Security Affairs

OCTOBER 20, 2021

Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. “Most of the observed malware was capable of stealing both user passwords and cookies.

Accountability 144

Accountability Malware Phishing Social Engineering 144

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. ” reads the data breach notice submitted by the company.

Data breaches 145

Data breaches Accountability Advertising Internet 145

Security Affairs

MAY 27, 2020

Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, found out that the year of 2019 was marked by ransomware evolution and was dominated by increasingly aggressive ransomware campaigns, with its operators resorting to more cunning TTPs, reminding those of APT groups to get their victims shell out.

Ransomware 129

Ransomware Phishing Advertising Encryption 129

Security Affairs

NOVEMBER 18, 2024

Salt Typhoon is a China-linked APT group active since at least 2019. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.” The security breach impacted a limited number of customers, only 836 individuals.

Mobile 113

Mobile Telecommunications Data breaches Hacking 113

Security Affairs

FEBRUARY 2, 2025

This is the latest example of why spyware companies must be held accountable for their unlawful actions. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. Weve reached out directly to people who we believe were affected.

Spyware 108

Spyware Hacking Surveillance Malware 108

Security Affairs

SEPTEMBER 1, 2021

Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies over email account hacking due to cybersecurity failures. Pierluigi Paganini.

Accountability 107

Accountability Hacking Financial Services Cybersecurity 107

Krebs on Security

APRIL 14, 2019

The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site The site looks exactly like the real Airbnb, includes pictures of the requested property, and steers visitors toward signing in or to creating a new account. co.uk , airbnb.pt-anuncio[.]com

Scams 270

Scams Advertising Accountability Phishing 270

Security Affairs

JUNE 2, 2021

Feedback message data contained Account id, feedback rating given, and users’ email addresses. Player profile data included Player id; username; country; total money spent on the game; and even Facebook, Apple, and Google account data if the user linked either account with their game account. What Data Was Leaked?

Data breaches 117

Data breaches Accountability Mobile Phishing 117

Security Affairs

MARCH 23, 2020

107 million records include personal data and basic account information such as the user ID, number of Weibo tweets, number of followers and accounts users are following, account gender, geographic location and more. The ads published by the sellers claim that the data were stolen from Weibo in mid-2019.

Accountability 144

Accountability Passwords Advertising Internet 144

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. ” reads the update provided by DoJ.

Accountability 127

Accountability Hacking Information Security Government 127

Security Affairs

MARCH 20, 2020

In May 2019, the experts noticed that the group started using hacked email addresses of numerous high-profile targets to send credential spam messages. The group was observed using this scheme between 2019 and 2020, and according to the experts, most of the compromised email accounts belong to defense companies in the Middle East.

Phishing 145

Phishing Accountability Advertising DNS 145

Security Affairs

FEBRUARY 20, 2020

The CVE-2020-3158 flaw is related to the presence of a system account that has a default and static password in the Smart Software Manager tool. “The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator.”

Software 142

Software System Administration Advertising Accountability 142

Security Affairs

MARCH 6, 2020

Carnival Corporation, the world’s largest travel leisure company, discloses a data breach that took place in 2019. The company is informing customers of the incident, a third-party gained unauthorized access to their personal information. “In late May 2019, we identified suspicious activity on our network.

Data breaches 144

Data breaches Identity Theft Advertising Scams 144

Security Affairs

NOVEMBER 20, 2020

was hit again by a massive cyberattack that may have caused the leakage of information related to its business partners. 20 said they were checking the 8,653 accounts of those it has business transactions with to determine if information related to bank accounts of the other parties as well as other information leaked.”

Cyber Attacks 139

Cyber Attacks Banking Accountability Media 139

Security Affairs

APRIL 3, 2021

Leaked data includes users’ phone numbers, Facebook IDs, full names, locations, birthdates, bios, and for some accounts the associated email addresses. The data was amassed by threat actors by exploiting a vulnerability fixed in 2019 that allowed data scraping from the social network.

Hacking 144

Hacking Accountability Passwords Data breaches 144

Krebs on Security

FEBRUARY 22, 2024

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 322

Government Hacking Cyber threats Mobile 322

Security Affairs

MAY 15, 2020

Below the list of databases, published by Bleepingcomputer , that are available for sale: Company Amount Data Breach Date Evite.com 101 million March 2019 Tokopedia.com 91 million April 2020 piZap.com 60.9 million February 2019 Wanelo.com Customers 23.2 million August 2019 SinglesNet.com 16.3 million May 2019 PumpUp.com 6.4

Data breaches 133

Data breaches Advertising Passwords Hacking 133

Security Affairs

SEPTEMBER 30, 2024

.” reads the press release published by DoJ. “From January 2019 through May 2020, Westbrook executed a hack-to-trade scheme through which he generated millions of dollars in profits.” ” Westbrook hacked into the email accounts of corporate executives at five US companies, by resetting their passwords.

Hacking 137

Hacking Accountability Passwords Cybercrime 137

SecureWorld News

DECEMBER 30, 2024

This may involve identifying compromised servers, web applications, databases, or user accounts. Disable compromised accounts or restrict their permissions immediately, update passwords for authorized users to prevent further unauthorized access. ISO 22301:2019 is a leading framework here.

Data breaches 104

Data breaches Social Engineering Passwords Accountability 104

Security Affairs

NOVEMBER 22, 2021

million of its managed WordPress customer accounts. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. ” said Demetrius Comes, GoDaddy’s Chief Information Security Officer. Pierluigi Paganini.

Data breaches 141

Data breaches Passwords Accountability Information Security 141

Security Affairs

JANUARY 12, 2022

The threat actors also exploited known vulnerabilities to compromise target networks and accounts, including: CVE-2018-13379 FortiGate VPNs CVE-2019-1653 Cisco router CVE-2019-2725 Oracle WebLogic Server CVE-2019-7609 Kibana CVE-2019-9670 Zimbra software CVE-2019-10149 Exim Simple Mail Transfer Protocol CVE-2019-11510 Pulse Secure CVE-2019-19781 Citrix (..)

Malware 143

Malware Cyber threats Government Hacking 143

Security Affairs

NOVEMBER 24, 2019

Twitter announced that its users can protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number. Twitter is going to allow its users to protect their accounts with 2-Factor Authentication (2FA) even if they don’t have a phone number.

Authentication 143

Authentication Mobile Advertising Accountability 143

Security Affairs

JANUARY 25, 2020

This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019.

Antivirus 145

Antivirus Hacking Advertising Media 145

Security Affairs

NOVEMBER 13, 2020

The company pointed out that the data breach did not expose Social Security numbers or financial account information. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.” ” concludes the data breach notice.

Data breaches 142

Data breaches Insurance Accountability Software 142

Security Affairs

MARCH 5, 2020

. “Our Cybersecurity team recently identified and shut down a malicious attack against our email vendor that led to unauthorized access to certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees.” ” reads the data breach notification.

Mobile 145

Mobile Data breaches Telecommunications Wireless 145

Security Affairs

DECEMBER 29, 2021

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. “Affected customers fall into one of three categories. .”

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. Shipping and postage accounts. In our Dec.

Passwords 252

Passwords Ransomware Password Management Malware 252

Security Affairs

NOVEMBER 28, 2020

billion in 2019. On November 26, the ransomware operators began leaking the data stolen from Advantech, an archive of 3.03GB that accounts for 2% of the total amount of stolen data. Advantech has 8,000 employees worldwide and has reported a yearly sales revenue of over $1.7 Pierluigi Paganini. SecurityAffairs – hacking, Advantech).

Ransomware 145

Ransomware Encryption IoT Malware 145

Security Affairs

NOVEMBER 23, 2019

. “We want to update you that we have discovered that some of our users’ order information was accessed by an unauthorized party.” “We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed.

Data breaches 138

Data breaches Passwords Advertising Accountability 138

Security Affairs

AUGUST 3, 2024

According to COPPA, website operators are forbidden from collecting, using, or disclosing personal information from children under 13 without parental consent and mandates deletion of such data upon parental request. In 2019, the government sued TikTok’s predecessor, Musical.ly, for COPPA violations.

Accountability 128

Accountability Data collection Risk Hacking 128

Security Affairs

JUNE 30, 2024

The unauthorized access to the IT infrastructure of the company occurred on June 26, threat actors used the credentials of a standard employee account within its IT environment. Upon detecting the suspicious activity by this account, the company immediately started the incident response measures. wrote the company.

Accountability 140

Accountability Hacking Architecture Malware 140

Centraleyes

MARCH 3, 2025

Similarly, the states Information Security Breach and Notification Act (2005) was one of the earliest breach notification laws in the U.S., NYDOH Oversight (10 NYCRR 405.46) The New York Department of Health enforces standards for securing healthcare data, complementing HRIPA and federal HIPAA requirements.

Data breaches 52

Data breaches Risk Financial Services Data privacy 52

Security Affairs

MARCH 13, 2020

They can prove their identity by answering basic security questions and requesting the cancellation of the old SIM and the activation of a new one. Crooks used the duplicates to receive directly to their phones the second-factor authentication codes used by banks to confirm fraudulent transfers to accounts under theirs control.

Banking 144

Banking Cybercrime Mobile Accountability 144

Security Affairs

NOVEMBER 18, 2023

The man was arrested in September 2019 while traveling to the U. “From approximately November 2014 to September 2019, AZARI engaged in an extensive spearphishing campaign that targeted individuals and companies in the U. and around worldwide. from abroad. According to DoJ, the Israeli man netted over $4.8 and around the globe.”

Identity Theft 137

Identity Theft Phishing Hacking Accountability 137

Security Affairs

APRIL 29, 2020

State-sponsored hackers have compromised a small number of accounts of the Estonian email provider Mail.ee Alleged state-sponsored hackers have hijacked a small number of accounts at the Estonian email provider Mail.ee, they exploited a zero-day vulnerability in the attack. belonging to high-profile people.

Accountability 143

Accountability Advertising Hacking Phishing 143

Security Affairs

MARCH 28, 2020

Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. The attacker is snooping on port 21,25,143,110 (1/2) — 360 Netlab (@360Netlab) December 25, 2019. #0-day

Firmware 124

Firmware VPN Accountability Advertising 124