Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Scams 105

Scams Cryptocurrency Accountability Hacking 105

Krebs on Security

FEBRUARY 4, 2021

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales. THE MIDDLEMEN.

Accountability 296

Accountability Hacking Media Mobile 296

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. of the the targeted accounts were compromised.

Passwords 105

Passwords Accountability Authentication Hacking 105

SecureWorld News

JANUARY 24, 2024

On January 9, during a period of heightened anticipation surrounding the potential approval of Bitcoin exchange-traded funds (ETFs), an unauthorized post appeared on the SEC's X account claiming the approval had been granted. This triggered a surge in Bitcoin's price before the SEC quickly debunked the post and attributed it to a hack.

Accountability 93

Accountability Hacking Government Mobile 93

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were compromised in a new wave of credential stuffing attacks. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. ” reads the press release published by the company.

Accountability 106

Accountability Passwords Data breaches Authentication 106

Krebs on Security

MAY 18, 2019

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

Accountability 225

Accountability Hacking Backups Passwords 225

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 338

Passwords Accountability Hacking Password Management 338

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Threat actors exploited reused passwords obtained from third-party websites.

Accountability 103

Accountability Passwords Data breaches Hacking 103

Security Affairs

JANUARY 13, 2023

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks.

Password Management 90

Password Management Passwords Accountability Data breaches 90

Malwarebytes

FEBRUARY 27, 2024

For the most popular operating system in the world—which is Android and it isn’t even a contest —there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker.

Banking 144

Banking Passwords Accountability Malware 144

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 92

Accountability Scams Hacking Cryptocurrency 92

Security Affairs

FEBRUARY 29, 2024

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. Use this code to log in/reset the FB account password for the user account.”

Accountability 145

Accountability Passwords Hacking Information Security 145

Bleeping Computer

MARCH 6, 2024

Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [.]

Accountability 92

Accountability Retail Hacking Passwords 92

The Hacker News

JANUARY 10, 2024

The compromise of Mandiant's X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group.

Accountability 83

Accountability Hacking Authentication Passwords 83

Bleeping Computer

JANUARY 10, 2024

Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [.]

Accountability 105

Accountability Hacking Passwords Cybersecurity 105

Bleeping Computer

DECEMBER 22, 2022

​Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. [.].

Accountability 101

Accountability Hacking Authentication Passwords 101

Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Cybercrime 363

Cybercrime Hacking Passwords Accountability 363

Krebs on Security

DECEMBER 19, 2022

men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. conspired to hack into Yahoo email accounts belonging to victims in the United States.

Hacking 282

Hacking Passwords Media Identity Theft 282

Security Affairs

JANUARY 24, 2024

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction. prior to 16.1.6,

Accountability 127

Accountability Passwords Internet Internet 127

Heimadal Security

FEBRUARY 11, 2022

My email account has been hacked. Well, having your email account cracked could pose a serious problem given that your photos, contracts, invoices, tax forms, reset passwords for every other account, and sometimes even passwords or credit card PINs are all saved there. How much trouble am I in?

Accountability 104

Accountability Hacking Passwords Education 104

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Hacking 282

Hacking Cybercrime Authentication Passwords 282

Graham Cluley

JANUARY 11, 2024

Anyone who works in computer security knows that they should have two-factor authentication (2FA) enabled on their accounts. A hacker might be able to guess, steal, or brute force the password on your accounts - but they won't be able to gain access unless they also have a time-based one-time password.

Accountability 90

Accountability Passwords Hacking Authentication 90

CyberSecurity Insiders

MARCH 17, 2021

Media has been trying its best to create awareness among online users about the need to go for passwords that are difficult to guess or hack. Despite that, most users are seen indulging in a pursuit of using the same password on multiple platforms and that too which is easy to guess for hackers through password spray cyber attacks.

Passwords 103

Passwords Hacking Password Management Cyber Attacks 103

Schneier on Security

JULY 2, 2021

The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers.

Hacking 360

Hacking Passwords Malware Accountability 360

Hot for Security

JUNE 8, 2021

The most extensive data leak collection to date, dubbed ‘RockYou2021’, was dumped on popular hacking forums earlier this month. billion password entries, presumably obtained from previous data leaks and breaches. Cybercriminals can use the database to conduct password-spraying or brute force attacks. “Its 3.2

Passwords 145

Passwords Accountability Password Management Internet 145

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management 98

Password Management Passwords Accountability Phishing 98

Security Affairs

OCTOBER 18, 2023

A vulnerability in Synology DiskStation Manager ( DSM ) could be exploited to decipher an administrator’s password. The issue resides in the insecure Javascript Math.random() function that is used to generate the administrator’s password for the NAS device. ” reads the advisory published by the company.

Accountability 119

Accountability Passwords Hacking Internet 119

Security Affairs

JANUARY 13, 2024

GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. prior to 16.1.6, prior to 16.2.9, prior to 16.3.7,

Accountability 113

Accountability Passwords Hacking Information Security 113

Security Affairs

MARCH 2, 2023

Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers. The popular data breach notification service HaveIBeenPwned reported that the hack took place in December and impacted 565k user accounts, it also added that 83% of the records were already in HIBP database.

Accountability 82

Accountability Hacking Data breaches Passwords 82

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Related: Credential stuffing fuels account takeovers. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Password overhaul.

Passwords 182

Passwords Password Management Accountability Authentication 182

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. One threat actor responded to the post stating that he has already cracked, or decrypted, nearly a million password hashes.”

Accountability 137

Accountability Hacking Data breaches Passwords 137

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 342

Passwords Accountability Engineering Phishing 342

Krebs on Security

MARCH 10, 2020

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. also is a favored marketplace for people involved in selling phony social media accounts.

Accountability 293

Accountability Advertising Hacking Cybercrime 293

Graham Cluley

MARCH 13, 2024

Streaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches. Read more in my article on the Hot for Security blog.

Data breaches 110

Data breaches Accountability Hacking Passwords 110

Adam Levin

DECEMBER 30, 2020

In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.”. The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT 300

IoT Hacking Internet Internet 300

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. “This guy had access to the notes, and knew the number to call,” to make changes to the account, the CEO of Escrow.com told KrebsOnSecurity.

Hacking 260

Hacking Social Engineering Phishing Scams 260

Security Affairs

AUGUST 17, 2020

The Treasury Board of Canada Secretariat confirmed that thousands of user accounts for online Canadian government services were recently hacked. According to a press release issued by the Treasury Board of Canada Secretariat, thousands of user accounts for online government services were recently hacked.

Government 131

Government Accountability Hacking Advertising 131