Advertising, Authentication, Information Security and Passwords

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. Multi-Factor Authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. ” The flaw could allow unauthorized third-party access to the router with admin privileges without proper authentication. .” ” continues the post. ” the expert concludes.

Passwords

Passwords Advertising Firmware Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email! Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Data breaches Advertising

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. The flaw, tracked as CVE-2019-14684, could allow an authenticated attacker to run with SYSTEM privileges an arbitrary, unsigned DLL file within a trusted process. . Another researcher, Tr?n

Password Management

Password Management Passwords Advertising Authentication

Twitter Fined $150 Million for Misuse of 2FA User Data

SecureWorld News

MAY 26, 2022

Federal Trade Commission (FTC) and the Department of Justice (DOJ) charged Twitter with a $150 million penalty for " deceptively using account security data for targeted advertising.". Social media companies that are not honest with consumers about how their personal information is being used will be held accountable.".

Advertising

Advertising Media Accountability Account Security

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Surveillance

Surveillance Manufacturing Passwords Internet

Hackers are using Zerologon exploits in attacks in the wild

Security Affairs

SEPTEMBER 24, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Security Intelligence

Security Intelligence Authentication Advertising Passwords

Hackers exploit SQL injection zero-day issue in Sophos firewall

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Passwords Accountability Advertising

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability

Accountability Hacking Data breaches Passwords

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Security Affairs

FEBRUARY 10, 2022

The FBI recommends individuals take the following precautions: Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums. Do not provide your mobile number account information over the phone to representatives that request your account password or pin.

Mobile

Mobile Cryptocurrency Authentication Accountability

Zerologon attack lets hackers to completely compromise a Windows domain

Security Affairs

SEPTEMBER 14, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. This can then be used to obtain domain admin credentials and then restore the original DC password.”

Authentication

Authentication Passwords Advertising Architecture

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mobile Advertising Authentication

RDP brute-force attacks rocketed since beginning of COVID-19

Security Affairs

APRIL 30, 2020

. “Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet” Attackers attempt to brute-force the username and password used to protect RDP access to systems exposed online, they can use combinations of random characters or leverage dictionary of most popular passwords.

Passwords

Passwords Advertising VPN Authentication

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

.” According to the company, attackers accessed personal details of the users, including names, email addresses, mailing addresses, phone numbers, and also encrypted passwords. In response to the incident, the bidding portal has forced a password reset for all users’ accounts, both bidder and auctioneer ones. The post 3.4

Hacking

Hacking Data breaches Identity Theft Advertising

Statc Stealer, a new sophisticated info-stealing malware

Security Affairs

AUGUST 10, 2023

The malicious code also targets cryptocurrency wallets and can capture credentials, passwords, and even data from messaging apps like Telegram. The infection chain starts when victims are tricked into clicking on an ads that appears like an authentic Google advertisement. The user inadvertently downloads the Initial Sample file.

Malware

Malware Encryption Advertising Cryptocurrency

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

Security Affairs

SEPTEMBER 23, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. “An Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Vendors supporting Samba 4.7

Authentication

Authentication Advertising Architecture Passwords

267 Million Facebook identities available for 500 euros on the dark web

Security Affairs

APRIL 20, 2020

Over 267 million Facebook profiles are offered for sale on dark web sites and hacker forums, the dump is offered for £500 ($623) and doesn’t include passwords. Hackers are offering for sale over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums, the archive doesn’t include passwords.

Data breaches

Data breaches Passwords Advertising Phishing

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

Security Affairs

NOVEMBER 15, 2020

Pluto TV is an American internet television service, it is an advertiser-supported video on demand (AVOD) service that primarily offers a selection of programming content through digital linear channels designed to emulate the experience of traditional broadcast programming. A hacker has shared 3.2

Accountability

Accountability Hacking Data breaches Passwords

UberEats data leaked on the dark web

Security Affairs

AUGUST 4, 2020

Cyble researchers provided the following recommendations: Never share personal information, including financial information over the phone, email or SMSs Use strong passwords and enforce multi-factor authentication where possible Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.

Banking

Banking Data breaches Mobile Advertising

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

Scams

Scams Advertising Accountability Phishing

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

AvosLocker operators already advertised in the past a Linux variant, dubbed AvosLinux, of their malware claiming it was able to support Linux and ESXi servers. Regularly back up data, password protect backup copies offline. Use multifactor authentication where possible. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

The researcher said he informed the USPS about his finding more than a year ago yet never received a response. A USPS brochure advertising the features and benefits of Informed Visibility. “This is not even Information Security 101, this is Information Security 1, which is to implement access control,” Weaver said.

Accountability

Accountability Authentication Identity Theft Advertising

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Security Affairs

JANUARY 25, 2020

Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting. reads the security advisory published by Cisco. “An Pierluigi Paganini. SecurityAffairs – Webex, hacking).

Mobile

Mobile Passwords Advertising Authentication

ShinyHunters leaked over 386 million user records from 18 companies

Security Affairs

JULY 28, 2020

BleepingComputer verified the authenticity of some of the exposed data and published the full list of the 18 archives leaked by the threat actor: Company User Records Reported Breach Date Known? The huge trove of data contains over 386 million user records, but only some of them included the user’s password. Appen.com 5.8

Passwords

Passwords Advertising Education Banking

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Authentication

Authentication Advertising Architecture Cybercrime

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Security Affairs

SEPTEMBER 23, 2020

“Fitness chain Town Sports International has exposed 600,000 records of members and employees on the web without a password or any other authentication required to access it, Comparitech researchers report.” ” The expert confirmed that the database did not contain financial data or account passwords. .”

Data breaches

Data breaches Phishing Passwords Advertising

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Security Affairs

MARCH 10, 2020

The Russian man also advertised the platform on other hacking forums. Individuals can also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. Social Security Numbers, dates of birth, and victim addresses.

Accountability

Accountability Advertising Passwords Hacking

Expert found multiple critical issues in MoFi routers

Security Affairs

SEPTEMBER 8, 2020

“The authentication function contains undocumented code which provides the ability to authenticate as root without having to know the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.” ” reads the advisory published by the expert.

Firmware

Firmware Wireless Authentication Advertising

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

JULY 13, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mobile

Mobile InfoSec Data breaches Advertising

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Change your Activision account passwords and add 2FA immediately. Activision accounts are apparently being leaked so change your password, although that might not even help because they're apparently generating 1,000 accounts every 10 minutes. Players are recommended to change their account passwords as soon as possible.

Hacking

Hacking Data breaches Accountability Passwords

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

JANUARY 27, 2020

An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor.” reads the security advisory. While the user’s shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds.”. The unencrypted key is also stored inside the FortiSIEM image.

Advertising

Advertising Firmware Authentication Passwords

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Malware-as-a-Service (MaaS) was advertised on a Dark Web forum by a Russian-speaking threat actor.

Malware

Malware Password Management Authentication Passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Security Affairs

JANUARY 4, 2024

RPKI adds a layer of security to BGP by cryptographically binding IP address prefixes to the entities that hold the legitimate right to advertise them. “We encourage account holders to please update their passwords and enable multi-factor authentication for their accounts.

Internet

Internet Internet Accountability Passwords

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Hackers published a list of allegedly phished Discord login credentials

Security Affairs

JULY 22, 2019

Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform.

Phishing

Phishing Data breaches Passwords Advertising

DHS CISA orders federal agencies to fix Zerologon flaw by Monday

Security Affairs

SEPTEMBER 20, 2020

The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. This can then be used to obtain domain admin credentials and then restore the original DC password.”

Authentication

Authentication Passwords Advertising Government

Expert releases Metasploit modules for Cisco UCS flaws

Security Affairs

AUGUST 29, 2019

. “Due to several coding errors, it is possible for an unauthenticated remote attacker with no privileges to bypass authentication and abuse a password change function to inject arbitrary commands and execute code as root. ” reads the security advisory published by Cisco. ” wrote the expert. Pierluigi Paganini.

Big data

Big data Authentication Passwords Accountability

CISA’s advisory warns of notable increase in LokiBot malware

Security Affairs

SEPTEMBER 22, 2020

The malware is able to steal sensitive information (a variety of credentials, including FTP credentials, stored email passwords, passwords stored in the browser, as well as a whole host of other credentials) . If these services are required, use strong passwords or Active Directory authentication.

Malware

Malware Passwords Advertising Antivirus

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

AiTM phishing allows threat actors to circumvent multifactor authentication (MFA) through reverse-proxy functionality. The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. ” Microsoft said.

Phishing

Phishing Cybercrime Authentication Mobile

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Security Affairs

DECEMBER 11, 2019

Penetration testing firm Fidus Information Security discovered over 752,000 birth certificate applications that have been exposed online due to an unsecured AWS bucket. . “The bucket wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.”

Penetration Testing

Penetration Testing Advertising Authentication Passwords

Data of 21 million Mixcloud users available for sale on the dark web

Security Affairs

DECEMBER 1, 2019

The hacker access to users’ data, including usernames , email addresses, SHA-2 hashed passwords, account sign-up dates and country, the last-login date, the internet (IP) address, and links to profile photos. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”

Data breaches

Data breaches Passwords Advertising Hacking

TeamViewer flaw can allow hackers to steal System password

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Webinars

Trending Sources

TP-Link Archer routers allow remote takeover without passwords

Webinars

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Poloniex forces password reset following a data leak

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Twitter Fined $150 Million for Misuse of 2FA User Data

3.5m IP cameras exposed, with US in the lead

Hackers are using Zerologon exploits in attacks in the wild

Hackers exploit SQL injection zero-day issue in Sophos firewall

4 Million Quidd account details shared on hacking forums

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

Zerologon attack lets hackers to completely compromise a Windows domain

230k+ Indonesian COVID-19 patients’ records for sale in the Darkweb

RDP brute-force attacks rocketed since beginning of COVID-19

3.4 Million user records from LiveAuctioneers hack available for sale

Statc Stealer, a new sophisticated info-stealing malware

Samba addresses the CVE-2020-1472 Zerologon Vulnerability

267 Million Facebook identities available for 500 euros on the dark web

ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

UberEats data leaked on the dark web

‘Land Lordz’ Service Powers Airbnb Scams

Avoslocker ransomware gang targets US critical infrastructure

USPS Site Exposed Data on 60 Million Users

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

ShinyHunters leaked over 386 million user records from 18 companies

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Data for 600K customers of U.S. fitness chains Town Sports leaked online

FBI arrested a Russian citizen suspected to be the mastermind of Deer.io

Expert found multiple critical issues in MoFi routers

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Alleged Activision hack, 500,000 Call Of Duty players impacted

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Erbium info-stealing malware, a new option in the threat landscape

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Hackers published a list of allegedly phished Discord login credentials

DHS CISA orders federal agencies to fix Zerologon flaw by Monday

Expert releases Metasploit modules for Cisco UCS flaws

CISA’s advisory warns of notable increase in LokiBot malware

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Unsecured AWS bucket exposes over 750,000 birth certificate applications

Data of 21 million Mixcloud users available for sale on the dark web

Stay Connected