Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Hacking 130

Hacking Data breaches Passwords Accountability 130

Krebs on Security

JUNE 28, 2019

says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors. As it happened, the PCM employee was not using multi-factor authentication.

Authentication 226

Authentication Accountability Data breaches Software 226

Malwarebytes

JANUARY 6, 2022

Two-factor authentication (2FA) has been around for a while now and for the majority of tech users in the US and UK , it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of their online lives.

Phishing 119

Phishing Authentication Accountability Data breaches 119

Hacker Combat

SEPTEMBER 28, 2022

Two Samsung customers, who are being represented by Clarkson Law Firm, have launched a class action lawsuit against the electronics maker for the two data breaches it had in 2022. A hack that targeted Samsung in July 2022 led to the compromise of US consumers’ personal information.

Data breaches 73

Data breaches Identity Theft Phishing Authentication 73

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 91

Phishing Social Engineering Authentication Engineering 91

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 115

Phishing Data breaches Cryptocurrency Social Engineering 115

Security Affairs

NOVEMBER 25, 2021

Recently disclosed data breach impacted several of its brands, including Domain Factory, Heart Internet, Host Europe, Media Temple, tsoHost and 123Reg. Recently GoDaddy has disclosed a data breach that impacted up to 1.2 million of its customers, threat actors breached the company’s Managed WordPress hosting environment.

Data breaches 86

Data breaches Passwords Media Internet 86

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. APP-BASED AUTHENTICATION. “We point this out to encourage everyone here to move to token-based 2FA.”

Authentication 195

Authentication Mobile Passwords Accountability 195

SecureWorld News

JANUARY 6, 2023

Recent reports indicate that a dataset containing the email addresses of approximately 200 million Twitter users was posted to a popular hacking forum for free. The database contains 235,000,000 unique records of Twitter users and their email addresses and will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.

Data breaches 85

Data breaches Accountability Cyber threats Hacking 85

Identity IQ

NOVEMBER 1, 2021

A hospital in Worcester, Massachusetts, disclosed an email hack of its employee email system, which may have exposed the personal information of thousands of patients. Earlier this month, UMass Memorial Health alerted patients who were affected by the hospital data breach. How to Protect Yourself After a Hospital Data Breach.

Data breaches 98

Data breaches Identity Theft Insurance Passwords 98

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The phishing email, marked by Google as safe, was delivered to more than 16,000 users’ addresses. Pierluigi Paganini.

Phishing 97

Phishing Scams Social Engineering Password Management 97

Duo's Security Blog

MARCH 2, 2022

Multi-factor authentication is one of the best ways to thwart bad actors using stolen credentials — but it’s not foolproof. Year after year, the Verizon Data Breach Report highlights the fact that compromised credentials contribute to the majority of breaches — and MFA remains the strongest mechanism to deter the use of stolen passwords.

Authentication 99

Authentication Phishing DNS Passwords 99

Malwarebytes

DECEMBER 19, 2023

has released more information on a recent breach. In a data breach notification , the company didn’t say what type of cyberattack caused the compromise of customer data, calling it a rather non-descriptive “External system breach (hacking).” million homeowners may be affected by the data breach.

Data breaches 116

Data breaches Identity Theft Passwords Phishing 116

Malwarebytes

APRIL 16, 2024

million records to a hacker forum, claiming they originated from a March 2024 hack at Canadian retail chain Giant Tiger. Protecting yourself from a data breach There are some actions you can take if you are, or suspect you may have been, the victim of a data breach. Enable two-factor authentication (2FA).

Retail 114

Retail Data breaches Passwords Phishing 114

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Boulevard

JUNE 26, 2023

Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing , social engineering , or ransomware attacks. The end result of these types of cyber attacks are often highly public and damaging data breaches.

Data breaches 52

Data breaches Healthcare Telecommunications Financial Services 52

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 87

Spyware Data breaches Hacking Ransomware 87

SecureWorld News

FEBRUARY 23, 2023

The news was first reported by cybersecurity and malware research group vx-underground, which posted screenshots of data purportedly stolen from the company. Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish.

Hacking 82

Hacking Phishing Data breaches Information Security 82

Security Affairs

DECEMBER 16, 2022

Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. SecurityAffairs – hacking, phishing).

Hacking 81

Hacking Phishing Accountability Authentication 81

Malwarebytes

OCTOBER 15, 2023

According to BleepingComputer , a cybercriminal claiming responsibility for the attack is selling the stolen database on a well-known hacking forum. image courtesy of BleepingComputer In the message, the cybercriminal says IP connection logs were also stolen in the breach in addition to the other data mentioned by Shadow.

Data breaches 101

Data breaches Passwords Phishing Social Engineering 101

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Social Engineering 318

Social Engineering Mobile Cybercrime Passwords 318

Security Affairs

DECEMBER 17, 2023

.” At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.” ” The US firm urges customers to be vigilant for social engineering and phishing attacks. The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.

Social Engineering 117

Social Engineering Data breaches Cyber Attacks Accountability 117

Malwarebytes

JULY 25, 2022

This compromise, posted to a hacking forum, is said to include both the database and around 460 MB of compressed source code from Neopets.com. Data claimed to have been taken includes: Usernames Names Email address Date of birth Zip code Date of Birth Gender Country Registration email.

Data breaches 75

Data breaches Accountability Passwords Password Management 75

SecureWorld News

JANUARY 20, 2023

APIs are used by web services to enable online apps and/or external partners to retrieve internal data, typically utilizing some type of authentication tokens. "In T-Mobile did not reveal exactly how the threat actor accessed and exploited its API, but clearly they found a week link in the ID authentication process.

Mobile 84

Mobile Hacking Data breaches Authentication 84

Troy Hunt

JANUARY 8, 2019

Regular readers will appreciate the mechanics of this already but all those who I point here for whom this is new, this attack simply takes exposed credentials from a data breach and tries them on another site. Or they entered it into a phishing site somewhere.

Hacking 224

Hacking Passwords Accountability Data breaches 224

Security Affairs

JULY 14, 2020

Auctions platform LiveAuctioneers admitted to have suffered a data breach that likely impacted approximately 3.4 Auctions platform LiveAuctioneers disclosed a a data breach that might have impacted approximately 3.4 ” reads the data breach notification published by the company. million users.

Hacking 99

Hacking Data breaches Identity Theft Advertising 99

SiteLock

AUGUST 27, 2021

Some crafty phishing email examples are those emails from your mom, your bank or your boss that require a prompt response… especially the ones from your boss (sorry mom). These phishing email examples may seem a little far-fetched, but they do happen, and happen quite often. Magnolia Health Corporation: CEO Gone Phishing.

Phishing 98

Phishing Scams Computers and Electronics Banking 98

Security Affairs

JULY 22, 2019

Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform.

Phishing 77

Phishing Data breaches Passwords Advertising 77

CyberSecurity Insiders

JANUARY 30, 2022

The Work from Home (WfH) culture might do well to the employees, but some companies are disclosing openly that they are witnessing a surge in cyber attacks( mainly data breaches) on their IT infrastructure as their employees are not following basic cyber hygiene of using strong passwords and authenticating their Identity whole accessing networks.

Cyber Attacks 131

Cyber Attacks Data breaches Antivirus Authentication 131

Security Affairs

JUNE 4, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Spyware 86

Spyware Hacking Malware Social Engineering 86

Malwarebytes

AUGUST 28, 2023

An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. Enable two-factor authentication (2FA).

Data breaches 98

Data breaches Accountability Passwords Phishing 98

Adam Levin

JULY 8, 2020

” Hacking campaigns exploiting poor domain name security can be more subtle. A recent domain hijack of Japanese cryptocurrency exchange Coincheck.com was used to spoof the company in a spear-phishing campaign. That spells trouble if you’re the one that gets hacked. What Can Be Done?

Hacking 130

Hacking Retail Cyber Insurance Authentication 130

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 109

VPN Accountability Firewall Data breaches 109

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 115

Cryptocurrency Data breaches Authentication Accountability 115

Security Affairs

JANUARY 28, 2024

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center Participants earned more than $1.3M Korea attempts to use generative AI for hacking attacks: spy agency Cybersecurity Is artificial intelligence the solution to cyber security threats?

Artificial Intelligence 94

Artificial Intelligence Hacking Malware Cyber Attacks 94

Hot for Security

APRIL 9, 2021

According to Cybernews researchers who analyzed the samples, the data includes a combo of LinkedIn profiles and associated info, such as user IDs, full names, email addresses, phone numbers, gender, professional titles, job-related descriptions, profile and social media profile links. A new breach or data-scraping venture?

Data breaches 119

Data breaches Hacking Passwords Accountability 119

Krebs on Security

FEBRUARY 10, 2020

Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. Compounding the confusion, on Sept.

Hacking 246

Hacking Identity Theft Government Phishing 246