Document and Passwords - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Executing this series of keypresses prompts Windows to download password-stealing malware.

Phishing

Phishing Malware Scams Passwords

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

MARCH 9, 2022

Which led me to a moment of clarity just yesterday as I was pondering revenge tactics and, in a flash of inspiration, came up with the idea of Password Purgatory: purgatory: a place or state of temporary suffering or misery You know how we all hate password complexity criteria? All they have to do first is create a password.

Passwords

Passwords DNS Accountability Risk

Passwords in the age of AI: We need to find alternatives

Malwarebytes

MAY 8, 2025

For decades, passwords have been our default method for keeping online accounts safe. A team at Cybernews conducted a study of over 19 billion newly exposed passwords which showed were looking at a a widespread epidemic of weak password reuse. Does that make the password obsolete? But our opponents have.

Passwords

Passwords Artificial Intelligence Identity Theft Password Management

Bitwarden vs Dashlane: Comparing Password Managers

eSecurity Planet

MAY 14, 2025

Bitwarden and Dashlane are two popular password managers that offer business plans in addition to their products for individuals. 5 Bitwarden is a popular business password manager with features like user management, custom session length, and integrations with SIEM products. However, Dashlane is still a great choice for businesses.

Password Management

Password Management Passwords Data breaches Encryption

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Malwarebytes

MAY 27, 2025

While the sheer volume of exposed dataincluding emails, passwords, and authorization URLsis alarming, the real concern is not just about the exposure itself, but in how cybercriminals collect and weaponize these credentials. Infostealers have evolved beyond simple password grabbers. Use unique, complex passwords for every service.

Identity Theft

Identity Theft Passwords Accountability Phishing

Passwords Advice

Adam Shostack

JANUARY 2, 2025

Bruse Marshall has put together a useful comparison of password requirements from OWASP ASVS v3 and v4. Bruce Marshall has put together a comparison of OWASP ASVS v3 and v4 password requirements: OWASP ASVS 3.0 & 4.0 We should judge standards on their delivery of these important contextual documents. Comparison.

Passwords

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking

Hacking Accountability Passwords Cybersecurity

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. Below is the hypothesis reported in the document.

Media

Media Mobile Passwords Hacking

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. reported 404 Media. “The

Media

Media Wireless Mobile Encryption

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords

Passwords Password Management Malware Accountability

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. It uses a common low-level keyboard hook to record keystrokes and writes the logs to local files.

Passwords

Passwords Malware Cryptocurrency Cybercrime

Facebook and Instagram passwords were stored in plaintext, Meta fined

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords

Passwords Data breaches Media Phishing

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Scammers use fake personas often posing as military personnel or celebrities e.g., a French woman recently lost 700,000 to scammers pretending to be Brad Pitt using AI-generated photos and fake documents ( BBC ). Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site.

Scams

Scams Password Management Passwords Banking

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Organizations can use this checklist to track progress and identify areas requiring attention before assessment. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server). There were no password policies until at least January 2024 (the same username and password were used for all Westend Dental servers that contained protected health information).

Data breaches

Data breaches Ransomware Passwords Insurance

How to Protect Your Gmail Password: Top Tips for Maximum Security

Hacker's King

DECEMBER 28, 2024

Your Gmail account stores valuable information such as emails, contacts, and documents. A compromised password can lead to identity theft and data breaches. To safeguard your Gmail password, you need to adopt a few best practices that will enhance your accounts security and keep cyber threats at bay.

Passwords

Passwords Identity Theft Accountability Data breaches

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

The breach tracking service Constella Intelligence says this email address used the same password (and slight variations of it) across many accounts online — including at hacker forums — and that the same password was used in connection with dozens of other email addresses, such as florianmarzahl@hotmail.de, and fmarzahl137@gmail.com.

eCommerce

eCommerce Cybercrime Accountability Passwords

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system.

Passwords

Passwords Identity Theft Consumer Services Password Management

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. However, these digital guardians can offer more than just a secure vault for passwords. In fact, a good password manager can play a crucial role in enhancing both the personal and professional aspects of a user’s digital life.

Password Management

Password Management Passwords Banking Accountability

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Which is a fine practice, and brings me to the question: Why expire the first passwords at all? Why make it harder?

Banking

Banking Passwords Password Management Authentication

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

It quickly spots common security flaws like misconfigurations, outdated sof, such as, and weak passwords, helping you test systems efficiently and thoroughly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

It quickly spots common security flaws like misconfigurations, outdated sof, such as, and weak passwords, helping you test systems efficiently and thoroughly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services.

VPN

VPN Firewall Technology Passwords

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Firewall

Firewall Passwords VPN Authentication

Why Phone Numbers Stink As Identity Proof

Krebs on Security

MARCH 17, 2019

Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims. “But from that site’s side, when they see a password reset come in via that phone number, they have no way to know if that’s me. .

Accountability

Accountability Passwords Mobile Banking

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Stolen files allegedly include contracts, insurance, and financial documents. “In that case, officials at the president’s press office later said the information appeared to have been downloaded using the password of a former employee.” ” reported the Associated Press.

Government

Government Hacking Ransomware Insurance

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Hydra trafficked in illegal drugs and financial services, including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. Incredibly, the day after our initial interview via Telegram, Shefel proposed going into business together.

Retail

Retail Advertising Cryptocurrency Marketing

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

In a SIM-swapping attack, crooks transfer the targets phone number to a device they control and intercept any text messages or phone calls to the victim’s device including one-time passcodes for authentication and password reset links sent via SMS. Documents from the U.S. ” U.S.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Legal Threats Make Powerful Phishing Lures

Krebs on Security

MAY 22, 2019

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully. Note: The password for the document is 123456. Yes, the spelling/grammar is poor and awkward (e.g.,

Phishing

Phishing Antivirus Scams Malware

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly.

VPN

VPN Passwords Software Telecommunications

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

. “The emails had the subject Documents from 04/29/2025 and were sent from an address disguised as corporate correspondence.” ” The phishing emails employed in the campaign spotted by F6 experts has the subject Documents from 04/29/2025 and were sent from addresses mimicking corporate senders.

Malware

Malware Phishing Telecommunications Retail

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

. — rely on that number for password resets. From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication. It’s time we stopped letting everyone treat them that way.

Mobile

Mobile Accountability Passwords Authentication

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking

Hacking Government Identity Theft Accountability

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords

Passwords Accountability Engineering Phishing

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability

Accountability Advertising Passwords Phishing

FCC Proposal Targets SIM Swapping, Port-Out Fraud

Krebs on Security

OCTOBER 1, 2021

From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file.

Wireless

Wireless Mobile Passwords Authentication

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The malspam messages had the topic Free primary legal aid use a password-protected attachment Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Employee monitoring app exposes users, leaks 21+ million screenshots

Malwarebytes

APRIL 28, 2025

This is not just bad news for those remote workers, it could be even worse for the WorkComposer customers that can see internal communications, confidential business documents, and log in pages exposed to anyone that stumbled over the unprotected bucket. Change the passwords that may have been seen. Watch out for phishing attacks.

Passwords

Passwords Phishing Spyware Password Management

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

.” Constella Intelligence , a company that tracks exposed databases, finds that 774748@gmail.com was used in connection with just a handful of passwords, but most frequently the password “ featar24 “ Pivoting off of that password reveals a handful of email addresses, including akafitis@gmail.com. ru in 2008.

Malware

Malware Cybercrime Software Accountability

Begging for Bounties and More Info Stealer Logs

Troy Hunt

JULY 31, 2024

The sender then attached a text file with 197 lines of email addresses and passwords belonging to users of Scott's pride and joy. Exposure of sensitive user data including names, emails, addresses, and documents. Most with the same password too, because a normal person obviously owns this email address.

Scams

Scams Passwords Malware Accountability

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

“And since there’s no password on the account, it just shoots them to the ‘create password for your new account’ flow. What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password.

Accountability

Accountability Cryptocurrency Passwords DNS

FBI warns of malicious free online document converters spreading malware

ClickFix: How to Infect Your PC in Three Easy Steps

Trending Sources

Building Password Purgatory with Cloudflare Pages and Workers

Passwords in the age of AI: We need to find alternatives

Bitwarden vs Dashlane: Comparing Password Managers

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

Passwords Advice

Microsoft Executives Hacked

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Strengthen your digital defenses on World Password Day

‘Golden Chickens’ Resurfaces with Two Dangerous Malware Tools Targeting Passwords and Crypto Wallets

Facebook and Instagram passwords were stored in plaintext, Meta fined

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Dental group lied through teeth about data breach, fined $350,000

How to Protect Your Gmail Password: Top Tips for Maximum Security

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Threat Modeling and Logins

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Why Phone Numbers Stink As Identity Proof

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

An Interview With the Target & Home Depot Hacker

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Legal Threats Make Powerful Phishing Lures

Hackers Were Inside Citrix for Five Months

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Are You One of the 533M People Who Got Facebooked?

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Malicious Office 365 Apps Are the Ultimate Insiders

FCC Proposal Targets SIM Swapping, Port-Out Fraud

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Employee monitoring app exposes users, leaks 21+ million screenshots

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Begging for Bounties and More Info Stealer Logs

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Stay Connected