2014 and Passwords - Cyber Security Informer

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Accountability Hacking Password Management

On the Security of Password Managers

Schneier on Security

FEBRUARY 25, 2019

There's new research on the security of password managers, speficially 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of password lying around memory?

Password Management

Password Management Passwords Software

FBI recommends using passphrases instead of complex passwords

Security Affairs

FEBRUARY 24, 2020

The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity.

Passwords

Passwords Advertising Technology Hacking

The Worst Passwords of 2014

Spinone

JANUARY 21, 2015

Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3

Passwords

Passwords Password Management Backups Hacking

TeamViewer flaw can allow hackers to steal System password

Security Affairs

AUGUST 11, 2020

A severe vulnerability impacting TeamViewer for Windows, tracked as CVE 2020-13699, could be exploited by remote attackers to steal the system password. TeamViewer has recently addressed a high-risk vulnerability ( CVE 2020-13699 ), that could be exploited by remote attackers to steal system password and potentially compromise it.

Passwords

Passwords Authentication Advertising Software

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum.

VPN

VPN Passwords Banking Advertising

Linksys force password reset to prevent Router hijacking

Security Affairs

APRIL 16, 2020

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. At the end of March, Linksys issued a security alert warning users of the ongoing attacks and urging them to reset the passwords. “In Pierluigi Paganini. SecurityAffairs – Linksys, hacking).

Passwords

Passwords DNS Malware Advertising

A study reveals the list of worst passwords of 2019

Security Affairs

DECEMBER 16, 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. Use 2FA if you can.

Passwords

Passwords Data breaches Advertising Password Management

Over 23 million breached accounts were using ‘123456’ as password

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).

Passwords

Passwords Accountability Data breaches Advertising

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Security Affairs

AUGUST 12, 2020

The experts first discovered the malware in June 2018, but it has been available since 2014, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Passwords

Passwords Spyware VPN Malware

Instagram glitch exposed some user passwords

Security Affairs

NOVEMBER 18, 2018

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Advertising Accountability Media

Zoom client for Windows could allow hackers to steal users’Windows password

Security Affairs

APRIL 1, 2020

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. The attack leverages the SMBRelay technique that provides username and NTLM password hashes to a remote SMB server when connecting to it. Baset (@SymbianSyMoh) April 1, 2020.

Passwords

Passwords Advertising Hacking Software

10 Takeaways From The 2014 Verizon Breach Report

SiteLock

AUGUST 27, 2021

The three most common forms of attack on web apps were phishing (to lure users into revealing their passwords), brute force attacks to crack passwords, and SQL injections. The top targets for web app attacks were the information sector, utilities, manufacturing, and retail. The top two targets were the financial sector and retail.

Retail

Retail Data breaches DDOS Passwords

Mozilla addresses “master password” security bypass flaw in Firefox

Security Affairs

AUGUST 15, 2019

The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. ” reads a post published by Ducklin.

Passwords

Passwords Password Management Advertising Hacking

TP-Link Archer routers allow remote takeover without passwords

Security Affairs

DECEMBER 17, 2019

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. “In such an event, the victim could lose access to the console and even a shell, and thereby would not be able to re-establish a new password.” ” continues the post.

Passwords

Passwords Advertising Firmware Authentication

Collection #1 dump, 773 million emails, 21 million passwords

Security Affairs

JANUARY 17, 2019

Someone has collected a huge trove of data through credential stuffing , the ‘Collection #1’ archive is a set of email addresses and passwords totalling 2,692,818,238 rows resulting from thousands of different sources. million passwords are not part of known past data breaches. ” concludes Hunt. Pierluigi Paganini.

Passwords

Passwords Data breaches Advertising Hacking

Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Security Affairs

APRIL 19, 2019

Other problems for Facebook that admitted to have stored m illions of Instagram users’ passwords in plaintext. In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belonging to Instagram users as well.

Passwords

Passwords Advertising Accountability Authentication

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

SEPTEMBER 16, 2019

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Go to [link] , when prompted for password click the little “…” icon. Pierluigi Paganini.

Password Management

Password Management Passwords Advertising Mobile

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

Microsoft removes Password-Expiration Policy in security baseline for Windows 10

Security Affairs

APRIL 28, 2019

Microsoft presented a series of security enhancements for its Windows 10, including the removal of the password-expiration policy. Microsoft announced the removal of the password-expiration policy from its operating system starting with the next Windows 10 feature update (Windows 10 version 1903, a.k.a., ” continues the post.

Passwords

Passwords Advertising Authentication Data breaches

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email! Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Data breaches Advertising

Stock trading service Robinhood stored passwords in plaintext for some users

Security Affairs

JULY 25, 2019

Stock trading service Robinhood announced that the passwords of a number of users were stored in plaintext, the company is informing impacted ones. Stock trading service Robinhood admitted to have stored passwords of a number of users in plain text, the company is informing impacted ones via emai l. Pierluigi Paganini.

Passwords

Passwords Financial Services Advertising Accountability

Dell data breach – Dell forces password reset after the incident

Security Affairs

NOVEMBER 29, 2018

names, email addresses, and hashed passwords) from the company portal Dell.com, from support.dell.com websites. As a precautionary measure, Dell forced reset passwords for all accounts on Dell.com website, the company also announced additional measures to mitigate potential effects of the incident. . Pierluigi Paganini.

Data breaches

Data breaches Passwords Advertising Accountability

Password Checkup Chrome extension warns users about compromised logins

Security Affairs

FEBRUARY 11, 2019

Google has released a new extension for Chrome dubbed Password Checkup that will alert users if their username/password combinations were leaked online as part of a dump after a data breach. The tool will display a red alert box in case of a positive match and will suggest users change the password. Pierluigi Paganini.

Passwords

Passwords Data breaches Advertising Hacking

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

Security Affairs

AUGUST 17, 2019

Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. “ SafeBreach Labs discovered a new vulnerability in Trend Micro Password Manager software.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Password Management

Password Management Passwords Advertising Authentication

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

Google accidentally stored the passwords of its G Suite users in plain-text for 14 years allowing its employees to access them. The news is disconcerting, Google has accidentally stored the passwords of the G Suite users in plain-text for 14 years, this means that every employee in the company was able to access them.

Passwords

Passwords Encryption Advertising Accountability

Thinkful forces a password reset for all users after a data breach

Security Affairs

SEPTEMBER 23, 2019

The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The company is notifying the incident to its users via email and is forcing a password reset in response to the incident. ” continues the notification.

Data breaches

Data breaches Passwords Education Advertising

WizzAir informed customers it forced a password reset on their accounts

Security Affairs

JULY 21, 2019

The airline company WizzAir informed its customers that it had reset the account passwords due to a technical issue in the system. The airline company WizzAir had reset the account passwords of its users due to a technical issue in its system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Passwords

Passwords Accountability Advertising Hacking

Foxit Software discloses a data breach that exposed user passwords

Security Affairs

AUGUST 30, 2019

Foxit Software, the company behind the Foxit PDF reader app, disclosed a data breach that exposed customers’ information, including passwords. Foxit already notified the impacted ‘My Account’ users of the security breach via emails and forced them to reset passwords. ” continues the advisory.

Data breaches

Data breaches Passwords Software Identity Theft

Slack resetting passwords for roughly 1% of its users

Security Affairs

JULY 18, 2019

Slack is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015. Slack announced it is resetting passwords for accounts belonging to users that have not secured them after the data breach suffered by the company in 2015. ” continues the announcement.

Passwords

Passwords Data breaches Accountability Advertising

wget utility potential leaked password via extended filesystem attributes

Security Affairs

JANUARY 2, 2019

The security researcher Gynvael Coldwind (@voltagex) discovered that the stored attributes can include user usernames and passwords. This includes the cases where the URL has a user/password in it $ getfattr -d -m – test user.xdg.origin.url="[link] — Gynvael Coldwind (@gynvael) December 25, 2018. Pierluigi Paganini.

Passwords

Passwords Advertising Internet Internet

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Security Affairs

SEPTEMBER 6, 2019

600,000 GPS trackers left exposed online with a default password of ‘123456’ Avast researchers found at least 600,000 GPS trackers manufactured by a Chinese vendor that were exposed online with a default password of “123456.” The use of default passwords represents a serious problem also for the Chinese vendor.

Passwords

Passwords Manufacturing Advertising Firmware

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Change your email account password. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Million password resets and 2FA codes exposed in unsecured Vovox DB

Security Affairs

NOVEMBER 17, 2018

Million of password resets and two-factor authentication codes exposed in unsecured Vovox DB. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. Security Affairs – Voxox, data leak).

Passwords

Passwords Accountability Data breaches Advertising

Bodybuilding.com forces password reset after a security breach

Security Affairs

APRIL 23, 2019

The IT staff behind Bodybuilding.com also introduced additional security measures and forced a password reset for its customers. Data potentially exposed in the incident includes name, Bodybuilding.com usernames and passwords. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” As usual.

Passwords

Passwords Retail Accountability Data breaches

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet

Internet Internet Passwords Malware

Dailymotion forces password reset in response to credential stuffing Attack

Security Affairs

JANUARY 28, 2019

After the discovery of hacking attempts, the French firm logged users out and forced a password reset procedure by including in the notification a link to change the password and re-gain access to the account. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the company.

Passwords

Passwords Data breaches Accountability Advertising

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. He also shared a PayPal receipt and snippets of Facebook Messenger logs showing conversations in March 2014 with legendboy2050@yahoo.com. com on Mar.

Accountability

Accountability Advertising Marketing Malware

Imgur Confirms 2014 Breach of 1.7 Million User Accounts

Threatpost

NOVEMBER 27, 2017

Researcher Troy Hunt is credited for tipping image sharing site Imgur off to a 2014 breach of 1.7 million user accounts.

Accountability

Accountability Data breaches Passwords Hacking

Marriott Was Hacked -- Again

Schneier on Security

APRIL 2, 2020

account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. Marriott announced another data breach, this one affecting 5.2 linked airline loyalty programs and numbers).

Hacking

Hacking Accountability Data breaches Government

How BeerAdvocate Learned They'd Been Pwned

Troy Hunt

JULY 21, 2020

The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned as they'd seen evidence of an email address and password they'd used on the service being abused. Someone had registered a new Netflix account with my email / password associated with my BeerAdvocate account. Not even a password manager.

Passwords

Passwords Accountability Password Management Backups

Threat actor leaked data for U.S. gun exchange site on hacking forum

Security Affairs

AUGUST 13, 2020

The leaked data includes login names, hashed passwords, and email addresses. It is not confirmed that all of the leaked data is legitimate, anyway, experts suggest users change their password immediately. Users that share the password at another site should also change the password. Pierluigi Paganini.

Hacking

Hacking Data breaches Cybercrime Passwords

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Faceless grew out of a popular anonymity service called iSocks , which was launched in 2014 and advertised on multiple Russian crime forums as a proxy service that customers could use to route their malicious Web traffic through compromised computers. The password chosen by this user was “ 1232.” account at Klerk.ru).

Malware

Malware Passwords Accountability Advertising

Online education site EduCBA discloses data breach and reset customers? pwds

Security Affairs

MAY 24, 2020

The online education portal EduCBA discloses a data breach and is resetting customers’ passwords in response to the incident. Online education website EduCBA discloses a data breach, it has started notifying customers that in response to the incident it is resetting their passwords. Pierluigi Paganini.

Data breaches

Data breaches Education Passwords Advertising

Ukraine Nabs Suspect in 773M Password ?Megabreach?

On the Security of Password Managers

Trending Sources

FBI recommends using passphrases instead of complex passwords

The Worst Passwords of 2014

TeamViewer flaw can allow hackers to steal System password

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Linksys force password reset to prevent Router hijacking

A study reveals the list of worst passwords of 2019

Over 23 million breached accounts were using ‘123456’ as password

Agent Tesla includes new password-stealing capabilities from browsers and VPNs

Instagram glitch exposed some user passwords

Zoom client for Windows could allow hackers to steal users’Windows password

10 Takeaways From The 2014 Verizon Breach Report

Mozilla addresses “master password” security bypass flaw in Firefox

TP-Link Archer routers allow remote takeover without passwords

Collection #1 dump, 773 million emails, 21 million passwords

Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

A flaw in LastPass password manager leaks credentials from previous site

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Microsoft removes Password-Expiration Policy in security baseline for Windows 10

Poloniex forces password reset following a data leak

Stock trading service Robinhood stored passwords in plaintext for some users

Dell data breach – Dell forces password reset after the incident

Password Checkup Chrome extension warns users about compromised logins

Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager

G Suite users’ passwords stored in plain-text for more than 14 years

Thinkful forces a password reset for all users after a data breach

WizzAir informed customers it forced a password reset on their accounts

Foxit Software discloses a data breach that exposed user passwords

Slack resetting passwords for roughly 1% of its users

wget utility potential leaked password via extended filesystem attributes

Over 600k GPS trackers left exposed online with a default password of ‘123456’

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Million password resets and 2FA codes exposed in unsecured Vovox DB

Bodybuilding.com forces password reset after a security breach

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Dailymotion forces password reset in response to credential stuffing Attack

Who’s Behind the Botnet-Based Service BHProxies?

Imgur Confirms 2014 Breach of 1.7 Million User Accounts

Marriott Was Hacked -- Again

How BeerAdvocate Learned They'd Been Pwned

Threat actor leaked data for U.S. gun exchange site on hacking forum

Giving a Face to the Malware Proxy Service ‘Faceless’

Online education site EduCBA discloses data breach and reset customers? pwds

Stay Connected