Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” . “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by the LG ThinkQ smartphone app to control the TV. ” reads the advisory. Sweden, and Finland.

Hacking 125

Hacking Internet Internet Authentication 125

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability 139

Accountability Hacking Data breaches Passwords 139

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). SecurityAffairs – hacking, ShinyHunters). A hacker has shared 3.2

Accountability 98

Accountability Hacking Data breaches Passwords 98

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.

Accountability 103

Accountability Hacking Data breaches Advertising 103

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 114

Accountability Authentication Passwords Data breaches 114

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 90

Accountability Phishing Authentication Architecture 90

Security Affairs

JANUARY 4, 2024

An internet outage impacted Orange Spain after a hacker gained access to the company’s RIPE account to misconfigure BGP routing. The hacker, who uses the moniker ‘Snow’, gained access to the RIPE account of Orange Spain and misconfigured the BGP routing causing an internet outage. I have fixed your RIPE admin account security.

Internet 111

Internet Internet Accountability Passwords 111

Security Affairs

FEBRUARY 18, 2023

Twitter has announced that the platform will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers. To date, Twitter has offered three methods of 2FA : text message, authentication app, and security key. “At that time, accounts with text message 2FA still enabled will have it disabled.

Authentication 95

Authentication Accountability Media Hacking 95

Security Affairs

SEPTEMBER 25, 2022

Threat actors target GitHub users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. GitHub is warning of an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform.

Accountability 105

Accountability Phishing Authentication Passwords 105

Security Affairs

JULY 24, 2022

million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums. SecurityAffairs – hacking, Twitter). Threat actor leaked data of 5.4 Source RestorePrivacy.

Accountability 135

Accountability Advertising Authentication Hacking 135

Security Affairs

JULY 5, 2022

Threat actors compromised the Twitter and YouTube accounts of the British Army to promote online crypto scams. The Twitter and YouTube accounts of the British Army were used to promote NFT and other crypto scams. We are aware of a breach of the Army’s Twitter and YouTube accounts and an investigation is underway.

Scams 85

Scams Accountability Authentication Cryptocurrency 85

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 96

Authentication Passwords Risk Education 96

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The hackers hijacked the official Barcelona and Olympic Twitter accounts and posted some tweets to claim responsibility for the hack.

Accountability 89

Accountability Hacking Advertising Media 89

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. of the the targeted accounts were compromised.

Passwords 108

Passwords Accountability Authentication Hacking 108

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.

Accountability 93

Accountability Authentication Phishing Data breaches 93

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing 75

Phishing Hacking Banking Scams 75

Security Affairs

AUGUST 5, 2022

million accounts was caused by the exploitation of a zero-day flaw. million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered for sale the stolen data on the popular hacking forum Breached Forums. Source RestorePrivacy. “A

Accountability 104

Accountability Data breaches Authentication Media 104

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. ” reads trhe announcement published by DKWOC.

Accountability 105

Accountability Government Phishing Authentication 105

Security Affairs

OCTOBER 20, 2021

According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Pierluigi Paganini.

Accountability 127

Accountability Malware Phishing Social Engineering 127

Security Affairs

AUGUST 10, 2022

The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat actors compromised a Cisco employee’s credentials after they gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized. SecurityAffairs – hacking, Yanluowang ransomware).

Ransomware 124

Ransomware Hacking VPN Phishing 124

Security Affairs

MARCH 29, 2023

OpenAI addressed multiple severe vulnerabilities in the popular chatbot ChatGPT that could have been exploited to take over accounts. OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories. Attack Flow: 1. Victims visit the legitimate link.

Accountability 85

Accountability Authentication Hacking Information Security 85

Security Affairs

JULY 18, 2021

Instagram introduced a new security feature dubbed “Security Checkup” to help users to recover their accounts that have been compromised. “Today, we’re launching Security Checkup, a new feature to help people keep their Instagram accounts secure. . ” states the company.

Accountability 94

Accountability Authentication Scams Hacking 94

Security Affairs

NOVEMBER 24, 2020

Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel , a popular software suite that facilitates the management of a web hosting server.

Hacking 137

Hacking Authentication Accountability Software 137

Security Affairs

NOVEMBER 18, 2021

Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’ accounts. ” reads the report published by Abnormal Security.

Accountability 99

Accountability Phishing Media Scams 99

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Pierluigi Paganini.

Accountability 82

Accountability Hacking Passwords Advertising 82

Security Affairs

JANUARY 10, 2022

Several EA Sports FIFA 22 players claim to have been hacked, they say to have lost access to their personal EA and email accounts. A growing number of EA Sports FIFA 22 players reported that their EA accounts were hacked, including famous streamers such as Jamie Bateson (AKA Bateson87), NickRTFM, Trymacs, TisiSchubecH and FUT FG.

Hacking 103

Hacking Accountability Social Engineering Media 103

Security Affairs

JANUARY 18, 2021

The attack took place on Saturday, around 04:00 (GMT), when threat actors compromised an administrator account and downloaded a copy of the list of users. “Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum ( [link] ) was breached. SecurityAffairs – hacking, data breach). Pierluigi Paganini.

Hacking 129

Hacking Data breaches Passwords Accountability 129

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability 93

Accountability Education Media Authentication 93

Security Affairs

APRIL 16, 2024

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, brute-force )

VPN 123

VPN Firewall Authentication Hacking 123

Security Affairs

MAY 5, 2021

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. “A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. .

Authentication 93

Authentication Passwords Accountability System Administration 93

Security Affairs

DECEMBER 16, 2022

“No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.” Users are recommended to activating two-factor authentication (2FA) protection use hardware security keys to access their accounts.

Hacking 84

Hacking Phishing Accountability Authentication 84

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

MARCH 7, 2023

Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. “We have recently been made aware of a security vulnerability related to Plex Media Server. .

Software 98

Software Hacking Data breaches Media 98

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Sophos researchers observed in May the threat actor using compromised Cisco VPN accounts to breach target networks.

VPN 90

VPN Ransomware Hacking Education 90

Security Affairs

AUGUST 9, 2021

Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap , that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021.

Accountability 125

Accountability Social Engineering Media Malware 125

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 107

Banking Accountability Mobile Cryptocurrency 107

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” concludes Dexerto.

Hacking 107

Hacking Data breaches Accountability Passwords 107