Security Affairs

FEBRUARY 13, 2024

The data collected unearthed a total of 1771 ransomware claims, with 55 recorded incidents in Italy. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform. Let us now delve into the detailed breakdown of the days.

Ransomware 107

Ransomware Data collection Hacking Cybersecurity 107

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users.

Data collection 137

Data collection Accountability Hacking Software 137

Krebs on Security

AUGUST 26, 2020

Ngo got his treasure trove of consumer data by hacking and social engineering his way into a string of major data brokers. Ngo’s businesses enabled an entire generation of cybercriminals to commit an estimated $1 billion worth of new account fraud , and to sully the credit histories of countless Americans in the process.

Identity Theft 339

Identity Theft Computers and Electronics Hacking Accountability 339

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. “We are reaching out to let you know about a security incident we recently identified and quickly shut down that may have impacted some of your T-Mobile account information.” SecurityAffairs – hacking, T-Mobile).

Data breaches 135

Data breaches Mobile Telecommunications Wireless 135

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. ’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. ” reads the advisory published by the CERT-UA.

Telecommunications 107

Telecommunications Authentication Data collection Passwords 107

Schneier on Security

SEPTEMBER 28, 2020

The Article pays particular attention to EO 12333’s designation of the National Security Agency as primarily responsible for conducting signals intelligence, which includes the installation of malware, the analysis of internet traffic traversing the telecommunications backbone, the hacking of U.S.-based

Surveillance 309

Surveillance Telecommunications Internet Internet 309

Security Affairs

NOVEMBER 15, 2022

“Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. Location data represent the core of the digital advertising business of the IT giant. SecurityAffairs – hacking, privacy). not hidden); and.

Consumer Protection 87

Consumer Protection Accountability Data collection Advertising 87

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering 137

Social Engineering Data collection Media Passwords 137

Security Affairs

DECEMBER 29, 2023

Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud. The author behind Meduza distributed the following notification about the update on multiple underground communities and Telegram group: Attention!

Password Management 127

Password Management Cryptocurrency Passwords Authentication 127

Security Affairs

NOVEMBER 27, 2021

Italy’s antitrust regulator has fined both Apple and Google €10 million each for what it calls are “aggressive” data practices and not providing consumers with clear information on commercial uses of their personal data during the account creation phase. SecurityAffairs – hacking, Apple).

Data collection 87

Data collection Accountability Hacking Information Security 87

Security Boulevard

JANUARY 16, 2024

Put into context, it would make little sense to use a privacy-oriented browser and all the features such a browser may have to offer, but continue to reuse passwords across online accounts. It’s also viable to implement this guide and the cybersecurity one at the same time for simultaneous improvement for your privacy and security!

Accountability 109

Accountability Engineering Passwords Internet 109

The Last Watchdog

MAY 26, 2021

Related: Credential stuffing fuels account takeovers. But, unfortunately, we live in a world of constant hacking attempts and security breaches. Breaches to multiple accounts that share the same or similar passwords. Stolen passwords that can lead to data leaks. We celebrated World Password Day on May 6, 2021.

Passwords 182

Passwords Password Management Accountability Authentication 182

Security Affairs

SEPTEMBER 1, 2023

“In one case, we observed a SapphireStealer sample where the data collected using the previously described process was exfiltrated using the Discord webhook API, a method we previously highlighted here.” The FUD-Loader malware downloader was also published by the same GitHub account. ” continues the report.

Malware 106

Malware Data collection Architecture Hacking 106

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. SecurityAffairs – hacking, Aleksandr Brovko). In some cases, the man manually chacked the stolen information. Pierluigi Paganini.

Accountability 103

Accountability Banking Advertising Data collection 103

Security Affairs

JANUARY 2, 2023

Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information. According to the article, there are two settings responsible for the location data collection, the “Location History” and “Web & App Activity”.

Consumer Protection 91

Consumer Protection Surveillance Data collection Accountability 91

Security Affairs

JANUARY 17, 2021

SecurityAffairs – hacking, newsletter). If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. The post Security Affairs newsletter Round 297 appeared first on Security Affairs.

Banking 81

Banking Data collection Malware Data breaches 81

Security Affairs

APRIL 6, 2023

User personal data for sale. Crooks offers data collected through phishing campaign to the subscribers. Data includes verified online banking credentials, in some cases phishers also provides info on the account balances. ” continues the analysis. ” Phishing-as-a-Service. .

Phishing 92

Phishing Scams Social Engineering Banking 92

Security Affairs

AUGUST 28, 2021

This is an enormous amount of data collected from a few small, not well-known mobile games.” ” On Thursday, the team said that users of the following games were involved in the data leak: Rainbow Story: Fantasy MMORPG, Metamorph M, and Dynasty Heroes: Legends of Samkok. Together, they account for over 1.6

Data breaches 121

Data breaches Mobile Data collection Hacking 121

Security Affairs

NOVEMBER 15, 2022

Avast experts were able to capture several PNG files embedding a data-stealing payload. They pointed out that data collection from victims’ machines using DropBox repository, and attackers use DropBox API for communication with the final stage. They steal data via the DropBox account registered on active Google emails.”

Data collection 90

Data collection Malware Accountability Hacking 90

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived. SecurityAffairs – hacking, newsletter).

Data breaches 67

Data breaches Data collection Ransomware Hacking 67

Security Affairs

SEPTEMBER 5, 2022

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Original post: [link].

Phishing 99

Phishing Accountability Hacking Advertising 99

SecureList

MAY 28, 2024

However, the customer company often gives the service provider quite a lot of access to its systems, including: allocating various systems for conducting operations; issuing accesses for connecting to the infrastructure; creating domain accounts. Many companies resort to using remote management utilities such as AnyDesk or Ammyy Admin.

VPN 79

VPN Accountability Passwords Antivirus 79

Security Affairs

NOVEMBER 16, 2018

Thirteen exchanges were hacked in 2017 and in the first three quarters of 2018, amounting to a total loss of $877 million. The company’s records indicate that dumps account for 62% of data sold, which means that POS Trojans are the main method of compromising plastic cards. Attacks on Crypto. About the author Group-IB.

Cybercrime 84

Cybercrime Hacking Banking Phishing 84

Security Affairs

APRIL 15, 2023

The collected data is sent to the C2 server every two days, but the cycle depends on the remote configuration. The level of data collection depends on the permissions granted to the app using the malicious library.

Data collection 96

Data collection Mobile Malware Education 96

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. Others are fairly opaque about their data collection and retention policies.

VPN 310

VPN Computers and Electronics Antivirus Software 310

Identity IQ

MARCH 2, 2021

If you’re still under the impression that hacking is restricted to hoodie-wearing individuals in darkened rooms, then you might be vastly underestimating the scale the data breach problem. . Last year alone more than 300 million consumers were impacted by data breaches, according to the Identity Theft Resource Center.

Data breaches 98

Data breaches Identity Theft Cybercrime Data collection 98

Security Affairs

OCTOBER 27, 2022

Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days. SecurityAffairs – hacking, ransomware). exe to execute a malicious command. ” concludes the report. . Pierluigi Paganini.

Ransomware 98

Ransomware Malware Data collection Encryption 98

Identity IQ

JANUARY 24, 2024

Be Mindful of Your Online Accounts Your online accounts are key access points to your digital identity. Begin by cleaning up old accounts. Close or delete outdated email addresses, social media accounts, and online services you no longer use. It’s essential to adopt a proactive approach to safeguarding them.

Identity Theft 52

Identity Theft Education Media Accountability 52

Identity IQ

JANUARY 17, 2023

These are generally not considered privacy data, but when coupled with an element like your identity document, it becomes private. Other types of data that you should consider private include: Your bank account number and card details. Login information for online accounts you have. Why Is Data Privacy Important?

Data privacy 98

Data privacy Identity Theft Accountability Banking 98

SecureList

APRIL 5, 2023

As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made. Unlike the free data mentioned above, these have been checked, and even the account balances have been extracted. Phishers use OTP bots to try and hack 2FA. The calls are fully automated.

Phishing 127

Phishing Marketing Scams Accountability 127

Security Affairs

SEPTEMBER 19, 2018

percent of all the data collected, followed by TP-Link that accounted for 9.07%. The Chimay Red hacking tool leverages 2 exploits, the Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. . Security Affairs – IoT devices, hacking ). Pierluigi Paganini.

IoT 81

IoT Passwords Malware Advertising 81

Security Affairs

FEBRUARY 3, 2022

Attackers also used legitimate versions of WinRAR appear for data exfiltration and batch scripts to automate the data collection process. In some cases threat actors staged stolen data for further exfiltration. SecurityAffairs – hacking, APT). ” concludes the report that includes IoCs and Yara Rules.

Manufacturing 91

Manufacturing Malware Data collection Encryption 91

Security Affairs

SEPTEMBER 3, 2019

The data breach impacted 562,000 subscribers, the forum has been taken offline after the incident. We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” New breach: XKCD had 562k accounts breached last month. The xkcd forums are currently offline.

Data breaches 84

Data breaches Passwords Advertising Data collection 84

Security Affairs

JULY 1, 2021

“Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update,” reads the LinkedIn statement. Read more about the April 2021 LinkedIn scrape: Scraped data of 500 million LinkedIn users being sold online.

Data breaches 93

Data breaches Social Engineering Data collection Media 93

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. SecurityAffairs – hacking, ransomware). Opened email lets spy in. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Phishing 104

Phishing Ransomware Spyware Banking 104

Security Affairs

MAY 12, 2021

An example of this can be traced back to June 2019, when an unauthorized user gained access to Quest Diagnostic’s sensitive data through a billing vendor by the name of the American Medical Collection Agency (AMCA). The culprit gained access to sensitive data of 11.9 SecurityAffairs – hacking, user data).

Data collection 87

Data collection Data breaches VPN Risk 87

Malwarebytes

JANUARY 16, 2024

Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky. He was rumored to have hacked into his high school’s computer system, although those rumors were never confirmed.

Malware 90

Malware Passwords Identity Theft Data collection 90