Accountability, Authentication, Government and Hacking

SEC X Account Hack: SIM Swap Exposed Vulnerability

SecureWorld News

JANUARY 24, 2024

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC's X account claiming the approval had been granted. This triggered a surge in Bitcoin's price before the SEC quickly debunked the post and attributed it to a hack.

Accountability

Accountability Hacking Government Mobile

SEC X account hacked to hawk crypto-scams

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted.

Accountability

Accountability Scams Hacking Cryptocurrency

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government VPN Accountability Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Spyware Marketing

Canadian government impacted by data breaches of two of its contractors

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed. Both contractors suffered a security breach in October.

Data breaches

Data breaches Government Hacking Backups

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. “Initial analysis of the leaked data pointed to its probable authenticity, as at least a portion of the leaked user records correlated with our own data holdings.”

Cybercrime

Cybercrime Hacking Passwords Accountability

The Week in Security: Chinese hackers breach government email, AI models easily poisoned

Security Boulevard

JULY 13, 2023

This week: A Chinese-based hacking group has used stolen authentication tokens to breach government email accounts. The post The Week in Security: Chinese hackers breach government email, AI models easily poisoned appeared first on Security Boulevard.

Government

Government Authentication Risk Accountability

Chinese hackers compromised emails of U.S. Government agencies

Security Affairs

JULY 13, 2023

“Chinese cyberspies, exploiting a fundamental gap in Microsoft’s cloud, hacked email accounts at the Commerce and State departments, including that of Commerce Secretary Gina Raimondo — whose agency has imposed stiff export controls on Chinese technologies that Beijing has denounced as a malicious attempt to suppress its companies.”

Government

Government Accountability Authentication Hacking

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads trhe announcement published by DKWOC.

Accountability

Accountability Government Phishing Authentication

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. “The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc.

Government

Government Manufacturing Social Engineering Malware

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

” Airbus has apparently confirmed the cybercriminal’s account to the threat intelligence firm Hudson Rock , which determined that the Airbus credentials were stolen after a Turkish airline employee infected their computer with a prevalent and powerful info-stealing trojan called RedLine. government inboxes. Microsoft Corp.

Cybercrime

Cybercrime Passwords Authentication Malware

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

Security Boulevard

MARCH 28, 2024

The post Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones appeared first on Security Boulevard. Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support.

Accountability

Accountability Social Engineering Authentication Data privacy

Microsoft Signing Key Stolen by Chinese

Schneier on Security

AUGUST 7, 2023

A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. Master signing keys are not supposed to be left around, waiting to be stolen.

Authentication

Authentication Government Hacking Accountability

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

Related: How ‘PAM’ improves authentication. Here are the key takeaways: Lower-tier hacks. No organization wants to find itself having to recover from a devastating ransomware hack – or dealing with an unauthorized intruder who has usurped control of its operational systems. SMBs today face a daunting balancing act.

Accountability

Accountability Passwords Hacking Cyber Risk

Joe Biden, Bill Gates, Barack Obama All Hacked in Twitter Compromise

Adam Levin

JULY 15, 2020

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. All Bitcoin sent to the address below will be sent back doubled!

Hacking

Hacking Social Engineering Scams Accountability

How better key management can close cloud security gaps troubling US government (Part 1 of 2)

Thales Cloud Protection & Licensing

NOVEMBER 27, 2023

How better key management can close cloud security gaps troubling US government (Part 1 of 2) sparsh Tue, 11/28/2023 - 05:20 Bruce Schneier recently blogged : A bunch of networks, including US Government networks , have been hacked by the Chinese. But “negligent security practices” are not a new concern for the US Government.

Government

Government Marketing Hacking Authentication

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.

Government

Government Authentication Passwords Mobile

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

As the dust settles following the recently disclosed hack of NewsCorp , important lessons are emerging for the cybersecurity and journalism communities. The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. Related: How China challenged Google in Operation Aurora.

Hacking

Hacking Passwords Firewall Internet

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Security Affairs

SEPTEMBER 29, 2023

State Department accounts, a Senate staffer told Reuters this week. State Department IT officials, officials told lawmakers that threat actors stole at least 60,000 emails from a 1 total of 10 State Department accounts. The accounts belong to State Department officials who were working in East Asia, the Pacific, and Europe.

Accountability

Accountability Government Hacking Authentication

Joe Biden, Bill Gates, Barack Obama Hacked in Twitter Compromise

Adam Levin

JULY 15, 2020

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. All Bitcoin sent to the address below will be sent back doubled!

Hacking

Hacking Social Engineering Scams Accountability

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government

Government Accountability Education Media

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. commercial and government interests.

Hacking

Hacking Identity Theft Government Phishing

North Korea-linked APT groups target South Korean defense contractors

Security Affairs

APRIL 23, 2024

North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency. The state-sponsored hackers hacked into the subcontractors of defense companies by exploiting vulnerabilities in the targeted systems and deployed malware. concludes the advisory.

Hacking

Hacking Malware Accountability Technology

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Accountability

Accountability Government Authentication Engineering

CISA warns of recent successful cyberattacks against cloud service accounts

Security Affairs

JANUARY 14, 2021

The US revealed that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts. Government experts confirmed that the threat actors initially attempted brute force logins on some accounts without success. SecurityAffairs – hacking, Golang-based worm).

Accountability

Accountability Phishing Authentication Passwords

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. To protect against these attacks, businesses need to implement a wide range of strong API security measures such as authentication, authorization, encryption, and vulnerability scanning. Related: Using employees as human sensors.

Hacking

Hacking Penetration Testing Data breaches Authentication

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. The Indian Government fixed a flaw in the secure document wallet service Digilocker that could have potentially allowed anyone’s access without password. It also provides 1GB storage space to each account to upload scanned copies of legacy documents.

Authentication

Authentication Mobile Accountability Passwords

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

federal government to hijack and tamper with government domain name entries. ” Hacking campaigns exploiting poor domain name security can be more subtle. Hackers posing as Coincheck.com employees contacted the company’s customers and requested their account credentials. What Can Be Done?

Hacking

Hacking Retail Cyber Insurance Authentication

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. The cybersecurity researchers observed threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured.

Ransomware

Ransomware Encryption Antivirus VPN

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. 9, 2024, U.S. Twilio disclosed in Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Security Affairs

APRIL 20, 2021

According to coordinated reports published by FireEye and Pulse Secure , two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. “A vulnerability was discovered under Pulse Connect Secure (PCS).

VPN

VPN Hacking Authentication Government

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

The Last Watchdog

OCTOBER 3, 2022

Government policymakers decided in the 1990s to promote inherently insecure, nascent Internet technology to be the world’s primary global information infrastructure for all the world’s communications, content, and commerce. Government policymakers decided in the 1990s to de facto nationally abdicate governing online.

Internet

Internet Internet Government Technology

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

They obtained the data by hacking any one of the hundreds of companies you entrust with the data -- and you have no visibility into those companies' security practices, and no recourse when they lose your data. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft

Identity Theft Passwords Password Management Authentication

Microsoft mitigated an attack by Chinese threat actor Storm-0558

Security Affairs

JULY 12, 2023

Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. No customer action is required.”

Authentication

Authentication Accountability Government Cyber Attacks

State Department’s Email Server Breached

Adam Levin

SEPTEMBER 20, 2018

An email server containing “sensitive but unclassified” data belonging to the State Department was breached, the government agency announced earlier this month. Two-factor authentication is a legal requirement and also considered a bare minimum protocol for cybersecurity protection.

Authentication

Authentication Government Cyber Attacks Cybersecurity

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

. “Starting in January 2024, a threat actor performed reconnaissance of our networks, exploited one of our Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities , and skirted past our multi-factor authentication using session hijacking. ” reads a post published by the organization on Medium.

Cyber Attacks

Cyber Attacks VPN Authentication Hacking

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 28, 2024

Korea attempts to use generative AI for hacking attacks: spy agency Cybersecurity Is artificial intelligence the solution to cyber security threats? Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M

Artificial Intelligence

Artificial Intelligence Hacking Malware Cyber Attacks

Microsoft validation error allowed state actor to access user email of government agencies and others

Malwarebytes

JULY 18, 2023

Microsoft is getting criticized for the way in which it handled a serious security incident that allowed a suspected Chinese espionage group to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud.

Government

Government Accountability Hacking Authentication

Confessions on MFA and Security Best Practices

Security Boulevard

JANUARY 17, 2024

The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication). These discussions have been driven by the SEC’s X (formerly known as Twitter) account being hacked in order to goose the price of Bitcoin.

Authentication

Authentication Accountability Hacking Firmware

Anonymous leaked 28GB of data stolen from the Central Bank of Russia

Security Affairs

MARCH 25, 2022

This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. Anonymous hacks Russia's Central Bank and more than 35,000 files will be exposed in 48 hours. Anonymous hacks Russia's Central Bank and more than 35,000 files will be exposed in 48 hours.

Banking

Banking Government Hacking Authentication

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication

Authentication Advertising Accountability Hacking

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. 3, and said it learned about the flaw from the NSA. ” Also on Dec.

Software

Software Authentication Hacking Government

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” continues the report. .

Energy and Utilities

Energy and Utilities Government Firewall Malware

SEC X Account Hack: SIM Swap Exposed Vulnerability

SEC X account hacked to hawk crypto-scams

Webinars

Trending Sources

U.S. CISA: hackers breached a state government organization

Webinars

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Canadian government impacted by data breaches of two of its contractors

Three Top Russian Cybercrime Forums Hacked

The Week in Security: Chinese hackers breach government email, AI models easily poisoned

Chinese hackers compromised emails of U.S. Government agencies

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

SYS01 stealer targets critical government infrastructure

FBI Hacker Dropped Stolen Airbus Data on 9/11

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

Microsoft Signing Key Stolen by Chinese

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Joe Biden, Bill Gates, Barack Obama All Hacked in Twitter Compromise

How better key management can close cloud security gaps troubling US government (Part 1 of 2)

DEA Investigating Breach of Law Enforcement Data Portal

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Joe Biden, Bill Gates, Barack Obama Hacked in Twitter Compromise

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

North Korea-linked APT groups target South Korean defense contractors

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

CISA warns of recent successful cyberattacks against cloud service accounts

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

A flaw in India Digilocker could?ve been exploited to bypass authentication

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Akira ransomware received $42M in ransom payments from over 250 victims

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

Ukraine Nabs Suspect in 773M Password ?Megabreach?

GUEST ESSAY: Restore Us Institute (RUI) aims to protect Americans from online harms and crimes

Protecting Yourself from Identity Theft

Microsoft mitigated an attack by Chinese threat actor Storm-0558

State Department’s Email Server Breached

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Microsoft validation error allowed state actor to access user email of government agencies and others

Confessions on MFA and Security Best Practices

Anonymous leaked 28GB of data stolen from the Central Bank of Russia

Flaw allowing identity spoofing affects authentication based on German eID cards

VMware Flaw a Vector in SolarWinds Breach?

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Stay Connected