Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government 144

Government Hacking Ransomware Insurance 144

Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. ” On Feb.

Cybercrime 364

Cybercrime Hacking Passwords Accountability 364

Schneier on Security

JULY 2, 2021

The first is from Microsoft, which wrote : As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. News article.

Hacking 363

Hacking Passwords Malware Accountability 363

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords 122

Passwords Accountability Authentication Malware 122

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

Accountability 351

Accountability Hacking Scams Media 351

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The apparent breach at St. An online post by the attackers who broke into Data Viper.

Hacking 363

Hacking Marketing Cybercrime Accountability 363

Troy Hunt

NOVEMBER 13, 2024

I am interested in finding how my information ended up in your database. As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.  So, he asked them: I seem to have found my email in your data breach.

Data breaches 335

Data breaches Passwords B2B Technology 335

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Krebs on Security

JANUARY 21, 2022

The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. That’s probably because so few customers supply their real contact information when they sign up.

Hacking 351

Hacking Cybercrime Authentication Passwords 351

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 326

Hacking Accountability Passwords Cybersecurity 326

Security Affairs

JANUARY 25, 2025

The duo found Subaru’s admin panel hosted on a subdomain, allowing password resets for employee accounts without confirmation, bypassing two-factor authentication. Researchers used the valid employee email to reset the password, bypass two-factor authentication, and gain access to the panels functionality. ” wrote Curry.

Hacking 127

Hacking Accountability Authentication Passwords 127

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 362

Passwords Accountability VPN Malware 362

NetSpi Technical

NOVEMBER 14, 2024

Username domainuser -Password password Note: I’ve tried to provide time stamps and output during run-time, so you know what it’s doing. If you do not opt-in to use the LLM capabilities, this section simply won’t include the application related information. Happy hunting and don’t forget to hack responsibly!

Passwords 145

Passwords Risk Data collection Backups 145

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking 122

Hacking Data breaches Encryption Authentication 122

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing 285

Phishing Malware Scams Passwords 285

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. 54% were already in @haveibeenpwned. .”

Data breaches 123

Data breaches Internet Internet DDOS 123

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Schneier on Security

DECEMBER 2, 2022

The company was hacked , and customer information accessed. No passwords were compromised.

Passwords 322

Passwords Hacking 322

Troy Hunt

OCTOBER 2, 2020

The account takeover all began with the Grindr password reset page: I entered Scott's address, solved a Captcha and then received the following response: I've popped open the dev tools because the reset token in the response is key. And as for the website I couldn't log into without being deferred back to the mobile app?

Accountability 364

Accountability Hacking Passwords InfoSec 364

Security Affairs

DECEMBER 9, 2024

According to The Guardian , which first reported the incident,hackers may have accessed company customers emails along with usernames, passwords and personal details of top accountancy firms blue-chip clients. In addition to emails, hackers had potential access to IP addresses, architectural diagrams for businesses and health information.

Hacking 125

Hacking Ransomware Accountability Architecture 125

Krebs on Security

JANUARY 7, 2025

In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. “Password is changed,” the man said.

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Krebs on Security

JULY 22, 2020

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. ” Twice in the past year, the OGUsers forum was hacked , and both times its database of usernames, email addresses and private messages was leaked online.

Hacking 348

Hacking Accountability Scams Media 348

Krebs on Security

NOVEMBER 1, 2024

The missive bore the name of the hotel and referenced details from their reservation, claiming that booking.com’s anti-fraud system required additional information about the customer before the reservation could be finalized. One post last month on the Russian-language hacking forum BHF offered up to $5,000 for each hotel account.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A.

Data breaches 130

Data breaches Financial Services Hacking Mobile 130

Security Affairs

OCTOBER 28, 2024

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S. million mobile and fixed subscribers. .

Cyber Attacks 127

Cyber Attacks Telecommunications Data breaches Banking 127

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals.

Passwords 363

Passwords Password Management Phishing Scams 363

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Avoid password reuse, choose complex passwords, and check account activity often. If you suspect fraud, change passwords and contact your brokerage immediately.

Financial Services 121

Financial Services Passwords Accountability Antivirus 121

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. 1 – Storing 1 copy offsite (e.g.,

Small Business 162

Small Business Data breaches Backups Passwords 162

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability 329

Accountability Hacking Media Mobile 329

Security Affairs

FEBRUARY 28, 2025

One of these experts, the white hat hacker Aditya K Sood, demonstrated how weak or default passwords expose solar plants to cyber threats, allowing remote control over power systems, risking grid security. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,smart solar systems)

Hacking 103

Hacking Passwords Risk Cyber threats 103

Krebs on Security

AUGUST 6, 2020

In June, KrebsOnSecurity was contacted by a cybersecurity researcher who discovered that a group of scammers was sharing highly detailed personal and financial records on Americans via a free web-based email service that allows anyone who knows an account’s username to view all email sent to that account — without the need of a password.

Accountability 363

Accountability Identity Theft Hacking Insurance 363

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. ” The DOJ said it also recovered more than 6.5

Hacking 315

Hacking Malware Ransomware Government 315

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. “Through Eurojust, authorities were able to quickly exchange information and coordinate actions to take down the infostealers.”

Identity Theft 127

Identity Theft Passwords Malware Banking 127

Security Affairs

FEBRUARY 4, 2025

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. The company reset affected passwords.

Data breaches 116

Data breaches Passwords Accountability Hacking 116

Krebs on Security

FEBRUARY 4, 2025

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. — is registered at an address in Gan-Ner, Israel, but there is no ownership information about this entity.

eCommerce 218

eCommerce Cybercrime Accountability Hacking 218

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 75

Education Passwords Accountability Encryption 75