Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches 126

Data breaches Accountability Mobile Phishing 126

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 114

Accountability Hacking Financial Services Cybersecurity 114

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The ads published by the sellers claim that the data were stolen from Weibo in mid-2019.

Accountability 144

Accountability Passwords Advertising Internet 144

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site The site looks exactly like the real Airbnb, includes pictures of the requested property, and steers visitors toward signing in or to creating a new account. co.uk , airbnb.pt-anuncio[.]com

Scams 249

Scams Advertising Accountability Phishing 249

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches 118

Data breaches Identity Theft Accountability Healthcare 118

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. ” reads the update provided by DoJ.

Accountability 135

Accountability Hacking Information Security Government 135

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

NOVEMBER 20, 2020

was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.”

Banking 143

Banking Cyber Attacks Accountability Media 143

Security Affairs

MARCH 20, 2020

In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing 145

Phishing Accountability Advertising DNS 145

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software 142

Software System Administration Advertising Accountability 142

Security Affairs

MARCH 6, 2020

Carnival Corporation, the world’s largest travel leisure company, discloses a data breach that took place in 2019. The company is informing customers of the incident, a third-party gained unauthorized access to their personal information. “In late May 2019, we identified suspicious activity on our network.

Data breaches 144

Data breaches Identity Theft Advertising Scams 144

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 302

Government Hacking Cyber threats Mobile 302

Security Affairs

APRIL 3, 2021

Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses. The data was amassed by threat actors by exploiting a vulnerability fixed in 2019 that allowed data scraping from the social network.

Hacking 145

Hacking Accountability Passwords Data breaches 145

Security Affairs

MAY 15, 2020

Below the list of databases, published by Bleepingcomputer , that are available for sale: Company Amount Data Breach Date Evite.com 101 million March 2019 Tokopedia.com 91 million April 2020 piZap.com 60.9 million February 2019 Wanelo.com Customers 23.2 million August 2019 SinglesNet.com 16.3 million May 2019 PumpUp.com 6.4

Data breaches 139

Data breaches Advertising Passwords Hacking 139

Security Affairs

SEPTEMBER 30, 2024

.” reads the press release published by DoJ. “From January 2019 through May 2020, Westbrook executed a hack-to-trade scheme through which he generated millions of dollars in profits.” ” Westbrook hacked into the email accounts of corporate executives at five US companies, by resetting their passwords.

Hacking 141

Hacking Accountability Passwords Cybercrime 141

Security Affairs

NOVEMBER 22, 2021

million of its managed WordPress customer accounts. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. ” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Pierluigi Paganini.

Data breaches 144

Data breaches Passwords Accountability Information Security 144

Security Affairs

NOVEMBER 7, 2024

CVE-2019-16278 – is a directory traversal issue in the function http_verify in nostromo nhttpd through 1.9.6 Additionally, Expedition provides automation and best practice adoption to improve security posture and operational efficiency. Versions up to 2.3.6 and unpatched 2.3.7 reads the advisory.

Firewall 133

Firewall Authentication Accountability Risk 133

Security Affairs

JANUARY 12, 2022

The threat actors also exploited known vulnerabilities to compromise target networks and accounts, including: CVE-2018-13379 FortiGate VPNs CVE-2019-1653 Cisco router CVE-2019-2725 Oracle WebLogic Server CVE-2019-7609 Kibana CVE-2019-9670 Zimbra software CVE-2019-10149 Exim Simple Mail Transfer Protocol CVE-2019-11510 Pulse Secure CVE-2019-19781 Citrix (..)

Malware 144

Malware Cyber threats Government Hacking 144

Security Affairs

NOVEMBER 13, 2020

The company pointed out that the data breach did not expose Social Security numbers or financial account information. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.” ” concludes the data breach notice.

Data breaches 144

Data breaches Insurance Accountability Software 144

Security Affairs

AUGUST 3, 2024

According to COPPA, website operators are forbidden from collecting, using, or disclosing personal information from children under 13 without parental consent and mandates deletion of such data upon parental request. In 2019, the government sued TikTok’s predecessor, Musical.ly, for COPPA violations.

Accountability 136

Accountability Data collection Risk Hacking 136

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number.

Authentication 143

Authentication Mobile Advertising Accountability 143

Security Affairs

JANUARY 25, 2020

This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019.

Antivirus 145

Antivirus Hacking Advertising Media 145

Security Affairs

DECEMBER 29, 2021

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. “Affected customers fall into one of three categories. .”

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Security Affairs

MARCH 5, 2020

. “Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.” ” reads the data breach notification.

Mobile 145

Mobile Data breaches Telecommunications Wireless 145

Security Affairs

JUNE 30, 2024

The unauthorized access to the IT infrastructure of the company occurred on June 26, threat actors used the credentials of a standard employee account within its IT environment. Upon detecting the suspicious activity by this account, the company immediately started the incident response measures. wrote the company.

Accountability 143

Accountability Hacking Architecture Malware 143

Security Affairs

NOVEMBER 3, 2020

The scripts developed by the cyber criminal were used to parse log data collected from botnet and searched for personally identifiable information (PII) and account credentials. In some cases, the man manually chacked the stolen information. Brovko was involved in the illegal practice between 2007 and 2019.

Accountability 129

Accountability Banking Advertising Data collection 129

Security Affairs

JANUARY 2, 2022

billion from organizations in the industry and attacks against DeFi platforms accounted for $1.76 Threat actors stole $3.18 According to the report, 2021 is the year with the highest number of scams. Increase in money lost to crypto breaches. The top 5 breaches in history are: 1. Gox, $615M.

Cryptocurrency 126

Cryptocurrency Scams Marketing Hacking 126

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware 130

Firmware VPN Accountability Advertising 130

Security Affairs

NOVEMBER 23, 2019

. “We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party.” “We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed.

Data breaches 139

Data breaches Passwords Advertising Accountability 139

Security Affairs

NOVEMBER 28, 2020

billion in 2019. On November 26, the ransomware operators began leaking the data stolen from Advantech, an archive of 3.03GB that accounts for 2% of the total amount of stolen data. Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7 Pierluigi Paganini. SecurityAffairs – hacking, Advantech).

Ransomware 145

Ransomware Encryption IoT Malware 145

Security Affairs

SEPTEMBER 17, 2020

In August 2019 and August 2020, a federal grand jury announced two separate indictments charging the five Chinese nationals with facilitating theft of source code, software code signing certificates, customer account data, and valuable business information. These individuals are all present in the FBI’s most wanted list.

Identity Theft 123

Identity Theft Advertising Government Technology 123

Security Affairs

NOVEMBER 18, 2023

The man was arrested in September 2019 while traveling to the U. “From approximately November 2014 to September 2019, AZARI engaged in an extensive spearphishing campaign that targeted individuals and companies in the U. and around worldwide. from abroad. According to DoJ, the Israeli man netted over $4.8 and around the globe.”

Identity Theft 142

Identity Theft Phishing Hacking Accountability 142

Security Affairs

SEPTEMBER 22, 2020

The United Kingdom national Nathan Wyatt (39), a member of ‘The Dark Overlord’ hacking group, was extradited to the United States in December 2019. ” Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. The man was charged by U.S. reads the indictment. reads the indictment. “b.

Identity Theft 128

Identity Theft Accountability Hacking Advertising 128

Security Affairs

AUGUST 15, 2020

The Proof-of-concept exploit code was released last week, it allows to trigger the CVE-2019-0230 and CVE-2019-0233 vulnerabilities in Apache Struts 2 that are classified as remote code-execution and denial-of-service issues respectively. Both vulnerabilities were addressed by the Apache team in November 2019. through 2.5.20.

Advertising 134

Advertising Data breaches Hacking Accountability 134

Security Affairs

AUGUST 30, 2020

US DoJ filed a civil forfeiture complaint to seize 280 Bitcoin (BTC) and Ethereum (ETH) accounts containing funds allegedly stolen by North Korea-linked hackers. The complaint did not name the hacked exchanges, it only reports two attacks that took place in July 1, 2019, and September 25, 2019.

Cryptocurrency 134

Cryptocurrency Hacking Advertising Accountability 134

Security Affairs

SEPTEMBER 3, 2024

These OTPs, used in multi-factor authentication, allowed criminals to bypass security and access victims’ bank accounts to steal funds. Cybercriminals paid a monthly subscription fee to OTP.Agency, which provided tools for socially engineering victims and tricked them into revealing one-time passcodes or personal information.

Banking 131

Banking Social Engineering Accountability Authentication 131

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. Abouammo was arrested by the FBI in November 2019 in Seattle. .” reported Bloomberg. Pierluigi Paganini.

Government 141

Government Accountability Media Marketing 141