Advertising, Authentication and Information Security

Crooks impersonate brands using search engine advertisement services

Security Affairs

DECEMBER 26, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users. The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. ” reads the advisory published by the FBI.

Advertising

Advertising Engineering Education Internet

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Meanwhile, any hacker viewing the information will see random bits of text with no apparent meaning. Password Protection & Authentication. Apple’s iPhone X, for instance, uses a feature called Face ID, which scans your facial features with infrared sensors and turns that information into a password. Pierluigi Paganini.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

OpenBSD addresses authentication bypass, privilege escalation issues

Security Affairs

DECEMBER 5, 2019

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs.

Authentication

Authentication Advertising Hacking Malware

WordPress Plugin Facebook Widget affected by authenticated XSS

Security Affairs

JULY 29, 2019

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). Pierluigi Paganini.

Authentication

Authentication Advertising Information Security Hacking

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.".

Advertising

Advertising Media Accountability Account Security

Twitter allows users to use 2FA without a phone number

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication

Authentication Mobile Advertising Accountability

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

The researcher said he informed the USPS about his finding more than a year ago yet never received a response. A USPS brochure advertising the features and benefits of Informed Visibility. “This is not even Information Security 101, this is Information Security 1, which is to implement access control,” Weaver said.

Accountability

Accountability Authentication Identity Theft Advertising

A database containing data of 5.4 million Twitter accounts available for sale

Security Affairs

JULY 24, 2022

“The vulnerability allows any party without any authentication to obtain a twitter ID (which is almost equal to getting the username of an account) of any user by submitting a phone number/email even though the user has prohibitted this action in the privacy settings. The seller also shared a sample of data in the form of a csv file.

Accountability

Accountability Advertising Authentication Hacking

Microsoft failed to fix LSASS elevation of privilege flaw

Security Affairs

AUGUST 13, 2020

Google Project Zero researcher who discovered the elevation of privilege flaw ( CVE-2020-1509 ) in the Windows Local Security Authority Subsystem Service (LSASS) warn that Microsoft did not properly address it. “If the target is a proxy then the authentication process is allowed, even if the Enterprise Auth Cap is not specified.

Authentication

Authentication Advertising Hacking Information Security

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Security Affairs

JULY 31, 2020

One of the most security issues is a critical authentication bypass vulnerability, tracked as CVE-2020-3382. The vulnerability can allow a remote, unauthenticated attacker to bypass authentication and perform actions with admin privileges on the vulnerable device. ” reads the security advisory. Pierluigi Paganini.

Authentication

Authentication Advertising Software Encryption

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

Scams

Scams Advertising Accountability Phishing

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Authentication

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

The expert discovered that the issue could allow an attacker to force the software to relay an NTLM authentication request to the attacker’s system. This means that the SMB authentication process will leak the system’s username, and NTLMv2 hashed version of the password to the attackers. “An Pierluigi Paganini.

Passwords

Passwords Authentication Advertising Software

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Vendors supporting Samba 4.7

Authentication

Authentication Advertising Architecture Passwords

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs. An attempted attack requires user authentication.” The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”. An attempted attack requires user authentication.”

Authentication

Authentication Advertising Antivirus Cybercrime

Cisco fixes 5 critical flaws that could allow router firewall takeover

Security Affairs

JULY 16, 2020

Cisco addresses a critical remote code execution (RCE), authentication bypass, and static default credential flaws that could lead to full router takeover. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firewall

Firewall Small Business Wireless Authentication

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

But they have more disadvantages than benefits if we talk about ensuring information security. G-71 created the state-of-the-art information security solution LeaksID to protect private and corporate documents from illegal access, complementing DLP systems. Yes, they are cheap to apply. They can be dynamic.

Marketing

Marketing Software Surveillance Cyber threats

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., However, Cleafy’s Threat Intelligence & Response Team reported having detected the first Nexus infections in June 2022, months before the MaaS was publicly advertised.

Banking

Banking Cryptocurrency Malware Advertising

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Apple created post-quantum cryptographic protocol PQ3 for iMessage Russian hacker is set to face trial for the hack of a local power grid Microsoft released red teaming tool PyRIT for Generative AI CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week FTC charged Avast with selling users’ browsing data to advertising companies (..)

Spyware

Spyware Cyber Insurance Hacking Advertising

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Security Affairs

NOVEMBER 4, 2020

The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user. “The vulnerability is due to a lack of authentication to the IPC listener. . Pierluigi Paganini.

Mobile

Mobile Authentication Advertising Software

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement. Below is the attack chain described by the researchers: A user is tricked into clicking on a malicious link somewhere on their Google Chrome browser (typically an advertisement).

Malware

Malware Encryption Advertising Cryptocurrency

Palo Alto Networks addresses tens of serious issues in PAN-OS

Security Affairs

MAY 15, 2020

One of the most severe vulnerabilities, tracked as CVE-2020-2018 , is an authentication bypass vulnerability in the Panorama context switching feature. This vulnerability does not impact Panorama configured with custom certificates authentication for communication between Panorama and managed devices. The issue received a CVSSv3.1

Firewall

Firewall Authentication Advertising VPN

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Security Affairs

FEBRUARY 21, 2020

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. “vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. ” continues the advisory. x on Windows.

Authentication

Authentication Telecommunications Advertising Hacking

Cisco fixes critical issue in Cisco Firepower Management Center

Security Affairs

JANUARY 24, 2020

Cisco addressed a critical issue in the Cisco Firepower Management Center (FMC) that could allow a remote attacker to bypass authentication and execute arbitrary actions. ” reads the security advisory published by Cisco. The External Authentication Object must be enabled for the FMC to be affected.” Iran, hacking).

Authentication

Authentication Advertising Software Hacking

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

The vulnerability is a post-authentication command injection issue and impacts Nighthawk (R7800) routers running firmware prior to version 1.0.2.60. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

. “This rising threat combines sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, in response to the growing adoption of multifactor authentication by organizations.” EvilProxy actors use Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim’s session.

Accountability

Accountability Phishing Authentication Architecture

New Cisco Webex Meetings flaw allows attackers to impersonate users

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information.

Authentication

Authentication Advertising Accountability Hacking

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Cyble researchers provided the following recommendations: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Banking

Banking Data breaches Mobile Advertising

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Security Affairs

JUNE 29, 2020

Palo Alto Networks addressed a critical flaw in the PAN-OS of its next-generation firewalls that could allow attackers to bypass authentication. OS ) that powers its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. x base score of 10. . x base score of 10. Pierluigi Paganini.

Firewall

Firewall Authentication VPN Advertising

Experts demonstrate the PIN is useless in EMV contactless transactions

Security Affairs

AUGUST 29, 2020

Authentication to the terminal: All transactions accepted by the terminal are authenticated by the card and, if authorized online, the bank. Authentication to the bank: All the transactions accepted by the bank are authenticated by the card and the terminal. Pierluigi Paganini. SecurityAffairs – hacking, EMV).

Banking

Banking Computers and Electronics Authentication Mobile

Details of millions of U.S. Voters leaked to Russia’s Dark Web forum

Security Affairs

SEPTEMBER 1, 2020

According to the Russian newspaper, a user that goes online with the moniker “Gorka9” advertised free access to the personal information of 7.6 “In her opinion, judging by the completeness of the information, the state system became its source. million voters in Michigan in an unnamed discussion forum.

Advertising

Advertising Authentication Information Security Software

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Security Affairs

SEPTEMBER 2, 2020

An attacker can exploit the vulnerability to execute arbitrary code on servers running a website using the Magmi Magento plugin, he could trigger the flaw by tricking authenticated administrators into clicking a malicious link. “ CVE-2020-5777 is an authentication bypass vulnerability in MAGMI for Magento version 0.7.23

Authentication

Authentication Advertising Passwords Hacking

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

AiTM phishing allows threat actors to circumvent multifactor authentication (MFA) through reverse-proxy functionality. Microsoft is currently tracking a threat actor dubbed DEV-1101 who is providing development, support, and advertising of several AiTM phishing kits that are available for sale or rent in the cybercrime underground.

Phishing

Phishing Cybercrime Authentication Mobile

Cisco addresses 17 high-severity flaws in security appliances

Security Affairs

OCTOBER 22, 2020

The list of addressed vulnerabilities includes denial-of-service (DoS), CSRF, FMC authentication bypass, and MitM issues. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – hacking).

Advertising

Advertising Software Authentication Hacking

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Security Affairs

MAY 20, 2020

The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code. ” reads the security advisory published by VMware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Advertising Hacking Risk

Expert discloses 4 zero-days in IBM Data Risk Manager

Security Affairs

APRIL 21, 2020

A security researcher disclosed details of four zero-day flaws impacting an IBM security product after the IT giant refused to address them. The IBM Data Risk Manager manages credentials to access other security tools used in the enterprise and information about security vulnerabilities that affect the organizations.

Risk

Risk Authentication InfoSec Advertising

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Security Affairs

DECEMBER 11, 2019

Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. . The applications dated back to late-2017, TechCrunch verified the authenticity of the data.

Penetration Testing

Penetration Testing Advertising Authentication Passwords

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI recommends individuals take the following precautions: Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Mobile

Mobile Cryptocurrency Authentication Accountability

Hackers are targeting recently patched WebLogic security vulnerability

Security Affairs

MAY 1, 2020

The company is urging its customers to install the latest security updates released on April 14. “This Critical Patch Update contains 9 new security patches for the Oracle Database Server. Authentication is not required to exploit this vulnerability.” ” reads the advisory published by Oracle.

Authentication

Authentication Advertising Hacking Cybersecurity

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. published a detailed analysis of the flaw.

Authentication

Authentication Passwords Advertising Architecture

Crooks impersonate brands using search engine advertisement services

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Trending Sources

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

OpenBSD addresses authentication bypass, privilege escalation issues

WordPress Plugin Facebook Widget affected by authenticated XSS

Twitter Fined $150 Million for Misuse of 2FA User Data

Twitter allows users to use 2FA without a phone number

USPS Site Exposed Data on 60 Million Users

A database containing data of 5.4 million Twitter accounts available for sale

Microsoft failed to fix LSASS elevation of privilege flaw

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Hackers are using Zerologon exploits in attacks in the wild

‘Land Lordz’ Service Powers Airbnb Scams

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

TeamViewer flaw can allow hackers to steal System password

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Trend Micro addresses two issues exploited by hackers in the wild

Cisco fixes 5 critical flaws that could allow router firewall takeover

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed

Statc Stealer, a new sophisticated info-stealing malware

Palo Alto Networks addresses tens of serious issues in PAN-OS

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Cisco fixes critical issue in Cisco Firepower Management Center

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

EvilProxy used in massive cloud account takeover scheme

New Cisco Webex Meetings flaw allows attackers to impersonate users

UberEats data leaked on the dark web

Palo Alto Networks fixes a critical flaw in firewall PAN-OS

Experts demonstrate the PIN is useless in EMV contactless transactions

Details of millions of U.S. Voters leaked to Russia’s Dark Web forum

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Cisco addresses 17 high-severity flaws in security appliances

VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director

Expert discloses 4 zero-days in IBM Data Risk Manager

Unsecured AWS bucket exposes over 750,000 birth certificate applications

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Hackers are targeting recently patched WebLogic security vulnerability

Zerologon attack lets hackers to completely compromise a Windows domain

Stay Connected