2014, Authentication and Hacking - Cyber Security Informer

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

Facebook told KrebsOnSecurity it seized hundreds of accounts — mainly on Instagram — that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion , SIM swapping , and swatting. THE MIDDLEMEN. WHAT YOU CAN DO.

Accountability

Accountability Hacking Media Mobile

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

FEBRUARY 12, 2019

VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.” Strangely, not all VMs shared the same authentication, but all were destroyed. The first signs of the attack came on the morning of Feb. Just attack and destroy.”

Hacking

Hacking DDOS Backups Accountability

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

OCTOBER 2, 2020

For example, in 2014 Egypt's police were found to be using Grindr to "trap gay people" which was particularly concerning in a country not exactly up to speed with LGBT equality. I asked for technical detail so I could validated the authenticity of his claim and the info duly arrived.

Accountability

Accountability Hacking Passwords InfoSec

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

NOVEMBER 25, 2020

million settlement in a multi-state investigation of the data breach that the company suffered in 2014. million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers across the US and Canada. SecurityAffairs – hacking, Data breach). ” . .

Retail

Retail Data breaches Penetration Testing Information Security

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

FEBRUARY 19, 2025

The second vulnerability, tracked CVE-2025-26466 (CVSS score: 5.9), affects both the OpenSSH client and server, allowing a pre-authentication denial-of-service attack. Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure.

Authentication

Authentication System Administration DNS Hacking

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

Alleged Activision hack, 500,000 Call Of Duty players impacted

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. “All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Data breaches Accountability Passwords

Popular OGUsers hacking forum breached for the second time in a year

Security Affairs

APRIL 5, 2020

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. SecurityAffairs – OGUsers forum, hacking).

Hacking

Hacking Data breaches Advertising Backups

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

Security Affairs

MAY 31, 2020

One vulnerability could allow an authenticated user with subscriber-level and above permissions to update and modify posts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – PageLayer, hacking).

Hacking

Hacking Advertising Authentication Accountability

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Security Affairs

MAY 3, 2020

The hacker claims to have hacked the company in March 2020, it has stolen just a small part of the company database. ZDNet confirmed the authenticity of the leaked data. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Accountability

Accountability Hacking Passwords Data breaches

Unacademy hacked, 22 million accounts offered for sale

Security Affairs

MAY 6, 2020

The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period. BleepingComputer contacted some Unacademy users and verified that the data is authentic. SecurityAffairs – Unacademy, hacking).

Accountability

Accountability Hacking Data breaches Advertising

4 Million Quidd account details shared on hacking forums

Security Affairs

APRIL 14, 2020

The details of around four million users are now being shared for free on underground hacking forums, according to ZDNet that has obtained samples from different sources, exposed records include usernames, email addresses, and hashed account passwords (bcrypt hashing algorithm). ” reads the post published Risk Based Security.

Accountability

Accountability Hacking Data breaches Passwords

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively.

Internet

Internet Internet Hacking Advertising

LineageOS servers hacked, attackers exploited unpatched Salt issues

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online. SecurityAffairs – LineageOS, hacking).

Hacking

Hacking Advertising Authentication Mobile

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Which brings us back to Aadhaar and some rather unpleasant headlines of late, particularly the likes of The World's Largest Biometric ID System Keeps Getting Hacked. They claim that they're hack-proof. But claiming the service is "hack-proof", that's something I definitely have an issue with. Can you prove otherwise?

Hacking

Hacking Government Encryption Risk

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

Security Affairs

APRIL 10, 2020

VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service ( vmdir ) for authentication. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Information Security

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

DECEMBER 3, 2018

Related: Uber hack shows DevOps risk. The Starwood hack appears to come in second in scale only to the 2013 Yahoo breac h, which affected as many as 3 billion accounts, while a subsequent Yahoo breach also hit 500 million accounts. In 2014, a JP Morgan Chase hack exposed 76 million households.

Hacking

Hacking eCommerce Authentication Social Engineering

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Security Affairs

JUNE 23, 2020

CLOP ransomware operators have allegedly hacked IndiaBulls Group , an Indian conglomerate headquartered in Gurgaon, India. CLOP ransomware operators have allegedly hacked the Indian conglomerate IndiaBulls Group , its primary businesses are housing finance, consumer finance, and wealth management. . Pierluigi Paganini.

Hacking

Hacking Ransomware Banking Advertising

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

FEBRUARY 18, 2020

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. This means that these components have no way to validate that the firmware loaded by the device is authentic and should be trusted. SecurityAffairs – unsigned firmware, hacking).

Firmware

Firmware Hacking Authentication Advertising

State Department’s Email Server Breached

Adam Levin

SEPTEMBER 20, 2018

While the breach itself is relatively minor, it highlights the relative lack of progress made by the department to enact more rigorous security measures, despite repeated hack attempts and security breaches. Two-factor authentication is a legal requirement and also considered a bare minimum protocol for cybersecurity protection.

Authentication

Authentication Government Cyber Attacks Hacking

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Security Affairs

JUNE 1, 2020

The expert Bhavuk Jain received an award of $100,000 for reporting a severe security issue in ‘Sign in with Apple’ authentication bypass bug that could allow the takeover of third-party user accounts. . The accounts are protected with two-factor authentication, and Apple does not track users’ activity in their app or website.

Authentication

Authentication Accountability Advertising Passwords

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

Security Affairs

NOVEMBER 27, 2019

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 On Reddit , some users have questioned the authenticity of the hack claim, which is no surprise given how often exchanges will say they have suffered a cyberattack , only to perform an exit scam. . million in cryptocurrency.

Cryptocurrency

Cryptocurrency Hacking Data breaches Scams

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. ” Experts noticed the lack of authentication between the backend servers and the “Mercedes me” mobile app, which allows users to remotely control multiple functions of the car.

Hacking

Hacking Advertising Mobile Engineering

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

DigiLocker provides an account in cloud to every Aadhaar holder to access authentic documents/certificates such as driving license, vehicle registration, academic mark sheet in digital format from the original issuers of these certificates. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication

Authentication Mobile Accountability Passwords

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Security Affairs

FEBRUARY 17, 2020

The popular hacker group OurMine has hacked the official Twitter account of the FC Barcelona, along with the accounts of Olympics and the International Olympic Committee (IOC). The popular hacker group has hacked the official Twitter account of the FC Barcelona, along with the accounts of and the International Olympic Committee (IOC).

Accountability

Accountability Hacking Advertising Media

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Security Affairs

MAY 25, 2020

.” The seller is offering 31 databases and gives a sample for the buyers to check the authenticity of the data. Most of the listed databases are from online stores in Germany, others e-store hacked by threat actors are from Brazil, the U.S., Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Passwords Authentication

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

Security Affairs

FEBRUARY 17, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, WordPress).

Hacking

Hacking Advertising Authentication

HP Device Manager flaws expose Windows systems to hack

Security Affairs

OCTOBER 4, 2020

The issue does not impact customers who use Active Directory authenticated accounts. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, HP). Pierluigi Paganini.

Hacking

Hacking Accountability Passwords Advertising

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account. ” Anderson said all consumers have the option to activate a multi-factor authentication method that’s requested each time they log in to their account. 9, 2022 and Dec.

Accountability

Accountability Authentication Passwords Identity Theft

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. An attempted attack requires user authentication.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SP1 for Windows. ” reported ZDNet.

Antivirus

Antivirus Hacking Advertising Media

600+ installs of WordPress Cookie Consent Plugin vulnerable to hack. Fix it now!

Security Affairs

FEBRUARY 13, 2020

“An authenticated user such as a subscriber can use it to put any existing page or post (or the entire website) offline by changing their status from “published” to “draft”:” “Additionally, it is possible to delete or change their content. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Authentication Information Security

Dell SupportAssist flaw exposes computers to hack, patch it asap!

Security Affairs

FEBRUARY 11, 2020

“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – hacking, Dell).

Hacking

Hacking Software Advertising Authentication

Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

Security Affairs

MARCH 13, 2020

The flaw tracked CVE-2020-10195 is classified as an Authenticated Settings Modification, Configuration Disclosure, and User Data Export. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. SecurityAffairs – hacking , PoPup Builder).

Hacking

Hacking Advertising Authentication Cyber Attacks

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

Security Affairs

APRIL 3, 2020

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. 2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Pierluigi Paganini.

Hacking

Hacking Advertising Authentication Accountability

100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin

Security Affairs

APRIL 28, 2020

2020 – An authentication bypass vulnerability in the InfiniteWP plugin that could potentially impact by more than 300,000 sites. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – WordPress, hacking).

Hacking

Hacking Accountability Advertising Authentication

Great news, now you can protect your Zoom account with 2FA

Security Affairs

SEPTEMBER 11, 2020

Zoom has implemented two-factor authentication (2FA) to protect all user accounts against security breaches and other cyber attacks. Zoom has announced finally implemented the two-factor authentication (2FA) to protect all user accounts from unauthorized accesses. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Accountability

Accountability Authentication Advertising Passwords

Trend Micro addresses two issues exploited by hackers in the wild

Security Affairs

MARCH 18, 2020

It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs. An attempted attack requires user authentication.” The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”. An attempted attack requires user authentication.”

Authentication

Authentication Advertising Antivirus Cybercrime

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

It also provides an authenticated inter-process communication mechanism. Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre- authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking.

Authentication

Authentication Malware Advertising Hacking

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. “I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said.

Accountability

Accountability Passwords Authentication Password Management

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Security Affairs

MARCH 8, 2020

The vulnerability is a post-authentication command injection issue and impacts Nighthawk (R7800) routers running firmware prior to version 1.0.2.60. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Firmware

Firmware Wireless Advertising Authentication

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. The Netlogon service is an Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers. Pierluigi Paganini.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

APRIL 16, 2020

Ransomware hacking groups extorted at least $144.35 economy Manipulating identities Threat actors seek out AD for the same reason corporations rely on it: AD is the hub of authentication, supplying Single Sign-On (SSO) access across the entire company network. Ransomware continues to endure as a highly lucrative criminal enterprise.

Ransomware

Ransomware Hacking Authentication Manufacturing

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Security Affairs

FEBRUARY 21, 2020

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws. “vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. SecurityAffairs – hacking, IOTA foundation).

Authentication

Authentication Telecommunications Advertising Hacking

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Trending Sources

Hacking Grindr Accounts with Copy and Paste

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Alleged Activision hack, 500,000 Call Of Duty players impacted

Popular OGUsers hacking forum breached for the second time in a year

Over 100K+ WordPress sites using PageLayer plugin exposed to hack

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

TOKOPEDIA e-commerce hacked, 91 Million accounts available on the darkweb

Unacademy hacked, 22 million accounts offered for sale

4 Million Quidd account details shared on hacking forums

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

LineageOS servers hacked, attackers exploited unpatched Salt issues

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

CLOP Ransomware operators hacked Indian conglomerate IndiaBulls Group

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

State Department’s Email Server Breached

Expert earns $100,000 for ‘Sign in with Apple’ authentication bypass bug

Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

A flaw in India Digilocker could?ve been exploited to bypass authentication

FC Barcelona and the International Olympic Committee Twitter accounts hacked

Crooks hacked e-shops and threaten to sell SQL databases if ransom not paid

Flaw in WordPress ThemeGrill Demo Importer WordPress theme plugin expose 200K+ sites to hack

HP Device Manager flaws expose Windows systems to hack

It’s Still Easy for Anyone to Become You at Experian

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

600+ installs of WordPress Cookie Consent Plugin vulnerable to hack. Fix it now!

Dell SupportAssist flaw exposes computers to hack, patch it asap!

Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin

Great news, now you can protect your Zoom account with 2FA

Trend Micro addresses two issues exploited by hackers in the wild

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Experian, You Have Some Explaining to Do

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

VMware addresses serious flaws in vRealize Operations for Horizon Adapter

Stay Connected