Encryption, Hacking, Information Security and Passwords

KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

Security Affairs

MAY 18, 2023

A researcher published a PoC tool to retrieve the master password from KeePass by exploiting the CVE-2023-32784 vulnerability. Security researcher Vdohney released a PoC tool called KeePass 2.X X Master Password Dumper that allows retrieving the master password for KeePass. x versions. “In KeePass 2.x x versions.

Passwords

Passwords Encryption Hacking Internet

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

DECEMBER 30, 2021

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues.

Encryption

Encryption Software Passwords Engineering

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace. Slack announced that it is resetting passwords for about 0.5% SecurityAffairs – hacking, Slack). Pierluigi Paganini.

Passwords

Passwords Password Management Antivirus Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Plex discloses data breach and urges password reset

Security Affairs

AUGUST 24, 2022

The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Exposed data includes emails, usernames, and encrypted passwords. The company is urging all users to immediately reset account passwords and log out of all devices connected to its service.

Data breaches

Data breaches Passwords Media Accountability

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. We first met this team of experts in April when they discovered weaknesses in WPA3 that could be exploited to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Passwords

Passwords Hacking Wireless Authentication

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

OCTOBER 14, 2021

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage.

Backups

Backups Encryption Passwords Hacking

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Security Affairs

SEPTEMBER 9, 2022

Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices.

Encryption

Encryption Internet Internet Firewall

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

SEPTEMBER 13, 2021

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. SecurityAffairs – hacking, E2EE). Pierluigi Paganini.

Backups

Backups Encryption Passwords Accountability

KeePass fixed the bug that allows the extraction of the cleartext master password

Security Affairs

JUNE 5, 2023

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. x versions. reads the post published by the Vdohney.

Passwords

Passwords Password Management Encryption Hacking

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. . ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

An attacker can exploit the flaw to achieve command execution on the affected D-Link NAS devices, gain access to potential access to sensitive information, system configuration alteration, or denial of service. The request includes parameters for a username (user=messagebus) and an empty field for the password ( passwd= ).

Internet

Internet Internet DNS Hacking

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

LastPass revealed that intruders had internal access for four days during the August hack

Security Affairs

SEPTEMBER 18, 2022

The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack. Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. SecurityAffairs – hacking, hack).

Hacking

Hacking Password Management Passwords Authentication

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

Linus Larsson , the journalist who broke the story, says the hacked material was uploaded to a public server during the second half of September, and it is not known how many people may have gained access to it. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking

Hacking Ransomware Banking Accountability

Asian media firm E27 hacked, attackers asked for a “donation”

Security Affairs

JUNE 28, 2020

Asian media firm E27 suffered a security breach and hackers asked for a “donation” to provide information on the flaws they exploited in the attack. ” “We use Facebook and LinkedIn for account login and do not store any passwords on our system. SecurityAffairs – hacking, E27). Pierluigi Paganini.

Media

Media Hacking Passwords Data breaches

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

Experts warn of a severe privilege escalation, tracked as CVE-2023-30799 , in MikroTik RouterOS that can be exploited to hack vulnerable devices. The Mikrotik RouterOS operating system does not support brute force protection and the default “admin” user password was an empty string until October 2021.

Hacking

Hacking Passwords Authentication Encryption

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. Upon installing the ransomware, it downloads two executable files, which include the password stealer “pones.exe” and “krots.exe,” (aka) KPOT, which allows threat actors to write to the compromised system’s temporary (TMP) file.

Ransomware

Ransomware Hacking Malware Encryption

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

Security Affairs

FEBRUARY 19, 2020

With this technique, the system runs with as much efficiency as possible without sacrificing security, especially since there are measures in place at all times. Encryption. When information is moving from one source to another, it’s particularly susceptible to attacks and theft. Password Protection & Authentication.

Artificial Intelligence

Artificial Intelligence Information Security Passwords Encryption

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Once they’re in, they can grab your emails, usernames, passwords, and more. They might even lock you out of your own accounts by resetting your passwords.

DNS

DNS VPN Encryption Passwords

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Security Affairs

JANUARY 1, 2024

An attacker can use the exploit to access Google services, even after a user’s password reset. The encrypted tokens are decrypted using an encryption key stored in Chrome’s Local State within the UserData directory, similar to the encryption used for storing passwords.” iPhone/15.7.4

Malware

Malware Penetration Testing Passwords Encryption

Morgan Stanley discloses data breach after the hack of a third-party vendor

Security Affairs

JULY 8, 2021

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. ” reads the letter.

Data breaches

Data breaches Hacking Banking Financial Services

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The fact that there are so many different APIs is the main challenge for enterprises when it comes to API security.

Hacking

Hacking Penetration Testing Data breaches Authentication

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. The Archiveus Trojan from 2006 was the first one to use RSA cipher, but it was reminiscent of a proof of concept and used a static 30-digit decryption password that was shortly cracked.

Ransomware

Ransomware Hacking Encryption Penetration Testing

The forum of the popular Albion Online game was hacked

Security Affairs

OCTOBER 19, 2020

A threat actor has breached the forum of Albion Online and stole usernames and password hashes from its database. On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords).” SecurityAffairs – hacking, Albion Online). Pierluigi Paganini.

Hacking

Hacking Data breaches Passwords Advertising

3.4 Million user records from LiveAuctioneers hack available for sale

Security Affairs

JULY 14, 2020

.” According to the company, attackers accessed personal details of the users, including names, email addresses, mailing addresses, phone numbers, and also encrypted passwords. The company confirmed that the an investigation into the hack is still ongoing. SecurityAffairs – hacking, LiveAuctioneers ). The post 3.4

Hacking

Hacking Data breaches Identity Theft Advertising

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Security Affairs

APRIL 19, 2020

A hacker has leaked the usernames and passwords of nearly 23 million players of Webkinz World on a well-known hacking forum. . “ZDNet has learned that details about the vulnerability have been circulating online before today’s leak for months, both on hacking forums and on online IM chat groups.”

Hacking

Hacking Passwords Data breaches Advertising

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

JUNE 13, 2023

A database containing the personal information of more than 8.9 A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. million Zacks users was leaked online appeared first on Security Affairs. ” reported HIBP.

Data breaches

Data breaches Passwords Cybercrime Encryption

3 of the Worst Data Breaches in the World That Could Have Been Prevented

Security Affairs

DECEMBER 1, 2022

While no plaintext passwords or financial data was stolen, the hack did expose answers to security questions. Experts believe Yahoo was using outdated, easy-to-crack encryption, which led to the attack. The attack is a good reminder of how critical strong encryption is in protecting your website users.

Data breaches

Data breaches Passwords Social Engineering Encryption

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

China Says NSA Is Hacking Top Military Research University

SecureWorld News

SEPTEMBER 12, 2022

China's National Computer Virus Emergency Response Center (CVERC) recently made a statement accusing the United States National Security Agency (NSA) of repeatedly hacking the Northwestern Polytechnical University, a key public military research university located in Xi'an, China. TAO is a tactical implementation unit of the U.S.

Hacking

Hacking Cyber Attacks Government Internet

10 Mobile Encryption Apps for Digital Privacy Protection

Spinone

DECEMBER 24, 2018

Cyber hacking is a billion-dollar industry and will only get larger. Based on the “Key findings from the Global State of Information Security® Survey 2017” by PricewaterhouseCoopers , over 28 percent of respondents have become the victims of mobile hacking. Moreover, it supports TOR encryption over XMPP.

Encryption

Encryption Mobile Computers and Electronics Government

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

. “The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. ” Upon executing the malware, the Rust binary prompts an error requiring a password to be passed as an argument.

Ransomware

Ransomware Encryption Healthcare Education

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Two-factor authentication is another important security measure for the cloud era. This means that in addition to your password, you will also need a second factor, such as a code from a key fob or a fingerprint, to access your data. Data encryption. In the cloud era, data encryption is more important than ever.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. Cybercriminals are interested in hacking your IP address for various reasons. The hacked and stolen IPs are often used for carrying out illegal activities.

Hacking

Hacking VPN Internet Internet

Avast releases a free decryptor for some Hades ransomware variants

Security Affairs

OCTOBER 5, 2022

The security firm discovered a bug in the encryption process implemented by the Hades ransomware that can be used to recover the files encrypted by some variants. “We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. Pierluigi Paganini.

Ransomware

Ransomware Encryption Backups Passwords

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

SMS Bomber allows a user to flood the victim’s phone number with a very long list of pre-baked HTTP requests asking for one-time codes, verification messages, password recoveries and the like. The collected information is formatted and sent to the C&C server. SecurityAffairs – hacking, Tropic Trooper).

Hacking

Hacking Wireless Encryption Passwords

Avast released a free decryptor for TargetCompany ransomware

Security Affairs

FEBRUARY 7, 2022

The experts warn that the decryptor consumes most of the processor’s computing power in order to retrieve the password, the cracking process may take up to tens of hours. “During password cracking, all your available processor cores will spend most of their computing power to find the decryption password. .

Ransomware

Ransomware Backups Encryption Passwords

Nation-state actors hacked Red Cross exploiting a Zoho bug

Security Affairs

FEBRUARY 17, 2022

The attribution of the hack is based on similarities of attackers’ TTPs with the ones associated with APT groups and the targeted nature of the attack. “Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators.

Hacking

Hacking Password Management Malware Encryption

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

These pieces of malware are created with the intent of stealing valuable data, such as login credentials, financial information, personal details, and more. This data may include usernames, passwords, credit card numbers, social security numbers, and other sensitive information.

Banking

Banking Cybercrime Malware Accountability

Developer hacked back Muhstik ransomware crew and released keys

Security Affairs

OCTOBER 8, 2019

One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group. SecurityAffairs – Muhstik ransomware, hacking).

Hacking

Hacking Ransomware Advertising Passwords

KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

Flaws in DataVault encryption software impact multiple storage devices

Webinars

Trending Sources

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Webinars

Plex discloses data breach and urges password reset

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

WhatsApp made available end-to-end encrypted chat backups

Iran-linked DEV-0270 group abuses BitLocker to encrypt victims’ devices

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

KeePass fixed the bug that allows the extraction of the cleartext master password

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

LastPass revealed that intruders had internal access for four days during the August hack

Trojan Shield, the biggest ever police operation against encrypted communications

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Asian media firm E27 hacked, attackers asked for a “donation”

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Cuba ransomware gang hacked 49 US critical infrastructure organizations

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Morgan Stanley discloses data breach after the hack of a third-party vendor

GUEST ESSAY : Advanced tech to defend API hacking is now readily available to SMBs

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The forum of the popular Albion Online game was hacked

3.4 Million user records from LiveAuctioneers hack available for sale

Popular Webkinz World online children’s game hacked, 23M credentials leaked

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

A database containing data of +8.9 million Zacks users was leaked online

3 of the Worst Data Breaches in the World That Could Have Been Prevented

TP-Link Archer routers allow remote takeover without passwords

China Says NSA Is Hacking Top Military Research University

10 Mobile Encryption Apps for Digital Privacy Protection

Experts spotted a variant of the Agenda Ransomware written in Rust

G Suite users’ passwords stored in plain-text for more than 14 years

15 Cybersecurity Measures for the Cloud Era

5 Ways to Protect Yourself from IP Address Hacking

Avast releases a free decryptor for some Hades ransomware variants

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Avast released a free decryptor for TargetCompany ransomware

Nation-state actors hacked Red Cross exploiting a Zoho bug

FBI published a flash alert on Mamba Ransomware attacks

Info stealers and how to protect against them

Developer hacked back Muhstik ransomware crew and released keys

Stay Connected