Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking 294

Banking Government Information Security Authentication 294

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Accounting for humans.

Cybersecurity 214

Cybersecurity Cybercrime Education Passwords 214

Security Affairs

JANUARY 14, 2024

The compromised account holders face huge cloud bills due to the abuse of their clod resources. The investigation started in January 2023 when a cloud provider approached Europol and shared information regarding compromised cloud user accounts. ” continues the press release. .” ” continues the press release.

Cryptocurrency 105

Cryptocurrency Cybercrime Accountability Authentication 105

Security Affairs

MAY 13, 2024

“It is important to note that our systems are secure. We already have robust security processes in place for any account access changes, which will require you to confirm your identity using either Biometrics or Two Factor Authentication.” ” continues the notice.

Data breaches 101

Data breaches Cyber Attacks Identity Theft Banking 101

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. In August 2021, the group asked $1 million for the entire database, or $200,000 for access, according to the RestorePrivacy website that examined a sample that appears authentic.

Data breaches 135

Data breaches Telecommunications Cybercrime Hacking 135

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 116

Data breaches Social Engineering Engineering Authentication 116

Security Affairs

MARCH 29, 2024

The attackers detected suspicious login activity to certain Hot Topic Rewards accounts. Threat actors obtained valid account credentials obtained from an unknown third-party source. Hot Topic was not the source of the account credentials used in these attacks.” The company also recommends changing the account password.

Accountability 111

Accountability Mobile Passwords Authentication 111

Security Affairs

MARCH 17, 2024

France Travail data breach impacted 43 Million people Scranton School District in Pennsylvania suffered a ransomware attack Lazarus APT group returned to Tornado Cash to launder stolen funds Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case UK Defence Secretary jet hit by an electronic warfare attack in Poland Cisco (..)

Data breaches 106

Data breaches Computers and Electronics Cybercrime Ransomware 106

Security Affairs

APRIL 30, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter ) The post Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Cybercrime 89

Cybercrime Malware Hacking Accountability 89

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 88

Spyware Data breaches Hacking Ransomware 88

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN 108

VPN Cybercrime Ransomware Hacking 108

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN 111

VPN Accountability Firewall Data breaches 111

Security Affairs

DECEMBER 21, 2023

A treasure trove for bad actors Personally identifiable information from car renting companies is highly valued among black-hat hackers and is often sold in batches on cybercrime marketplaces on the dark web. Additionally, users are advised to enable multi-factor authentication wherever possible.

Mobile 106

Mobile Identity Theft Passwords Phishing 106

Security Affairs

JUNE 2, 2021

Group-IB discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum. The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. The seller registered this account on exploit[.]in

DDOS 106

DDOS Cybercrime Authentication Accountability 106

Security Affairs

FEBRUARY 10, 2021

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks. “This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. . SecurityAffairs – hacking, cybercrime).

Cybercrime 82

Cybercrime Cryptocurrency Accountability Authentication 82

Security Affairs

APRIL 5, 2023

The discovery of STYX coincides with Resecurity financial crime risk analysts observing a significant increase in threat actors offering money-laundering services that exploit digital banking and cryptocurrency accounts. Resecurity’s investigation of STYX also yielded the discovery of 100 mules accounts.

Banking 80

Banking Cybercrime Accountability Risk 80

Security Affairs

FEBRUARY 10, 2022

. “The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” Use a variation of unique passwords to access online accounts.

Mobile 92

Mobile Cryptocurrency Authentication Accountability 92

Security Affairs

JANUARY 28, 2024

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE) CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog 5379 GitLab servers vulnerable to zero-click account takeover attacks Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204 Akira ransomware attack on Tietoevry (..)

Artificial Intelligence 96

Artificial Intelligence Hacking Malware Cyber Attacks 96

Security Affairs

FEBRUARY 16, 2021

Experts pointed out that attacks abusing the ngrok platform are hard to detect because connections to subdomains of ngrok.com are not filtered by security measures. Experts provided a list of ngrok -based attacks conducted by cybercrime organizations and nation-stated actors such as Fox Kitten and Pioneer Kitten APT groups.

Phishing 128

Phishing Cybercrime Mobile Internet 128

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. ” reads the letter sent by the company to the affected customers.

Data breaches 89

Data breaches Identity Theft Accountability Passwords 89

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 87

Spyware Hacking Malware Social Engineering 87

Security Affairs

JANUARY 3, 2024

For the tool to function, the operator must input a list of compromised email accounts to be scanned. It’s noteworthy that most of the victim accounts identified were predominantly from the U.K. This approach was used to deceive individuals into sharing sensitive information with malicious actors.

Artificial Intelligence 119

Artificial Intelligence Banking Scams Cybercrime 119

Security Affairs

OCTOBER 30, 2022

Air New Zealand suffered a security breach, multiple customers have been locked out of their accounts after the incident. Air New Zealand suffered a security breach, threat actors attempted to access customers’ accounts by carrying out credential-stuffing attacks. What is credential stuffing ?

Passwords 96

Passwords Accountability Authentication Hacking 96

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. The authorities arrested tens of individuals in Spain and Romania. .

Banking 114

Banking Cybercrime Mobile Accountability 114

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. Many users of the customer support system are Okta administrators.

Social Engineering 107

Social Engineering Authentication Engineering Accountability 107

Security Affairs

APRIL 27, 2024

The attack chain starts with fake application updates for popular software, such as the Chrome browser and the Austrian digital authentication application. Brokewell employs overlay attacks to overlap a fake screen over legitimate applications, capturing user credentials. The malicious code also has the capability to steal cookies.

Malware 110

Malware Spyware Authentication Mobile 110

Security Affairs

MARCH 26, 2020

that is hosting various cybercrime products and services were being sold. companies for customers’ personal information.” which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. Social Security Numbers, dates of birth, and victim addresses.

Cybercrime 114

Cybercrime Advertising Hacking Accountability 114

Security Affairs

FEBRUARY 23, 2024

The exposed information includes full name, date of birth, mobile number, email address, postal address and Tangerine account number. Upon becoming aware of the security breach, the company launched an investigation, which is still ongoing, into the incident. ” reads the statement published by the company.

Data breaches 95

Data breaches Telecommunications Banking Mobile 95

Security Affairs

OCTOBER 11, 2022

.” The toolkit provides templates for a broad range of targets, including Chinese and Russian organizations, which is quite uncommon in the cybercrime ecosystem. Caffeine is advertised on multiple cybercrime underground forums, its subscription models are more expensive compared with other PhaaS platforms. Pierluigi Paganini.

Phishing 90

Phishing Cybercrime Accountability Advertising 90

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 127

Password Management Cryptocurrency Passwords Authentication 127

Security Affairs

AUGUST 6, 2023

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug Russian APT29 conducts phishing attacks through Microsoft Teams Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign Burger King forgets to put a password (..)

Malware 78

Malware Cybercrime Cryptocurrency Social Engineering 78

Security Affairs

MARCH 15, 2020

A cybercrime gang focused on Business Email Compromise (BEC) has started using coronavirus-themed scam emails in its attacks. The researchers received a coronavirus-themed scam email that attempted to trick victims into using a different bank account for the payment due to the COVID-19 outbreak. A change of the bank account).

Scams 106

Scams Banking Cybercrime Advertising 106

Security Affairs

OCTOBER 22, 2022

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. If you use Remote Desktop Protocol (RDP), secure and monitor it. ” reads the alert.

Ransomware 69

Ransomware VPN Cybercrime Accountability 69

Security Affairs

OCTOBER 28, 2021

The German police discovered Nikolay’s email address, which was also used to register to over 60 websites, along with his phone number that is associated with a Telegram account. That comes from a database of the IT security company Domaintools. SecurityAffairs – hacking, cybercrime). ” consider the post.

Cryptocurrency 118

Cryptocurrency Ransomware Cybercrime Accountability 118

Security Affairs

APRIL 21, 2024

The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured. In some attacks, threat actors created an administrative account named itadm.

Ransomware 107

Ransomware Encryption Antivirus VPN 107

Security Affairs

NOVEMBER 29, 2022

In early October, Fortinet addressed the critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. On October 18, Fortinet confirmed the critical authentication bypass vulnerability is being exploited in the wild. ” concludes the post.

VPN 100

VPN Firewall Authentication Internet 100

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. ” continues the analysis.

Ransomware 126

Ransomware Hacking VPN Phishing 126