Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 145

Accountability Hacking Banking Government 145

Security Affairs

OCTOBER 14, 2021

Since 2020, at least 130 different ransomware families have been active. The analysis of the temporal distribution of ransomware-related submissions revealed a sequence of peaks in the first two quarters of 2020. Finally, as noted earlier, Windows accounts for 95 percent of the ransomware targets, compared to 2 percent for Android.

Ransomware 133

Ransomware Malware Accountability Hacking 133

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 141

Accountability Passwords Encryption Mobile 141

Security Affairs

AUGUST 19, 2021

Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. The report states that the servers did not provide access to 2020 decennial census networks, this means that the attacker did not interfere with the results of the census.

Hacking 136

Hacking Firewall Accountability Technology 136

Schneier on Security

OCTOBER 13, 2020

Here’s an arson case where the FBI asked Google who searched for a particular street address: Homeland Security special agent Sylvette Reynoso testified that her team began by asking Google to produce a list of public IP addresses used to google the home of the victim in the run-up to the arson.

Surveillance 354

Surveillance Wireless Accountability Architecture 354

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 137

Accountability VPN Social Engineering Phishing 137

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 144

Data breaches Accountability Passwords Encryption 144

Krebs on Security

OCTOBER 30, 2024

The chief information security officer for a large academic healthcare system affected by the breach told KrebsOnSecurity they participated in a call with the FBI and were told a third party partner managed to recover at least four terabytes of data that was exfiltrated from Change by the cybercriminal group. .”

Healthcare 283

Healthcare Insurance Computers and Electronics Data breaches 283

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 145

Accountability Malware Data breaches Passwords 145

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 284

Scams DDOS Cryptocurrency Accountability 284

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. ” reads trhe announcement published by DKWOC. “Activities using CVE-2023-23397 were first discovered by CERT-UA[2] and publicly described by Microsoft[3].

Accountability 136

Accountability Government Phishing Passwords 136

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Microsoft Corp.

Malware 322

Malware Software Technology Accountability 322

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. The Contileaks account did not respond to requests for comment. 22, 2020, the U.S. On Sunday, Feb. ” GAP #1.

Ransomware 305

Ransomware Healthcare Cybercrime Government 305

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 361

Hacking Ransomware Banking Accountability 361

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. 2020 AP controllers NXC2500 V6.10

Firewall 145

Firewall VPN Firmware Passwords 145

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 145

Hacking Accountability Passwords InfoSec 145

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

FEBRUARY 26, 2023

Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

Identity Theft 98

Identity Theft Data breaches Insurance Hacking 98

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 139

Phishing Accountability Information Security Cyber Attacks 139

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. ” reads the update provided by DoJ.

Accountability 135

Accountability Hacking Information Security Government 135

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 144

Hacking Data breaches Accountability Passwords 144

Security Affairs

DECEMBER 29, 2021

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. “Affected customers fall into one of three categories. .”

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. ”The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files.” 5, 2021 Oct.

Accountability 143

Accountability Backups Risk Passwords 143

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. In early 2020, Exorn promoted a website called “ orndorks[.]com

Hacking 149

Hacking Cybercrime Advertising Data breaches 149

Security Affairs

SEPTEMBER 30, 2024

.” reads the press release published by DoJ. “From January 2019 through May 2020, Westbrook executed a hack-to-trade scheme through which he generated millions of dollars in profits.” ” Westbrook hacked into the email accounts of corporate executives at five US companies, by resetting their passwords.

Hacking 141

Hacking Accountability Passwords Cybercrime 141

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. “If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.”

Authentication 145

Authentication Advertising Architecture Cybercrime 145

Security Affairs

FEBRUARY 27, 2021

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones. .

Mobile 139

Mobile Data breaches Telecommunications Identity Theft 139

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible. PIN Number 20201210-001.

Ransomware 145

Ransomware Backups Firmware Accountability 145

Security Affairs

NOVEMBER 22, 2021

million of its managed WordPress customer accounts. Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. ” said Demetrius Comes, GoDaddy’s Chief Information Security Officer.

Data breaches 144

Data breaches Passwords Accountability Information Security 144

Security Affairs

FEBRUARY 5, 2021

The first vulnerability, tracked as CVE-2020-29015 , is a blind SQL injection that resides in the FortiWeb user interface. Medov also found two stack buffer overflow issues tracked CVE-2020-29016 and CVE-2020-29019 , both received a CVS score of 6.4. ” reads the advisory published by Fortinet. x to versions 6.3.8

Firewall 144

Firewall System Administration Technology Hacking 144

Security Affairs

MAY 30, 2021

Interpol has intercepted $83 million in illicit funds transferred from victims to the accounts used by crooks. More than 1,600 bank accounts around the world were frozen throughout the course of the operation. The company transferred nearly USD 7 million to the fraudster through bank accounts in Indonesia and Hong Kong, China.

Banking 144

Banking Accountability Scams Phishing 144

Security Affairs

OCTOBER 1, 2021

The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and contact information, usernames, passwords, and answers to security questions associated with online accounts.

Data breaches 133

Data breaches Retail Passwords Accountability 133

Security Affairs

DECEMBER 11, 2020

“We deeply regret to inform you that your Spotify account registration information was inadvertently exposed to certain of Spotify’s business partners. The streaming service added that exposed data included Spotify account registration information such as user display name and password, email address, date of birth, and gender.

Passwords 140

Passwords Accountability Hacking Data breaches 140

Security Affairs

NOVEMBER 27, 2020

The image.canon site suffered an outage on July 30th, 2020, that lasted for six days, until August 4th. The hackers accessed company file servers that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents. Source BleepingComputer. ” reads the statement.

Data breaches 145

Data breaches Ransomware Banking Media 145