Advertising, Authentication and Hacking

Crooks impersonate brands using search engine advertisement services

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. ” reads the advisory published by the FBI.

Advertising

Advertising Engineering Education Internet

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability

Accountability Hacking Media Mobile

Hackers bypassed vein based authentication with a fake hand

Security Affairs

DECEMBER 30, 2018

A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. If you consider vein based authentication totally secure, you have to know that a group of researchers demonstrated the opposite at the Chaos Communication Congress hacking conference. Pierluigi Paganini.

Authentication

Authentication Advertising Hacking Manufacturing

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability

Accountability Hacking Data breaches Passwords

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. SecurityAffairs – hacking, ShinyHunters). SecurityAffairs – hacking, ShinyHunters). A hacker has shared 3.2

Accountability

Accountability Hacking Data breaches Passwords

Facebook: User shadow data, including phone numbers may be used by advertisers

Security Affairs

SEPTEMBER 29, 2018

The worst suspect is a disconcerting reality, Facebook admitted that advertisers were able to access phone numbers of its users for enhanced security. Researchers from two American universities discovered that that phone numbers given to Facebook for two-factor authentication were also used for advertising purposes.

Advertising

Advertising Authentication Accountability Hacking

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Accountability Passwords

Unacademy hacked, 22 million accounts offered for sale

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability

Accountability Hacking Data breaches Advertising

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Information Security

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Security Affairs

MAY 31, 2020

One vulnerability could allow an authenticated user with subscriber-level and above permissions to update and modify posts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – PageLayer, hacking).

Hacking

Hacking Advertising Authentication Accountability

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. ” Experts noticed the lack of authentication between the backend servers and the “Mercedes me” mobile app, which allows users to remotely control multiple functions of the car.

Hacking

Hacking Advertising Mobile Engineering

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. ZDNet confirmed the authenticity of the leaked data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Accountability

Accountability Hacking Passwords Data breaches

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

Popular OGUsers hacking forum breached for the second time in a year

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking

Hacking Data breaches Advertising Backups

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. Dennis soon learned the unauthorized Gmail address added to his son’s hacked Xbox account also had enabled MFA.

Authentication

Authentication Accountability Passwords Mobile

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Mobile

LineageOS servers hacked, attackers exploited unpatched Salt issues

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online. SecurityAffairs – LineageOS, hacking).

Hacking

Hacking Advertising Authentication Mobile

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

The company confirmed that the an investigation into the hack is still ongoing. The experts found a post advertising information of roughly 3.4 “ CloudSEK ’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 3.4 Pierluigi Paganini.

Hacking

Hacking Data breaches Identity Theft Advertising

OpenBSD addresses authentication bypass, privilege escalation issues

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication

Authentication Advertising Hacking Malware

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication

Authentication Advertising Accountability Hacking

WhatsApp fixes Face ID and Touch ID authentication bypass

Security Affairs

FEBRUARY 22, 2019

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems.

Authentication

Authentication Advertising Media Accountability

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). Pierluigi Paganini.

Hacking

Hacking Accountability Passwords InfoSec

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. SecurityAffairs – unsigned firmware, hacking).

Firmware

Firmware Hacking Authentication Advertising

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Mobile Accountability Passwords

Hacking the ‘Unhackable’ eyeDisk USB stick

Security Affairs

MAY 12, 2019

eyeDisk is a USB stick that uses iris recognition to unlock the drive, it is advertised as the “Unhackable USB Flash Drive,” instead it could reveal the device’s password in plain text. “We develop our own iris recognition algorithm so that no one can hack your USB drive even [if] they have your iris pattern.

Hacking

Hacking Passwords Authentication Advertising

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

Security Affairs

NOVEMBER 27, 2019

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 On Reddit , some users have questioned the authenticity of the hack claim, which is no surprise given how often exchanges will say they have suffered a cyberattack , only to perform an exit scam. . million in cryptocurrency.

Cryptocurrency

Cryptocurrency Hacking Scams Data breaches

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. SecurityAffairs – TalkTalk, hacking).

Hacking

Hacking DNS Cryptocurrency Accountability

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Security Affairs

MAY 25, 2020

.” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Authentication Passwords

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability

Accountability Hacking Advertising Media

WordPress Plugin Facebook Widget affected by authenticated XSS

Security Affairs

JULY 29, 2019

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). Pierluigi Paganini.

Authentication

Authentication Advertising Information Security Hacking

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

MARCH 9, 2019

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. Simply by tampering with parameters, one can update the email address registered to the account without authentication, send a password reset to the modified address (i.e.

Hacking

Hacking Accountability Engineering Advertising

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

Krebs on Security

MARCH 10, 2020

District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations. ” A Google Translate version of that advertisement is here (PDF).

Accountability

Accountability Advertising Hacking Cybercrime

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Security Affairs

OCTOBER 21, 2018

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. It shows how hackers combined the tool to carry out high sophisticated hacking operations. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Energy and Utilities Advertising Authentication

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

Security Affairs

FEBRUARY 17, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WordPress).

Hacking

Hacking Advertising Authentication

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After logging in, the user might see a prompt that looks something like this: These malicious apps allow attackers to bypass multi-factor authentication, because they are approved by the user after that user has already logged in. A cybercriminal service advertising the sale of access to hacked Office365 accounts.

Accountability

Accountability Passwords Advertising Phishing

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. I started hacking a long time ago.

Accountability

Accountability Hacking Advertising Data breaches

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

Security Affairs

MARCH 12, 2020

Security experts describe a real attack case that sees the attackers using a small, unidentified hardware device to hack into the target network. Is it possible to hack into a network using a sort of invisibility cloak? Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The short answer is, YES it is.

Hacking

Hacking Banking Authentication Wireless

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The flaw is an authentication-bypass vulnerability that was introduced in Libssh version 0.6 and above have an authentication bypass vulnerability in the server code.

Hacking

Hacking Authentication Advertising Engineering

A flaw in Microsoft OAuth authentication could lead Azure account takeover

Security Affairs

DECEMBER 3, 2019

The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – OAuth, hacking).

Authentication

Authentication Accountability Social Engineering Advertising

Easy SMS Hijacking

Schneier on Security

MARCH 19, 2021

A wide ecosystem of these companies exist , each advertising their own ability to run text messaging for other businesses. Too many networks use SMS as an authentication mechanism. Once the hacker is able to reroute a target’s text messages, it can then be trivial to hack into other accounts associated with that phone number.

Authentication

Authentication Accountability Mobile Advertising

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week FTC charged Avast with selling users’ browsing data to advertising companies (..)

Spyware

Spyware Cyber Insurance Hacking Advertising

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Security Affairs

SEPTEMBER 25, 2020

According to SAM Seamless Network , over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the warning.

VPN

VPN Hacking IoT Advertising

Crooks impersonate brands using search engine advertisement services

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Trending Sources

Hackers bypassed vein based authentication with a fake hand

4 Million Quidd account details shared on hacking forums

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Facebook: User shadow data, including phone numbers may be used by advertisers

Alleged Activision hack, 500,000 Call Of Duty players impacted

Unacademy hacked, 22 million accounts offered for sale

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Popular OGUsers hacking forum breached for the second time in a year

Turn on MFA Before Crooks Do It For You

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

LineageOS servers hacked, attackers exploited unpatched Salt issues

3.4 Million user records from LiveAuctioneers hack available for sale

OpenBSD addresses authentication bypass, privilege escalation issues

Flaw allowing identity spoofing affects authentication based on German eID cards

WhatsApp fixes Face ID and Touch ID authentication bypass

HP Device Manager flaws expose Windows systems to hack

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

A flaw in India Digilocker could?ve been exploited to bypass authentication

Hacking the ‘Unhackable’ eyeDisk USB stick

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

FC Barcelona and the International Olympic Committee Twitter accounts hacked

WordPress Plugin Facebook Widget affected by authenticated XSS

Vulnerabilities in car alarm systems exposed 3 million cars to hack

FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

Malicious Office 365 Apps Are the Ultimate Insiders

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Hacking a network, using an ‘invisibility cloak’ – Is it that simple?

Thousands of servers easy to hack due to a LibSSH Flaw

A flaw in Microsoft OAuth authentication could lead Azure account takeover

Easy SMS Hijacking

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Fortinet VPN with default certificate exposes 200,000 businesses to hack

Stay Connected