Document, Information Security and Passwords

Removing Passwords, Without Compromising Security

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords.

Passwords

Passwords Authentication Mobile CISO

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Authentication Passwords Accountability

A critical flaw in Citrix Application Delivery Management allows resetting admin passwords

Security Affairs

JUNE 15, 2022

Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords.

Passwords

Passwords Hacking Cybersecurity Information Security

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The data exfiltrated by the gang included classified information and sensitive personal data from the Federal Administration. million files, and 65,000 documents were classified by NCSC as data relevant to the Federal Administration. Threat actors stole and leaked roughly 1.3 ” continues the report. ” continues the report.

Ransomware

Ransomware Data breaches Unstructured Data Architecture

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker.” Once the victim double-clicked the HTML file, a blurred image with a preconfigured email within the document is opened in the browser. ” continues the post.

Phishing

Phishing Passwords Manufacturing Healthcare

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Source: Cybernews Users holding the company’s email addresses, potentially the employees, had their passwords exposed in plaintext. Hashed passwords to access user accounts on the DTT trading platform were also leaked. Leaked emails. Some clients had their home addresses, phone numbers, and partial credit card details exposed.

Technology

Technology Identity Theft Backups Passwords

Zoom client for Windows could allow hackers to steal users’Windows password

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Security experts and privacy advocates believe that the Zoom is an efficient online video communication platform, but evidently it has some serious privacy and security solutions.

Passwords

Passwords Advertising Hacking Software

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. To do this, the spyware creates different threads and timer functions in the main function. Pierluigi Paganini.

Passwords

Passwords Spyware VPN Malware

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Security Affairs

FEBRUARY 10, 2024

Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude” Bitdefender continues.

Ransomware

Ransomware Architecture Malware Passwords

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). “The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Information Security Encryption Phishing

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Security Affairs

JULY 11, 2022

BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. They introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network. ALPHV seems to be significantly competing with Lockbit 3.0

Ransomware

Ransomware Passwords Data breaches Technology

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Security Affairs

AUGUST 12, 2021

“The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. ” Attackers split the HTML attachment in individual segments that appear harmless and bypass security solutions. com , or api[.]statvoo[.]com Pierluigi Paganini.

Phishing

Phishing Passwords Encryption Cybercrime

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs

NOVEMBER 20, 2023

According to court documents, the crooks stole approximately $600,000 from approximately 1,600 compromised accounts. According to court documents, on November 18, 2022, Garrison launched the attack against the betting site, obtaining access to approximately 60,000 user accounts. ” reads the press release published by DoJ.

Accountability

Accountability Hacking Passwords Cybercrime

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer. “Please take a look at the details in the attached document.”

Phishing

Phishing Passwords Banking Malware

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

NOVEMBER 16, 2023

Security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki’s involvement. The 2,200-page document shows that Kivimäki owned and operated the domain krebsonsecurity[.]org

Cybercrime

Cybercrime Hacking Data breaches Banking

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

JUNE 27, 2022

The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.” ” The RAR archive analyzed by the Ukrainian CERT-UA contains the document “Algorithm_LegalAid.xlsm.”

Telecommunications

Telecommunications Malware Media Passwords

New MacStealer macOS malware appears in the cybercrime underground

Security Affairs

MARCH 27, 2023

A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems. Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.

Cybercrime

Cybercrime Malware Passwords Advertising

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC. Microsoft Corp.

Malware

Malware Software Technology Accountability

Data of over a million users of the crypto exchange GokuMarket exposed

Security Affairs

DECEMBER 15, 2023

The leak comes after the team discovered an unprotected MongoDB instance, which stored information on GokuMarket crypto exchange users. Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users.

Passwords

Passwords Cryptocurrency Scams Mobile

Medusa ransomware gang claims the hack of Toyota Financial Services

Security Affairs

NOVEMBER 17, 2023

Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services

Financial Services Hacking Ransomware Data breaches

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. First documented in 2020 by Trend Micro and Kaspersky, LightSpy refers to an advanced iOS backdoor that’s distributed via watering hole attacks through compromised news sites.

Spyware

Spyware Mobile Malware Encryption

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Security Affairs

FEBRUARY 23, 2024

The company also confirmed that the attack did not affect the availability or operation of their nbn® or mobile services. “We can confirm that no credit or debit card numbers have been compromised, as we do not store this information. ” reads the statement published by the company. ”continues the statement.

Data breaches

Data breaches Telecommunications Banking Mobile

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Leaked sample data includes financial documents, invoices, hashed account passwords, passport scans, and more. The documents are in German, a circumstance that suggests that they have been stolen from company systems located in Germany.

Financial Services

Financial Services Data breaches Identity Theft Banking

How to keep cloud storage secure and safe

CyberSecurity Insiders

SEPTEMBER 7, 2022

As the adoption of cloud storage is growing, it is becoming easy to carry documents, passwords, movies, images, music, etc. Though it is convenient for us, data upload to a third-party platform might fetch some security risks that are as follows. So, here are a few tips that could help in keeping data safe on cloud-.

Passwords

Passwords Accountability Mobile Encryption

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

To bypass email-scanning services, the threat actors started embedding the Google Drive link in a lure document. The link points to a password-protected archive, the document also includes the password. TONEINS and TONESHELL malware was downloaded from the Google Drive link embedded in the body of spear-phishing messages.

Malware

Malware Phishing Passwords Government

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

Security Affairs

MARCH 15, 2024

“Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer. ” reads the press release published by DoJ.

Cybercrime

Cybercrime Cryptocurrency Advertising Passwords

The Rise of Passkeys

Duo's Security Blog

FEBRUARY 13, 2024

Then, in turn, they can digitally sign that message and use that secret to set up an encrypted session to send it back and then both parties can communicate bidirectionally securely. So, we began with the use of passwords. Using concepts from Public Key Cryptography WebAuthn was born to verify identity securely.

eCommerce

eCommerce Authentication Encryption Passwords

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Security Affairs

SEPTEMBER 7, 2023

The Atomic macOS Stealer allows operators to can steal various types of information from the infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password.

Malware

Malware Passwords Engineering Software

US Feds arrested two men involved in the Warzone RAT operation

Security Affairs

FEBRUARY 12, 2024

According to court documents, the FBI covertly purchased and analyzed the Warzone RAT. The seizure is the result of an international law enforcement operation, federal authorities in Atlanta and Boston charged individuals in Malta and Nigeria, for their involvement in selling the malware. ” reads the press release published by DoJ.

Malware

Malware Hacking Cybercrime Advertising

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

The recent Emotet campaign uses spam messages with password-protected attachments, experts noticed a decline in infections over the weekend, a behavior already observed in the past. Emotet joined the password-protected attachment bandwagon with a campaign starting Friday. ” states the Italian CSIRT’s alert.

Malware

Malware Passwords Advertising Cybercrime

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Security Affairs

APRIL 29, 2023

The Atomic macOS Stealer allows operators to can steal various types of information from the infected machines, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password. The threat actors spread the malware in the form of a ‘.dmg’

Advertising

Advertising Passwords Malware Password Management

Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Zeus OpenSSL).

Social Engineering

Social Engineering Banking Engineering Passwords

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

Security Affairs

JUNE 21, 2021

The group published the link to 13 password-protected archives, allegedly containing sensitive data stolen from the chipmaker. Attention Password for the Archives: XXXXXXXXXXX#1JLDiw8″ reads the post published by the group on its leak site. !!Inside Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Passwords VPN Authentication

New Ryuk ransomware implements self-spreading capabilities

Security Affairs

FEBRUARY 26, 2021

. “The Ryuk variant analyzed in this document does have self-replication capabilities. “The content of this scheduled task is described in the analysis present in this document. The propagation is achieved by copying the executable on identified network shares. ” continues the report. ” continues the report.

Ransomware

Ransomware Passwords Accountability Encryption

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

The Emotet campaign uses malicious emails that attempt to trick recipients into opening the zipped archive with the password included in the message. Emails accessed in this way require user action: open the file, unzip it with a password. Emails accessed in this way require user action: open the file, unzip it with a password.

Passwords

Passwords Malware Telecommunications Banking

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

Security Affairs

OCTOBER 26, 2020

develops commercial software used to create, edit, sign, and secure Portable Document Format (PDF) files and digital documents. According to the following the security advisory issued by the software maker and unauthorized third party gained limited access to a company database. M&A documents.

Data breaches

Data breaches Advertising Software Accountability

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Security Affairs

AUGUST 1, 2022

In early July, BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim’s passwords, and confidential documents. In a recent post from 10 Jul 2022, 15:35 pm in Dark Web , “ALPHV” introduced search not only by text signatures, but also supporting tags for search of passwords and compromised PII.

Ransomware

Ransomware Passwords Cyber Attacks Hacking

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Zeus OpenSSL).

Phishing

Phishing Social Engineering Banking Engineering

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

MARCH 5, 2022

One of the most clamorous leaks announced this leak is related to documents allegedly stolen from Russian troops that demonstrate the planning of Moscow for this war. At the moment it has not been possible to verify the authenticity of the published documents, therefore the reliability of the source remains difficult to verify.”

Hacking

Hacking Government Banking Media

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information. In addition to nearly 200K exposed customers, the DTC app’s open database also leaked information on 22,952 drivers. DTC app has over 100,000 downloads on the Google Play store.

VPN

VPN Accountability Banking Marketing

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

The credentials provided by the recipient are sent to an attacker-controlled URL, however, after the recipient enters their password, the phishing page redirects to a benign document that contains the interview questions, or an RFI that includes information of interest for the victims.

Phishing

Phishing Media Passwords Malware

Threat actor claims to have hacked European manufacturer of missiles MBDA

Security Affairs

JULY 31, 2022

. “The downloaded data contains confidential and closed information about the employees of your company, which took part in the development of closed military projects of MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT etc.) Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Manufacturing

Manufacturing Hacking Passwords Cybersecurity

Removing Passwords, Without Compromising Security

Threat actors hacked the Dropbox Sign production environment

Trending Sources

A critical flaw in Citrix Application Delivery Management allows resetting admin passwords

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Passwords stolen via phishing campaign available through Google search

Data leak at fintech giant Direct Trading Technologies

Zoom client for Windows could allow hackers to steal users’Windows password

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

New Woody RAT used in attacks aimed at Russian entities

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Alleged Extortioner of Psychotherapy Patients Faces Trial

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

New MacStealer macOS malware appears in the cybercrime underground

3CX Breach Was a Double Supply Chain Compromise

Data of over a million users of the crypto exchange GokuMarket exposed

Medusa ransomware gang claims the hack of Toyota Financial Services

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

230K individuals impacted by a data breach suffered by Telco provider Tangerine

Toyota Financial Services discloses a data breach

How to keep cloud storage secure and safe

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Technical analysis of China-linked Earth Preta APT’s infection chain

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

The Rise of Passkeys

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

US Feds arrested two men involved in the Warzone RAT operation

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs

Ragnar Locker ransomware leaked data stolen from ADATA chipmaker

New Ryuk ransomware implements self-spreading capabilities

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Dubai’s largest taxi app exposes 220K+ users

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Threat actor claims to have hacked European manufacturer of missiles MBDA

Stay Connected