Accountability, Blog and Information Security

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

The Best Twitter Cybersecurity Accounts You Should Follow [Updated 2021]

Heimadal Security

DECEMBER 22, 2021

Security experts, researchers, and cyber enthusiasts abound on Twitter, eager to share their ideas, news, and research on information security, industry best practices, and the most recent dangers. The post The Best Twitter Cybersecurity Accounts You Should Follow [Updated 2021] appeared first on Heimdal Security Blog.

Accountability

Accountability Cybersecurity Information Security

GitLab addressed critical account take over via SCIM email change

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

Accountability

Accountability Hacking Cybersecurity Information Security

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google banned 173k developer accounts in 2022

Security Affairs

MAY 1, 2023

The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps.

Accountability

Accountability Education Media Hacking

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’ accounts through phone calls. To nominate, please visit:?. Pierluigi Paganini.

Scams

Scams Accountability Mobile Hacking

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Japan have already deployed to streamline sign-in for their users. ” continues the post.

Accountability

Accountability Passwords Password Management Phishing

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability

Accountability Education Media Authentication

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability

Accountability Phishing Authentication Architecture

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

Ukraine warns of attacks aimed at taking over Telegram accounts

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability

Accountability Phishing Passwords Hacking

Who Wants to Become a Guest Blogger At This Blog?

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Who is Dancho Danchev and what is Dancho Danchev's Blog? The post Who Wants to Become a Guest Blogger At This Blog? Stay tuned!

Cybercrime

Cybercrime InfoSec Cyber threats Accountability

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

APRIL 3, 2023

.” The experts discovered that other apps were impacted by the misconfiguration issue, including Mag News, Central Notification Service (CNS), Contact Center, PoliCheck, Power Automate Blog, and COSMOS. Below is the disclosure timeline: Jan. 31, 2023 – Wiz Research reported the Bing issue to MSRC Jan.

Accountability

Accountability Education Media Authentication

Slack bugs allowed take over victims’ accounts

Security Affairs

MARCH 14, 2020

Slack addressed a critical flaw within 24 hours from its disclosure, the issue allowed attackers to carry out automate account takeover. The researcher Evan Custodio discovered a critical vulnerability in Slack that could have allowed attackers to launch automate account takeover. on slackb.com 3) A request of GET [link] HTTP/1.1

Accountability

Accountability Advertising Data breaches Hacking

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity

Cybersecurity IoT Antivirus Education

Slickwraps discloses data leak that impacted 850,000 user accounts

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. A cyber security expert that goes online with the moniker of Lynx0x00 published a blog post detailing his failed attempts of reporting the vulnerability on Slickwraps’ servers to the company.

Accountability

Accountability Data breaches Passwords Advertising

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant’s full name, Social Security number, address, phone number, email, and bank account number.

Banking

Banking Government Information Security Authentication

Who is Dancho Danchev?

Security Boulevard

FEBRUARY 4, 2022

Do you need to do a historical check on the security industry including me as an individual including my personal blog and all the socially-oriented work and contributors that I've made to the industry during the past ten years? Folks, Do you remember who I am?

Cybercrime

Cybercrime Accountability Information Security Network Security

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The price for a stolen account was very cheap, paying a few dollars crooks were able to use it for a specific period. Genesis Market provided access to accounts of the most popular services, including Amazon, eBay, Facebook, Gmail, Netflix, PayPal, Spotify, and Zoom.

Marketing

Marketing Cybercrime Accountability Education

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware

Ransomware Firmware Hacking Manufacturing

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

. “MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February. The account was used to create database backups which were then downloaded and deleted.

Data breaches

Data breaches Backups Passwords Accountability

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. The timing of our advisory and Mr. Pyle’s blog were coincidental.

Phishing

Phishing Architecture Passwords Accountability

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. Pierluigi Paganini.

Cybercrime

Cybercrime Education Accountability Phishing

OpenAI launched a bug bounty program

Security Affairs

APRIL 12, 2023

.” In March, 2023, OpenAI addressed multiple severe vulnerabilities in ChatGPT that could have allowed attackers to take over user accounts and view chat histories.

Accountability

Accountability Education Media Hacking

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

“Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog. In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated.

Malware

Malware Software Technology Accountability

Health insurer Point32Health suffered a ransomware attack

Security Affairs

APRIL 23, 2023

“On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. ” reads the statement published by the insurer.

Insurance

Insurance Ransomware Education Accountability

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

Among the leaked data were bank account details, bank statements, credit card numbers, full names, dates of birth, home addresses, phone numbers, emails, personal identification documents, and employees’ and candidates’ CVs. A misconfiguration of the bank systems exposed millions of records with sensitive data.

Banking

Banking Identity Theft Accountability Phishing

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 15, 2023

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account; Google addressed the vulnerability CVE-2023-20963 with the release of “ The Android Security Bulletin—March 2023 ” security updates.

Education

Education Accountability Media Cybersecurity

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

“CertiK analysis reveals that this community manager, account –@BorisVagner (“BorisVagner | SBS” on Discord)– posted a message to BAYC’s Discord server with a phishing link that led to the fake site. At this time it is unclear how the attackers have hacked the community manager’s account. Pierluigi Paganini.

Phishing

Phishing Hacking Accountability Scams

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

Security Affairs

APRIL 20, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, vRealize ) The post VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root appeared first on Security Affairs.

Education

Education Media Hacking Accountability

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

Security Affairs

APRIL 21, 2023

.” The investigation launched into the incident revealed that that an unauthorized third party obtained usernames and hashed and salted passwords for members’ online accounts on the ABA website prior to 2018 or the ABA Career Center since 2018. million members impacted appeared first on Security Affairs.

Data breaches

Data breaches Passwords Education Accountability

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

Security Affairs

APRIL 25, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, VMware ) The post VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023 appeared first on Security Affairs.

Hacking

Hacking Education Software Media

STYX Marketplace emerged in Dark Web focused on Financial Fraud

Security Affairs

APRIL 5, 2023

The discovery of STYX coincides with Resecurity financial crime risk analysts observing a significant increase in threat actors offering money-laundering services that exploit digital banking and cryptocurrency accounts. Resecurity’s investigation of STYX also yielded the discovery of 100 mules accounts.

Banking

Banking Cybercrime Accountability Risk

Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts – Part Four

Security Boulevard

MAY 27, 2021

Sample currently active high-profile cybercriminal Jabber and XMPP including email address accounts: mulamoose@xmpp.jp. The post Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts – Part Four appeared first on Security Boulevard.

Accountability

Accountability Banking DDOS Cybercrime

UK outsourcing services provider Capita suffered a cyber incident

Security Affairs

APRIL 3, 2023

Capita, the UK outsourcing giant, confirmed that its staff was locked out of their accounts on Friday after a cyber incident. UK outsourcing services provider Capita confirmed that the outage suffered on Friday was caused by a cyberattack. The outsourcing firm signed numerous contracts with the Ministry of Defence.

Data breaches

Data breaches Education Accountability Media

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Security Affairs

DECEMBER 12, 2020

Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.

Hacking

Hacking Passwords Accountability Technology

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

.” The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs: Use of Hard-coded Credentials CWE-798 ( CVE-2023–1748 , CVSS3.0: Improper Input Validation CWE-20 ( CVE-2023–1751 , CVSS3.0:

Manufacturing

Manufacturing Media Firewall Education

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The researchers noticed that the most common attack against networks and cloud instances is the account takeover. “Access to service account credentials can also allow attackers to span across services such as when a GCP service account is granted domain wide delegation authority to an organization’s Google Workspace environment.”

Media

Media Accountability Government Malware

Actionable WebAuthn You Can (and Should) Implement Today

Duo's Security Blog

JANUARY 23, 2024

Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues.

Authentication

Authentication Accountability CISO Technology

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Security Affairs

APRIL 10, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Sophos) The post Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical appeared first on Security Affairs.

Firewall

Firewall Education Media Hacking

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Hikvision ) The post Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products appeared first on Security Affairs.

Surveillance

Surveillance Education Media Hacking

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, April security updates) The post SAP April 2023 security updates fix critical vulnerabilities appeared first on Security Affairs.

Education

Education Media Authentication Passwords

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Best Twitter Cybersecurity Accounts You Should Follow [Updated 2021]

Webinars

Trending Sources

GitLab addressed critical account take over via SCIM email change

Webinars

Google banned 173k developer accounts in 2022

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Passwordless sign-in with passkeys is now available for Google accounts

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Remcos RAT campaign targets US accounting and tax return preparation firms

EvilProxy used in massive cloud account takeover scheme

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Ukraine warns of attacks aimed at taking over Telegram accounts

Who Wants to Become a Guest Blogger At This Blog?

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Slack bugs allowed take over victims’ accounts

15 Best Cybersecurity Blogs To Read

Slickwraps discloses data leak that impacted 850,000 user accounts

Hackers are taking advantage of the interest in generative AI to install Malware

LinkedIn Adds Verified Emails, Profile Creation Dates

Many Public Salesforce Sites are Leaking Private Data

Who is Dancho Danchev?

Law enforcement seized the Genesis Market cybercrime marketplace

MSI confirms security breach after Money Message ransomware attack

Kodi discloses data breach after its forum was compromised

ConnectWise Quietly Patches Flaw That Helps Phishers

FBI: Compromised US academic credentials available on various cybercrime forums

OpenAI launched a bug bounty program

3CX Breach Was a Double Supply Chain Compromise

Health insurer Point32Health suffered a ransomware attack

Multinational ICICI Bank leaks passports and credit card numbers

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

American Bar Association (ABA) suffered a data breach,1.4 million members impacted

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

STYX Marketplace emerged in Dark Web focused on Financial Fraud

Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts – Part Four

UK outsourcing services provider Capita suffered a cyber incident

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Nexx bugs allow to open garage doors, and take control of alarms and plugs

China-linked APT41 group spotted using open-source red teaming tool GC2

Actionable WebAuthn You Can (and Should) Implement Today

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

SAP April 2023 security updates fix critical vulnerabilities

Stay Connected