Accountability, Cyber Attacks, Information Security and Passwords

Ukraine warns of attacks aimed at taking over Telegram accounts

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability

Accountability Phishing Passwords Hacking

MongoDB investigates a cyberattack, customer data exposed

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. We detected suspicious activity on Wednesday (Dec.

Social Engineering

Social Engineering Data breaches Cyber Attacks Accountability

Resecurity warns about cyber-attacks on data center service providers

Security Affairs

FEBRUARY 21, 2023

After communication with CNCERT around January 24, 2023, the affected organization forced customers to change their passwords. Likely, the reason behind this step was in an unexpected, forced password change by the data centers organization dating back to the 1st episode. The 3rd episode of the campaign was related to a U.S.

Cyber Attacks

Cyber Attacks Passwords Cybersecurity Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Cyber attack targets. Russia isn’t the only cyber actor increasing its pace of cyber operations during this time. Segment or isolate portions of your network that are critical to your business, process, or store sensitive information. Accounting for humans.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous data breaches, phishing campaigns, or info-stealer infections, to gain unauthorized access to user accounts on various online services.

VPN

VPN Accountability Firewall Data breaches

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means.

Cybercrime

Cybercrime Education Accountability Phishing

Data Breach at Britain JD Sports leaks 10 million customers

CyberSecurity Insiders

JANUARY 30, 2023

JD Sports, Britain’s online retailer of branded sportswear, has reportedly become a victim of a cyber attack that leaked information of over 10 million customers. JD Sports has assured that hackers accessed no passwords related to their accounts and issued an apology for failing to protect the customer info.

Data breaches

Data breaches Retail Identity Theft Social Engineering

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware

Malware Cybercrime Hacking Cyber threats

NCSC Report: U.K. neutralized over 600 cyber attacks this year

Security Affairs

OCTOBER 27, 2019

has neutralized more than 600 cyber attacks this year, most of them launched by threat actors from overseas. The National Cyber Security Centre announced that the U.K. has neutralized more than 600 cyber attacks this year, most of them launched by threat actors from overseas. NCSC Report: U.K.

Cyber Attacks

Cyber Attacks Banking Advertising Government

FBI’s alert warns about using Windows 7 and TeamViewer

Security Affairs

FEBRUARY 14, 2021

The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The alert comes after the recent attacks on the Oldsmar water treatment plant’s network where attackers tried to raise levels of sodium hydroxide, by a factor of more than 100.

Passwords

Passwords Social Engineering Software System Administration

Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens

Security Affairs

MARCH 8, 2022

Ukraine’s CERT-UA warned citizens of new phishing attacks launched through compromised email accounts belonging to Indian entities. The attacks were aimed at stealing sensitive information from compromised accounts. “Once you have clicked the link and enter your password, it gets to the attackers.

Phishing

Phishing Accountability Passwords Cyber Attacks

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

Security Boulevard

MARCH 17, 2022

Decentralized Finance and the information security protocols protecting it remain in their early stages of development, as does the adaptation of new cyberattack techniques. Cryptocurrency is accounted for in wallets. Since then, cryptocurrency values reached new records during the pandemic. link] [link].

Cyber Attacks

Cyber Attacks Cryptocurrency Marketing Software

Dunkin Donuts Forced to 'Fill Security Holes' in Data Breach Settlement

SecureWorld News

SEPTEMBER 17, 2020

According to state investigators, Dunkin' Donuts failed to respond to a series of successful cyber attacks that left tens of thousands of customer's online accounts vulnerable. Now the company is being forced to take certain information security measures and pay a $650,000 fine to the state of New York.

Data breaches

Data breaches Accountability Cyber Attacks Cybersecurity

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

The Federal Bureau of Investigation (FBI) has issued an alert about cyber attacks against healthcare payment processors to redirect victim payments. The FBI also reported one attack in which the threat actors changed victims’ direct deposit information to a bank account under their control and redirected $3.1

Healthcare

Healthcare Social Engineering Accountability Passwords

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Security Affairs

DECEMBER 15, 2023

Resecurity shared a list of IP addresses associated with the simultaneous attack performed by 3 ransomware groups directly related to the ‘password spraying’ attack. The attack leveraged multiple Residential IP Proxies based in the APAC region.

Ransomware

Ransomware Financial Services Cyber Attacks Cybersecurity

1.8 Million customers of four sports gear sites impacted by credit cards breach

Security Affairs

DECEMBER 18, 2021

A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224 customers. Full name Financial account number Credit card number (with CVV) Debit card number (with CVV) Website account password.

Accountability

Accountability Banking Cyber Attacks Passwords

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

-based cyber intelligence firm Hold Security , KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles.

Ransomware

Ransomware Passwords Scams Government

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. If you use the legacy email and password login, your passwords are encrypted, but we highly encourage that you change it. We do not store any credit card or payment related information on our servers.”

Media

Media Hacking Passwords Data breaches

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

Guidehouse provides account maintenance services to Morgan Stanley’s StockPlan Connect business, hackers breached its Accellion FTA server and stole information belonging to Morgan Stanley stock plan participants. The company pointed out that exposed files did not contain passwords that could be used to access financial accounts.

Data breaches

Data breaches Hacking Banking Financial Services

China Says NSA Is Hacking Top Military Research University

SecureWorld News

SEPTEMBER 12, 2022

After extracting some of the samples and investigating the situation, China believes that the " overview, technical characteristics, attack weapons, attack paths and attack sources of the relevant attack events" originated from the NSA's Office of Tailored Access Operations (TAO). stealing over 140GB of high-value data.

Hacking

Hacking Cyber Attacks Government Internet

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information).

Data breaches

Data breaches Mobile Telecommunications Wireless

EnergyAustralia Electricity company discloses security breach

Security Affairs

OCTOBER 21, 2022

Electricity company EnergyAustralia suffered a security breach, threat actors had access to information on 323 customers. Another Australian organization was hit by a severe cyber attack, this time the victim is the Electricity company EnergyAustralia. EnergyAustralia is the country’s third-largest energy retailer.

Passwords

Passwords Small Business Banking Retail

Norway blames China-linked APT31 for 2018 government hack

Security Affairs

JUNE 20, 2021

No reliable technical findings have been made of what information was transferred, but the investigation shows that there were probably usernames and passwords associated with employees in various state administration offices. . “The actor also succeeded in transferring some data from the offices’ systems.

Government

Government Hacking Cyber Attacks Passwords

Caesars Entertainment paid a ransom to avoid stolen data leaks

Security Affairs

SEPTEMBER 15, 2023

. “As a result of our investigation, on September 7, 2023, we determined that the unauthorized actor acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.”

Social Engineering

Social Engineering Ransomware Banking Cyber Attacks

T-Mobile data breach has impacted 48.6 million customers

Security Affairs

AUGUST 18, 2021

million current postpaid customer accounts, as well as more than 40 million records of former and prospective customers. The attackers also compromised approximately 850,000 active prepaid customers. We have also confirmed that there was some additional information from inactive prepaid accounts accessed through prepaid billing files.

Data breaches

Data breaches Mobile Telecommunications Wireless

Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition

Security Affairs

JULY 8, 2023

Google addressed 3 actively exploited flaws in Android Iran-linked APT TA453 targets Windows and macOS systems Bangladesh government website leaked data of millions of citizens A man has been charged with a cyber attack on the Discovery Bay water treatment facility Progress warns customers of a new critical flaw in MOVEit Transfer software CISA and (..)

Firewall

Firewall Ransomware Password Management Malware

T-Mobile customers were hit with SIM swapping attacks

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile

Mobile Telecommunications Data breaches Identity Theft

Hackers breached four prominent underground cybercrime forums

Security Affairs

MARCH 6, 2021

The attackers also managed to transfer $150,000 worth of cryptocurrency from Verified’s wallet to a wallet under his control. In February, the administrator of the cybercrime forum Crdclub discloses a cyber attack that resulted in the hack of the administrator’s account. Source FlashPoint. ” reads Flashpoint.

Cybercrime

Cybercrime DDOS Hacking Passwords

Air India suffered a data breach, 4.5 million customers impacted

Security Affairs

MAY 22, 2021

Customers’ details involved in the security breach include names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. ” reads the data breach notification sent to the customers.

Data breaches

Data breaches Passwords Hacking Cyber Attacks

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Security Affairs

JUNE 26, 2021

Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29 , have conducted news cyber attacks against other organizations. Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts.

Financial Services

Financial Services Architecture Cyber Attacks Accountability

U.S. Bookstore giant Barnes & Noble hit by cyberattack

Security Affairs

OCTOBER 15, 2020

Bookstore giant Barnes & Noble has disclosed a cyber attack and that the threat actors have exposed the customers’ data. A series of messages published on Barnes & Noble’s Nook social media accounts state that it had suffered a system failure and is working to restore operations by restoring their server backups.

Cyber Attacks

Cyber Attacks VPN Backups Ransomware

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

” Mandiant, which tack the toolkit as INCONTROLLER, also published a detailed analysis warning of its dangerous cyber attack capability. “INCONTROLLER represents an exceptionally rare and dangerous cyber attack capability. Only use admin accounts when required for tasks, such as installing software updates.

Passwords

Passwords Architecture Backups Cyber Attacks

Audio equipment maker Bose Corporation discloses a ransomware attack

Security Affairs

MAY 25, 2021

Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year, on March 7. According to the breach notification letter filed by Bose, the company was hit by a sophisticated cyber attack, threat actors deployed ransomware within its infreastructure. ” continues the letter.

Ransomware

Ransomware Malware Cyber Attacks Backups

P&N Bank data breach may have impacted 100,000 West Australians

Security Affairs

JANUARY 15, 2020

P&N Bank discloses data breach, customer account information, balances exposed. The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. Received this notice 15mins ago.

Data breaches

Data breaches Banking Cyber Attacks Accountability

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Security Affairs

MARCH 12, 2020

Experts have found tens of security vulnerabilities in Zyxel Network Management Software, including backdoors and hardcoded SSH keys. Security researchers Pierre Kim and Alexandre Torres have discovered several vulnerabilities Zyxel Cloud CNM SecuManager software that could expose users to cyber attacks.

Accountability

Accountability Advertising Software Authentication

Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon

Security Affairs

MARCH 24, 2022

Since the start of the Russian invasion of Ukraine on February 24, Anonymous has declared war on Russia and launched multiple cyber-attacks against Russian entities, including Russian government sites , state-run media websites , and energy firms. The group leaked a sample of data containing more than 50K Nestlé business customers.

DDOS

DDOS Hacking Government Banking

University of California Employees, Students, Threatened After Breach

SecureWorld News

APRIL 7, 2021

At the University of California Berkeley, Chief Information Security Officer Allison Henry and school CIO, Jenn Stringer, posted about what is going on within the UC community: "Beginning Monday, March 29, many UC Berkeley email accounts started receiving messages stating that their personal data had been stolen and would be released.

Data breaches

Data breaches Information Security Passwords Backups

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

“Maastricht University (UM) has been hit by a serious cyber attack. Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data.”. It is unclear if the attackers have exfiltrated data from the systems before encrypting them.

Ransomware

Ransomware Cyber Attacks Architecture Backups

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

of polled executives report that their organizations' accounting and financial data were targeted by cyber adversaries.” In this blog post, we'll explore common techniques used to penetrate systems and how organizations can defend against each type of attack. You’re prompted to enter your login credentials.

Social Engineering

Social Engineering Passwords Engineering Software

Experts confirmed that the networks of the United Nations were hacked earlier this year

Security Affairs

SEPTEMBER 10, 2021

Researchers at cyber security firm Resecurity discovered that the entry point was UN’s proprietary project management software, called Umoja. Then the attackers gained a foothold in the target network and made lateral movements looking for sensitive data. According to the report, attackers did not access passwords.

Hacking

Hacking Data breaches Cyber Attacks Software

Security Affairs newsletter Round 260

Security Affairs

APRIL 19, 2020

Scams

Scams Phishing Advertising DDOS

Security Affairs newsletter Round 304

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Data breaches

Data breaches Data collection Ransomware Hacking

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

An attacker could exploit the vulnerability to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf. ” reads a post published by MSRC VP of Engineering Aanchal Gupta. ” reads a post published by MSRC VP of Engineering Aanchal Gupta.

Authentication

Authentication Advertising Architecture Cybercrime

Ukraine warns of attacks aimed at taking over Telegram accounts

MongoDB investigates a cyberattack, customer data exposed

Webinars

Trending Sources

Resecurity warns about cyber-attacks on data center service providers

Webinars

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Okta warns of unprecedented scale in credential stuffing attacks on online services

FBI: Compromised US academic credentials available on various cybercrime forums

Data Breach at Britain JD Sports leaks 10 million customers

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

NCSC Report: U.K. neutralized over 600 cyber attacks this year

FBI’s alert warns about using Windows 7 and TeamViewer

Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens

Understanding Features and Vulnerabilities of The Decentralized Finance Attack Surface is Key to Protecting Against Cyber Attacks

Dunkin Donuts Forced to 'Fill Security Holes' in Data Breach Settlement

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

1.8 Million customers of four sports gear sites impacted by credit cards breach

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Cyber Security Roundup for May 2021

Asian media firm E27 hacked, attackers asked for a “donation”

Morgan Stanley discloses data breach after the hack of a third-party vendor

China Says NSA Is Hacking Top Military Research University

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

EnergyAustralia Electricity company discloses security breach

Norway blames China-linked APT31 for 2018 government hack

Caesars Entertainment paid a ransom to avoid stolen data leaks

T-Mobile data breach has impacted 48.6 million customers

Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition

T-Mobile customers were hit with SIM swapping attacks

Hackers breached four prominent underground cybercrime forums

Air India suffered a data breach, 4.5 million customers impacted

Microsoft: Russia-linked SolarWinds hackers breached three new entities

U.S. Bookstore giant Barnes & Noble hit by cyberattack

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Audio equipment maker Bose Corporation discloses a ransomware attack

P&N Bank data breach may have impacted 100,000 West Australians

Experts disclose tens of flaws in Zyxel Cloud CNM SecuManager, includes dangerous backdoors

Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon

University of California Employees, Students, Threatened After Breach

Maastricht University finally paid a 30 bitcoin ransom to crooks

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

Experts confirmed that the networks of the United Nations were hacked earlier this year

Security Affairs newsletter Round 260

Security Affairs newsletter Round 304

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Stay Connected