Cybercrime 133

Security Affairs

SEPTEMBER 18, 2020

The arsenal of the group included several strains of malware, including an Android backdoor disguised inside malicious apps and four variants of Windows infostealers that were also able to access victims’ Telegram Desktop and KeePass account information. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware 103

Malware Phishing Accountability Advertising 103

Security Affairs

OCTOBER 4, 2020

“These vulnerabilities may allow locally managed accounts within Device Manager to be susceptible to dictionary attacks due to weak cipher implementation (CVE-2020-6925) and allow a malicious actor to remotely gain unauthorized access to resources (CVE-2020-6926), and/or allow a malicious actor to gain SYSTEM privileges (CVE-2020-6927).”

Hacking 131

Hacking Accountability Passwords InfoSec 131

Security Affairs

MARCH 26, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. The Russian man also advertised the platform on other hacking forums. Social Security Numbers, dates of birth, and victim addresses. appeared first on Security Affairs.

Cybercrime 113

Cybercrime Advertising Hacking Accountability 113

Security Affairs

OCTOBER 9, 2019

Twitter admitted having “inadvertently” used phone numbers and email addresses, collected for security purposes, for advertising. Twitter apologized to have used phone numbers and email addresses, privided by the users for security purposes, for advertising. ” reads a post published by Twitter. .

Advertising 69

Advertising Marketing Media Authentication 69

Security Affairs

JULY 14, 2020

In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones. Unfortunately stolen data are already available for sale on the dark web, security researchers at CloudSEK reported. The experts found a post advertising information of roughly 3.4

Hacking 100

Hacking Data breaches Identity Theft Advertising 100

Security Affairs

OCTOBER 10, 2020

Security experts from cyber-security firm Prevailion reported that TA505 has compromised more than 1,000 organizations. The malicious updates employed in the Zerologon attacks are able to bypass the user account control (UAC) security feature in Windows and abuse the Windows Script Host tool (wscript.exe) to execute malicious scripts.

Cybercrime 118

Cybercrime Security Intelligence Authentication Banking 118

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Use multifactor authentication where possible.

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

MARCH 7, 2023

. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.”

Government 92

Government Manufacturing Social Engineering Malware 92

Security Affairs

MAY 4, 2020

Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link]. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – Office 365, CISA).

Authentication 91

Authentication Advertising Cyber Attacks Cybersecurity 91

Security Affairs

JULY 22, 2019

“This was no virus, worm or malware of any sort—it was simple old phishing site that utilized Discord’s own moronic API to hijack these accounts,” reads a message wrote by the hacker s in a message on their website. To set up two-factor authentication on Discord you read the guide provided by the support.

Phishing 78

Phishing Data breaches Passwords Advertising 78

Security Affairs

MARCH 15, 2020

The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak. The Ancient Tortoise’s BEC message includes details of a Hong Kong mule account and instructs victims to send the money to it. A change of the bank account).

Scams 106

Scams Banking Cybercrime Advertising 106

Security Affairs

AUGUST 20, 2020

The issue could have been exploited by an attacker to send an email that appears as sent by another Gmail or G Suite user, the message is able to bypass protection mechanisms such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC). ” states the post. ” continues the expert.

Authentication 100

Authentication Advertising Accountability Hacking 100

Security Affairs

FEBRUARY 5, 2023

In early January, the threat actor claimed to have hacked the database of the magazine and obtained the personal information of more than 200,000 customers. ” The Holy Souls group advertised the huge trove of data for sale for 20 BTC (equal to roughly $340,000 at the time). . ” reads the post published by Microsoft.

Hacking 91

Hacking Accountability Cyber Attacks Advertising 91

Security Affairs

AUGUST 9, 2020

To avoid phishing attacks that are even more sophisticated users have to scrutinize the website URLs that intend to visit, avoid clicking links from emails, chat messages, and other publicly available content, and enable multi-factor authentication for their accounts to secure accounts from being hijacked.

Phishing 143

Phishing Advertising Scams Accountability 143

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime 88

Cybercrime Malware Hacking Accountability 88

Security Affairs

FEBRUARY 12, 2024

Their strength lies in speed and cost-effectiveness, making them perfect for tasks that require swift execution, like brand protection or bulk account creation. If you’re managing social media accounts for influencer marketing or performing competitor analysis, residential proxies provide the reliability you need.

Internet 82

Internet Internet Marketing Authentication 82

Security Affairs

AUGUST 29, 2019

Some of the flaws addressed by Cisco have been reported by the security researcher Pedro Ribeiro, the expert now announced that he has released the details of three vulnerabilities that can be exploited by attackers to gain complete control over affected systems. ” reads the security advisory published by Cisco.

Big data 77

Big data Authentication Passwords Accountability 77

Security Affairs

MAY 20, 2019

A new data leak made the headlines, a database containing the contact information of millions of Instagram influencers , celebrities and brand accounts has been found online. The news was first reported by the TechCrunch website, a database was left unprotected on an AWS bucket, anyone was able to access it without authentication.

Accountability 90

Accountability Advertising Media Authentication 90