Security Affairs

FEBRUARY 27, 2020

Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Now the authors implemented the ability to steal 2FA code from the Google Authenticator app abusing the Accessibility Privileges. Pierluigi Paganini.

Banking 136

Banking Authentication Advertising Malware 136

Security Affairs

MAY 6, 2020

Hackers have breached the online learning platform Unacademy and are selling the account information for close to 22 million users. Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users. Pierluigi Paganini.

Accountability 133

Accountability Hacking Data breaches Advertising 133

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords 362

Passwords Accountability Hacking Password Management 362

Security Affairs

MAY 3, 2020

The company has over 4200 employees and accounts for over 90 million active users every month. ZDNet confirmed the authenticity of the leaked data. Tokopedia is currently investigating the security breach, it notified the users asking them to reset their account passwords. Pierluigi Paganini.

Accountability 144

Accountability Hacking Passwords Data breaches 144

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication 123

Authentication Accountability Advertising Passwords 123

Security Affairs

JUNE 8, 2020

Any Indian DigiLocker Account Could’ve Been Accessed Without Password. DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates.

Authentication 133

Authentication Mobile Accountability Passwords 133

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reported ZDNet. Pierluigi Paganini.

Accountability 144

Accountability Hacking Data breaches Passwords 144

Security Affairs

DECEMBER 3, 2019

A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. “While OAuth 2.0 Pierluigi Paganini.

Authentication 97

Authentication Accountability Social Engineering Advertising 97

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability 132

Accountability Hacking Advertising Media 132

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication 153

Authentication VPN Passwords Hacking 153

Security Affairs

FEBRUARY 22, 2019

WhatsApp recently implemented Face ID and Touch ID authentication for Apple iOS app, but unfortunately, it can be easily bypassed. Earlier February, WhatsApp introduced Face ID and Touch ID authentication for its iOS app to allow users to lock the application using the Face ID facial recognition and Touch ID fingerprint systems.

Authentication 107

Authentication Advertising Media Accountability 107

Security Affairs

FEBRUARY 24, 2020

Slickwraps has disclosed a data breach that impacted over 850,000 user accounts, data were accidentally exposed due to security vulnerabilities. Lynx0x00’s Medium and Twitter accounts have mysteriously vanished but, fortunately, the Internet never truly forgets. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability 135

Accountability Data breaches Passwords Advertising 135

Security Affairs

FEBRUARY 19, 2020

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions.

Accountability 144

Accountability Advertising Account Security Authentication 144

Adam Levin

SEPTEMBER 20, 2018

A study released by the Government Accountability Office earlier this year showed that the State Department has deployed two-factor authentication to only 11% of the devices used by staff. Two-factor authentication is a legal requirement and also considered a bare minimum protocol for cybersecurity protection.

Authentication 203

Authentication Government Cyber Attacks Hacking 203

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Pierluigi Paganini.

Authentication 143

Authentication Mobile Advertising Accountability 143

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication 111

Authentication Advertising Accountability Hacking 111

Security Affairs

MARCH 17, 2019

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

Accountability 112

Accountability Phishing Authentication Passwords 112

Security Affairs

NOVEMBER 3, 2018

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. ” states the BBC.

Accountability 111

Accountability Advertising Hacking Cybercrime 111

Security Affairs

APRIL 14, 2019

Bad news for users of the Microsoft Outlook email service, hackers have compromised the Microsoft Support Agent to access their email accounts. Earlier this year, hackers breached Microsoft’s customer support portal and gained access to some email accounts registered with the Microsoft’s Outlook service. Pierluigi Paganini.

Accountability 111

Accountability Hacking Data breaches Advertising 111

Krebs on Security

FEBRUARY 12, 2019

11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” Just attack and destroy.”

Hacking 275

Hacking DDOS Backups Accountability 275

Krebs on Security

JULY 23, 2020

As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images.

Insurance 347

Insurance Financial Services Penetration Testing Scams 347

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. “I need the money. Pierluigi Paganini.

Accountability 111

Accountability Hacking Advertising Data breaches 111

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. That same email address also is tied to two forum accounts for a user with the handle “ O.R.Z.” account on Carder[.]su

Malware 301

Malware Cybercrime Software Accountability 301

Security Affairs

DECEMBER 10, 2019

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Pierluigi Paganini.

Accountability 98

Accountability Hacking Passwords Advertising 98

Security Affairs

APRIL 29, 2019

million user accounts worldwide were using ‘123456’ as password, while 7.7 Another good practice is the set up of multi-factor authentication wherever possible. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords 111

Passwords Accountability Data breaches Advertising 111

Krebs on Security

JANUARY 18, 2021

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. Those “partner” customers will be given the opportunity to cash out their accounts. and European authorities seized a number of its servers.

Marketing 297

Marketing Cybercrime Accountability Cryptocurrency 297

Security Affairs

DECEMBER 1, 2019

Over 90 percent of the users identified by Google were targeted via “credential phishing emails” that attempt to trick victims into providing their password or other account credentials to hijack their Google account. It doesn’t mean that hackers successfully compromised their Google accounts. Pierluigi Paganini.

Phishing 145

Phishing Accountability Advertising Cyber Attacks 145

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 142

Hacking Data breaches Accountability Passwords 142

Security Affairs

JUNE 19, 2020

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347 , could be exploited by local authenticated attackers to gain access to sensitive information. Pierluigi Paganini.

Authentication 144

Authentication Advertising Accountability Hacking 144

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Salesforce told KrebsOnSecurity that this was not a compromise of Pardot, but of a Pardot customer account that was not using multi-factor authentication.

Phishing 239

Phishing Marketing Accountability DNS 239

Security Affairs

MARCH 31, 2020

name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., stay/room preferences and language preference). .”

Data breaches 144

Data breaches Passwords Advertising Accountability 144

Security Affairs

MARCH 10, 2020

which is a Shopify-like platform that has been hosting hundreds of online shops used for the sale of hacked accounts and stolen user data. international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. platform, offered data were authentic according to the feds.

Accountability 144

Accountability Advertising Passwords Hacking 144

Security Affairs

APRIL 5, 2020

OGUsers is a black marketplace known for selling any kind of stolen data, including Instagram, Fortinet, Minecraft, Steam, PSN, Fortinet, Skype, and Snapchat accounts. The forum users should know everything about account hijacking since this is how OGUsers became widely known in the first place. Pierluigi Paganini.

Hacking 141

Hacking Data breaches Advertising Backups 141

Security Affairs

AUGUST 4, 2020

UberEats is an American online food ordering and delivery platform launched by Uber in 2014. Exposed records include information such as login credentials, full name, contact number, trip details, bank card details, account creation date. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking 145

Banking Data breaches Advertising Mobile 145

The Last Watchdog

AUGUST 18, 2021

Norton got ‘ demergered ’ from Symantec in 2014 and then acquired LifeLock for $2.3 There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords. billion in 2017; Avast acquired AVG for $1.3

Antivirus 223

Antivirus Marketing Identity Theft Social Engineering 223

Malwarebytes

JULY 25, 2022

Word is spreading of a compromise claimed to have accessed around 69 million user accounts. Back in 2014, “tens of millions” of Neopets accounts were said to have been traded on underground forums. In 2020, there were claims of ways to potentially gain access to user accounts. Neopets also addressed this.

Data breaches 94

Data breaches Accountability Passwords Password Management 94

Security Affairs

APRIL 26, 2020

The data for any specific firewall depends upon the specific configuration and may include usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access.” ” “Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 145

Firewall Passwords Accountability Advertising 145