Security Affairs

DECEMBER 17, 2023

.” At this time, we are not aware of any exposure to the data that customers store in MongoDB Atlas.” ” The US firm urges customers to be vigilant for social engineering and phishing attacks. The company also recommends active multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords.

Social Engineering 116

Social Engineering Data breaches Cyber Attacks Accountability 116

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 96

Hacking Authentication Passwords Accountability 96

SecureWorld News

FEBRUARY 23, 2023

The news was first reported by cybersecurity and malware research group vx-underground, which posted screenshots of data purportedly stolen from the company. Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish.

Hacking 86

Hacking Phishing Data breaches Information Security 86

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 86

Spyware Data breaches Hacking Ransomware 86

Security Affairs

JANUARY 18, 2021

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach. OpenWRT forum was compromised during the weekend and user data were stolen by intruders. The administrators of the forum disclosed the data breach with an announcement published on the forum.

Hacking 129

Hacking Data breaches Passwords Accountability 129

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 114

Cryptocurrency Data breaches Authentication Accountability 114

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 108

VPN Accountability Firewall Data breaches 108

Security Affairs

DECEMBER 16, 2022

Social Blade is an American social media analytics platform, the company disclosed the security breach after a database containing company data was offered for sale on a hacker forum this week. “On The company pointed out that the credit card data was not exposed. Looking for 1-2 sales then thread will be deleted.”

Data breaches 91

Data breaches Passwords Media Phishing 91

Identity IQ

FEBRUARY 21, 2024

This public-key approach makes it much more difficult for hackers to steal or compromise your credentials, even in the event of phishing attacks or website breaches. The main difference between a passkey and a password boils down to how they authenticate your identity and the level of security they offer.

Passwords 52

Passwords Authentication Accountability Phishing 52

Security Affairs

SEPTEMBER 11, 2022

IHG suffered a cyberattack that severely impacted its booking process China-Linked BRONZE PRESIDENT APT targets Government officials worldwide Scammers live-streamed on YouTube a fake Apple crypto event US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyberattack $30 Million worth of cryptocurrency stolen by Lazarus from Axie Infinity (..)

Data breaches 95

Data breaches Ransomware Phishing Malware 95

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Early August, the communications company Twilio discloses a data breach , threat actors had access to the data of some of its customers. Specific steps can be found here.

Accountability 90

Accountability Authentication Phishing Data breaches 90

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 85

Spyware Hacking Malware Social Engineering 85

Thales Cloud Protection & Licensing

OCTOBER 24, 2022

Data breaches damage trust. Thales has worked together with the University of Warwick to produce the 2022 Consumer Trust Index survey, which includes some interesting findings: 33% of consumers globally have become victims of a data breach. Who most trusts digital platforms to hold and process personal data?

Security Awareness 71

Security Awareness Data breaches Social Engineering Phishing 71

Security Affairs

AUGUST 27, 2022

Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee info. On-demand food delivery service DoorDash disclosed a data breach, the threat actors behind the Twilio hack gained access to the company’s data.

Data breaches 84

Data breaches Phishing Hacking Authentication 84

Security Affairs

SEPTEMBER 23, 2020

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet. US fitness chain Town Sports has suffered a data breach, a database belonging to the company containing the personal information of over 600,000 people was exposed on the Internet.

Data breaches 89

Data breaches Phishing Passwords Advertising 89

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 113

Accountability Authentication Passwords Data breaches 113

Security Affairs

APRIL 20, 2020

Early March, the security expert Bob Diachenko uncovered an Elasticsearch cluster containing more than 267 million Facebook user IDs, phone numbers, and names. The archive was left exposed online for anyone to access without authentication. Then the experts added the records to their data breach notification service [link].

Data breaches 145

Data breaches Passwords Advertising Phishing 145

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. Source RestorePrivacy.

Data breaches 93

Data breaches Accountability Media Hacking 93

Security Affairs

OCTOBER 9, 2022

The post Security Affairs newsletter Round 387 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Data breaches 87

Data breaches Firmware Ransomware Hacking 87

Security Affairs

NOVEMBER 24, 2023

The DigitalOcean storage bucket, containing almost a million sensitive files, was left open to anyone without requiring authentication. Leaking private data on the internet, in this case, poses a grave risk, as most of the leaked files expose minors. In the worst-case scenario, the leak might increase the risk of child abuse.

Identity Theft 108

Identity Theft Internet Internet Education 108

Security Affairs

JULY 27, 2023

This would make it extremely complicated for the company to inform its clients about a data breach or to warn them of malware attacks,” researchers said. What DepositFiles data was exposed? The exposed file had credentials for the Redis database, allowing anyone to read, edit, or delete data stored there.

Data breaches 88

Data breaches VPN Media Passwords 88

CyberSecurity Insiders

JULY 21, 2021

Ensure that account credentials are secure. According to Verizon’s 2021 Data Breach Investigations Report , credentials are the type of data cybercriminals most want to steal in a breach. Know how to identify a phishing attack. Let’s take a closer look at a few of those habits.

Social Engineering 145

Social Engineering Password Management Passwords Phishing 145

Security Affairs

NOVEMBER 14, 2021

In some cases threat actors could target small businesses with spear-phishing messages that can be specifically crafted using publicly available information or stolen data about an employee. ” The FTC also shared guidance for businesses that experienced a data breach. . ” states the FTC.

Small Business 93

Small Business Ransomware Backups Authentication 93

Security Affairs

MAY 12, 2023

Email Threats Are Becoming More Sophisticated There are a number of ways that email can be leveraged to compromise the security of an organization, but the most prominent approach is phishing. At this point, the bad actor has access to the information they were after. It’s a trend that’s growing. QR code spoofing.

Phishing 88

Phishing Social Engineering Small Business B2B 88

Security Affairs

JANUARY 28, 2024

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE) CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog 5379 GitLab servers vulnerable to zero-click account takeover attacks Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204 Akira ransomware attack on Tietoevry (..)

Artificial Intelligence 93

Artificial Intelligence Hacking Malware Cyber Attacks 93

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. According to another study by CybSafe, human errors have been responsible for over 90% of data breaches in 2020. Customize Your Security Training.

Cybersecurity 71

Cybersecurity Data privacy Data breaches Phishing 71

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering 104

Social Engineering Spyware Data breaches Surveillance 104

Security Affairs

DECEMBER 16, 2022

Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. The post Data of 5.7M

Hacking 80

Hacking Phishing Accountability Authentication 80

Security Affairs

OCTOBER 29, 2022

. “Our investigation also led us to conclude that the same malicious actors likely were responsible for a brief security incident that occurred on June 29, 2022. Threat actors behind the 0ktapus campaign aimed at obtaining Okta identity credentials and two-factor authentication (2FA) codes from users of the targeted organizations.

Social Engineering 101

Social Engineering Phishing Authentication Hacking 101

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 93

Data breaches Malware Mobile Spyware 93

Security Affairs

JULY 14, 2020

Auctions platform LiveAuctioneers admitted to have suffered a data breach that likely impacted approximately 3.4 Auctions platform LiveAuctioneers disclosed a a data breach that might have impacted approximately 3.4 ” reads the data breach notification published by the company. million users.

Hacking 98

Hacking Data breaches Identity Theft Advertising 98

Security Affairs

APRIL 11, 2021

The experts reported their findings to the company, but at the time of this writing, Clubhouse has yet to confirm the authenticity of the exposed data. Leak data could be abused by threat actors to carry out malicious activities, such as phishing/spear-phishing attacks, identity theft, and scams.

Identity Theft 140

Identity Theft Phishing Password Management Media 140

Security Affairs

NOVEMBER 29, 2020

The post Security Affairs newsletter Round 291 appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Data breaches 85

Data breaches Social Engineering Ransomware Malware 85

Security Affairs

DECEMBER 28, 2020

The dump allegedly includes 2,500,000 customers' PII Data, Phone Numbers & ICCID that can be exploited for SIM swap attacks to empty Bank accounts. pic.twitter.com/yR193Mt3CS — Bank Security (@Bank_Security) December 28, 2020. ” Bank Security told me. “Privacy is a very hot topic nowadays.

Mobile 128

Mobile Banking Data breaches Phishing 128

Security Affairs

NOVEMBER 24, 2020

” Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. The exposed data could expose users to multiple malicious activities, including identity theft & fraud, scams, phishing and malware attacks, and of course account abuse.

Identity Theft 100

Identity Theft Accountability Passwords Phishing 100

Security Affairs

DECEMBER 21, 2023

A treasure trove for bad actors Personally identifiable information from car renting companies is highly valued among black-hat hackers and is often sold in batches on cybercrime marketplaces on the dark web. In the wrong hands, this data can be exploited for financial gain.

Mobile 102

Mobile Identity Theft Passwords Phishing 102