Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords 91

Passwords Hacking Wireless Authentication 91

Security Affairs

MARCH 11, 2024

Researchers released technical specifics and a PoC exploit for a recently disclosed flaw in Progress Software OpenEdge Authentication Gateway and AdminServer. “The Progress OpenEdge team recently identified a security vulnerability in OpenEdge Release 11.7.18 If a match occurs, authentication is granted.

Software 114

Software Authentication Passwords Engineering 114

Security Affairs

AUGUST 22, 2023

While the leaked information highlights Belcan’s commitment to information security through the implementation of penetration tests and audits, attackers could exploit the lapse in leaving the tests’ results open, together with admin credentials hashed with bcrypt.

Passwords 81

Passwords Penetration Testing Engineering Manufacturing 81

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 94

Hacking Firmware Authentication DNS 94

Security Affairs

APRIL 12, 2024

Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms. Roku announced that 576,000 accounts were hacked in new credential stuffing attacks, threat actors used credentials stolen from third-party platforms.

Accountability 108

Accountability Passwords Data breaches Authentication 108

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches 107

Data breaches Passwords Media Accountability 107

SecureList

AUGUST 14, 2023

Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation.

Phishing 74

Phishing Hacking Banking Scams 74

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. SecurityAffairs – hacking, hack).

Hacking 95

Hacking Password Management Passwords Authentication 95

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords 143

Passwords Authentication Advertising Software 143

Security Affairs

APRIL 7, 2024

The request includes parameters for a username (user=messagebus) and an empty field for the password ( passwd= ). This trick allows attackers to obtain bypass authentication. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, NAS) ” wrote Netsecfish. .

Internet 134

Internet Internet DNS Hacking 134

Security Affairs

JANUARY 18, 2021

It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. Pierluigi Paganini.

Hacking 131

Hacking Data breaches Passwords Accountability 131

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” Configure SSH to use public/private keys and disable passwords.

Hacking 94

Hacking Passwords Authentication Encryption 94

Security Affairs

APRIL 8, 2021

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. All php.net passwords have been reset.

Hacking 85

Hacking Passwords Authentication Data breaches 85

Security Affairs

MAY 13, 2024

.” To defend against ransomware campaign like this one, NJCCIC provided the following recommendations: Security Awareness Training : Engage in security awareness training to enhance defense mechanisms and recognize potential signs of malicious communications. Reference the provided resources for establishing DMARC authentication.

Phishing 103

Phishing Ransomware Security Awareness Authentication 103

Security Affairs

MAY 5, 2021

Researchers found a critical vulnerability in HPE Edgeline Infrastructure Manager that could be exploited by a remote attacker to bypass authentication. “A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. .

Authentication 92

Authentication Passwords Accountability System Administration 92

Security Affairs

MARCH 7, 2023

The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack.

Software 97

Software Hacking Data breaches Media 97

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

JUNE 7, 2021

RockYou2021, the largest password compilation of all time has been leaked on a popular hacker forum, it contains 8.4 billion entries of passwords. . What seems to be the largest password collection of all time has been leaked on a popular hacker forum. The same user also claims that the compilation contains 82 billion passwords.

Passwords 114

Passwords Data breaches Accountability Password Management 114

Security Affairs

AUGUST 10, 2022

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account.” SecurityAffairs – hacking, Yanluowang ransomware). ” reads the analysis published by Cisco Talos. Pierluigi Paganini.

Ransomware 126

Ransomware Hacking VPN Phishing 126

Security Affairs

MARCH 2, 2023

Compromised customers’ data include full names, home addresses, email addresses, plaintext passwords, and telephone numbers. At the end of 2022, a security researcher discovered the stolen data on an unsecured server belonging to a group of hackers. The attackers have stolen sensitive personal data from more than 550,000 users.

Accountability 80

Accountability Hacking Data breaches Passwords 80

Security Affairs

NOVEMBER 24, 2020

Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel , a popular software suite that facilitates the management of a web hosting server. 11.86.0.32.

Hacking 138

Hacking Authentication Accountability Software 138

Security Affairs

APRIL 14, 2020

Quidd , the online marketplace for trading stickers, cards, toys, and other collectibles, discloses a data breach in has suffered in 2019, it is also recommending users to change their passwords. The data breach was first reported by Risk Based Security last week, since then, Quidd has never disclosed any data breach recent security incident.

Accountability 140

Accountability Hacking Data breaches Passwords 140

Security Affairs

NOVEMBER 15, 2020

million Pluto TV user accounts on a hacking forum for free, he claims they were stolen by ShinyHunters threat actor. million Pluto TV user records, he also added that the service was hacked by ShinyHunters. The dump includes PLUTO TV’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address.

Accountability 97

Accountability Hacking Data breaches Passwords 97

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. SecurityAffairs – hacking, Anonymous). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking 144

Hacking Government Banking Media 144

Security Affairs

NOVEMBER 15, 2023

The Cybernews research team discovered that Strendus, a Mexican-licensed online casino, had left public access to 85GB of its authentication logs, with hundreds of thousands of entries containing private gamblers’ data. IoCs are pieces of evidence or data that suggest a security incident or breach has occurred. Amount of leaked data.

Passwords 102

Passwords Identity Theft Social Engineering Spyware 102

Security Affairs

DECEMBER 28, 2023

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Apache OFbiz)

Authentication 119

Authentication Passwords Hacking Software 119

Security Affairs

FEBRUARY 19, 2020

Password Protection & Authentication. Passwords are the baseline of cybersecurity. Luckily, applying AI into the mix can make passwords more secure. Before, a password was a word or phrase. Multi-Factor Authentication. SecurityAffairs – artificial intelligence , sensitive information).

Artificial Intelligence 91

Artificial Intelligence Information Security Passwords Encryption 91

Security Affairs

MAY 2, 2024

The threat actors were observed using methods such as exploiting virtual network computing (VNC) remote access software and default passwords. based water and wastewater systems (WWS) victims faced limited physical disruptions after attackers hacked into their Human Machine Interfaces (HMIs). ” concludes the advisory.

Passwords 88

Passwords Internet Internet Software 88

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Presently, Meduza password stealer supports Windows Server 2012/2016/2019/2022 and Windows 10/11.

Password Management 125

Password Management Cryptocurrency Passwords Authentication 125

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management 98

Password Management Passwords Accountability Phishing 98

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Change your Activision account passwords and add 2FA immediately.

Hacking 107

Hacking Data breaches Accountability Passwords 107

Security Affairs

DECEMBER 19, 2023

The vulnerability was discovered by security researchers at Positive Technologies and disclosed to Citrix in October 10, 2023. Security firm Mandiant observed threat actors hijacking sessions where session data was stolen before the patch deployment and subsequently used by the threat actor. .

Authentication 107

Authentication Data breaches Passwords Internet 107

Security Affairs

AUGUST 13, 2023

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. CVE-2023-3266: Improperly Implemented Security Check for Standard (Auth Bypass; CVSS 7.5) CVE-2023-3267: OS Command Injection (Authenticated RCE; CVSS 7.5)

Hacking 85

Hacking Firmware Authentication Software 85

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. ” The flaw could allow unauthorized third-party access to the router with admin privileges without proper authentication. .” SecurityAffairs – TP-Link Archer, hacking).

Passwords 93

Passwords Advertising Firmware Authentication 93

Security Affairs

FEBRUARY 12, 2024

Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords. Avoid entering any data if you see a warning message about a site’s authenticity. Most browsers will alert you if a site isn’t secure.

DNS 123

DNS VPN Encryption Passwords 123

Security Affairs

MARCH 29, 2024

Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.” email addresses and passwords) obtained from an unknown third-party source.

Accountability 109

Accountability Mobile Passwords Authentication 109

Security Affairs

SEPTEMBER 2, 2022

Researchers discovered that the infrastructure used in Cisco hack was the same used to target a Workforce Management Solution firm. Researchers from cybersecurity firm eSentire discovered that the attack infrastructure used in recent Cisco hack was also used to attack a top Workforce Management corporation in in April 2022.

Hacking 97

Hacking VPN Ransomware Authentication 97