Security Affairs

AUGUST 8, 2022

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. SecurityAffairs – hacking, data breach).

Data breaches 87

Data breaches Social Engineering Phishing Accountability 87

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication 94

Authentication Passwords Risk Education 94

Security Affairs

NOVEMBER 20, 2021

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords.

Passwords 103

Passwords Password Management Data breaches Authentication 103

Security Affairs

APRIL 12, 2024

Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.”

Accountability 108

Accountability Passwords Data breaches Authentication 108

Security Affairs

JANUARY 4, 2022

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. ” reads the data breach notification letter sent to the impacted individuals.

Data breaches 82

Data breaches Healthcare Identity Theft Insurance 82

Security Affairs

MARCH 8, 2022

Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models. Source: Lapsus$ gang’s Telegram Channel.

Data breaches 81

Data breaches Ransomware Hacking Cyber Attacks 81

Malwarebytes

FEBRUARY 27, 2024

The German Federal Office for Information Security (BSI) has published a report on The State of IT Security in Germany in 2023 , and the number one threat for consumers is… identity theft. What to do in the event of a data breach Check the vendor’s advice. Change your password. Take your time.

Identity Theft 98

Identity Theft Data breaches Artificial Intelligence Passwords 98

SecureWorld News

DECEMBER 1, 2020

The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers. The Home Depot data breach and agreement. The company will pay a total of $17.5 million to 46 U.S.

Data breaches 62

Data breaches Penetration Testing Password Management Information Security 62

Security Affairs

JUNE 7, 2021

RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords. . What seems to be the largest password collection of all time has been leaked on a popular hacker forum. The same user also claims that the compilation contains 82 billion passwords.

Passwords 114

Passwords Data breaches Accountability Password Management 114

Security Affairs

AUGUST 22, 2023

While the leaked information highlights Belcan’s commitment to information security through the implementation of penetration tests and audits, attackers could exploit the lapse in leaving the tests’ results open, together with admin credentials hashed with bcrypt.

Passwords 81

Passwords Penetration Testing Engineering Manufacturing 81

Security Affairs

OCTOBER 26, 2020

Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software , Inc.

Data breaches 102

Data breaches Advertising Software Accountability 102

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 98

Hacking Authentication Passwords Accountability 98

Security Affairs

DECEMBER 19, 2023

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw.

Authentication 107

Authentication Data breaches Passwords Internet 107

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Hacking 130

Hacking Data breaches Passwords Accountability 130

CyberSecurity Insiders

MARCH 28, 2023

Understanding the FTC Safeguards Rule The FTC Safeguards Rule is a set of regulations that require covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information. Implementation of multi-factor authentication.

Data breaches 125

Data breaches Authentication Risk Phishing 125

Security Affairs

DECEMBER 17, 2023

The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords. However, the company states that the activity is not related to the security incident. .” The US firm urges customers to be vigilant for social engineering and phishing attacks.

Social Engineering 117

Social Engineering Data breaches Cyber Attacks Accountability 117

Identity IQ

FEBRUARY 21, 2024

IdentityIQ The traditional method of safeguarding our accounts with passwords is facing growing challenges. As technology evolves, so do the methods employed by hackers, making passwords both inconvenient and increasingly susceptible to breaches. Passkey vs. Password – What’s the Difference? What is a Passkey?

Passwords 52

Passwords Authentication Accountability Phishing 52

Security Affairs

NOVEMBER 15, 2023

The data was likely compromised by unauthorized actors. The Cybernews research team discovered that Strendus, a Mexican-licensed online casino, had left public access to 85GB of its authentication logs, with hundreds of thousands of entries containing private gamblers’ data. Amount of leaked data.

Passwords 102

Passwords Identity Theft Social Engineering Spyware 102

Security Affairs

NOVEMBER 3, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. ” continues the post.

Data breaches 120

Data breaches Social Engineering Accountability Authentication 120

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 116

Cryptocurrency Data breaches Authentication Accountability 116

Security Affairs

DECEMBER 16, 2022

Social Blade is an American social media analytics platform, the company disclosed the security breach after a database containing company data was offered for sale on a hacker forum this week. “On The company pointed out that the credit card data was not exposed.

Data breaches 91

Data breaches Passwords Media Phishing 91

Security Affairs

APRIL 14, 2020

Quidd , an online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019. Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords.

Accountability 139

Accountability Hacking Data breaches Passwords 139

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . charlysatoshi. This is a real email!

Passwords 59

Passwords Cryptocurrency Data breaches Advertising 59

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 114

Accountability Authentication Passwords Data breaches 114

Security Affairs

MARCH 7, 2023

The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers.

Software 97

Software Hacking Data breaches Media 97

Security Affairs

MARCH 2, 2023

The attackers have stolen sensitive personal data from more than 550,000 users. Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers. TechCrunch pointed out that stolen data can allow the unmasking of individuals that purchased a weapon.

Accountability 80

Accountability Hacking Data breaches Passwords 80

The Last Watchdog

APRIL 4, 2022

SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. According to Forbes, “the first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records.”

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

JANUARY 12, 2023

The 400 million records exposed in the second alleged breach could not be correlated with the previously reported incident, nor with any new incident. 200 million dataset could not be correlated with the previously reported incident, the data are not obtained through the exploitation of flaws in Twitter systems. ” said Gal.

Data breaches 98

Data breaches Authentication Passwords Hacking 98

Security Affairs

JULY 27, 2023

DepositFiles’ clients are at risk of their personally identifiable information, files, and passwords being stolen. This would make it extremely complicated for the company to inform its clients about a data breach or to warn them of malware attacks,” researchers said. What DepositFiles data was exposed?

Data breaches 88

Data breaches VPN Media Passwords 88

Security Affairs

NOVEMBER 24, 2023

The analysis of 438 passwords revealed that 21.2% (93 passwords) seemed to be manually set by individuals, while the remaining ones were generated by computers. The researchers used the PESrank model to calculate password strength per each password. ” continues the report. ” continues the report.

Passwords 108

Passwords Data breaches Authentication Hacking 108

Security Affairs

MARCH 29, 2024

Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.” email addresses and passwords) obtained from an unknown third-party source.

Accountability 109

Accountability Mobile Passwords Authentication 109

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 109

VPN Accountability Firewall Data breaches 109

Security Affairs

DECEMBER 19, 2023

By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public.

Risk 99

Risk Identity Theft Data breaches Accountability 99

Security Affairs

JUNE 21, 2020

Cyble has analyzed the data and confirmed its authenticity, it also indexed the record in its data breach monitoring and notification service AmiBreached.com. The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.

Data breaches 123

Data breaches Mobile Advertising Authentication 123

Security Affairs

MARCH 5, 2023

.” reads the data breach notification sent to the impacted customers. In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work. Then, they enter those accounts for the purpose of abusing permissions, siphoning out data, or both.

Data breaches 88

Data breaches Accountability Mobile Passwords 88

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. Yeah, it's legit guys.

Hacking 107

Hacking Data breaches Accountability Passwords 107

Security Affairs

APRIL 8, 2021

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. All php.net passwords have been reset.

Hacking 85

Hacking Passwords Authentication Data breaches 85