Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2018, MyHeritage suffered a security incident which exposed the email addresses and hashed passwords of 92 million users. In 2020, Ancestry was acquired by investment firm Blackstone for $4.7

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

DECEMBER 1, 2020

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. c25e6559668942[.]xyz.

Malware 138

Malware DDOS Hacking Cybercrime 138

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability 145

Accountability Hacking Banking Government 145

Security Affairs

OCTOBER 31, 2020

XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft. ” reads The 4th Hacker-Powered Security Report. million / €33.4

Accountability 134

Accountability Advertising Architecture Hacking 134

Security Affairs

NOVEMBER 1, 2020

A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. SecurityAffairs – hacking, account databases). million (8.1

Data breaches 145

Data breaches Accountability Advertising Passwords 145

Security Affairs

APRIL 8, 2021

Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Student account takeover.

Accountability 129

Accountability Passwords Education Risk 129

Schneier on Security

OCTOBER 13, 2020

Here’s an arson case where the FBI asked Google who searched for a particular street address: Homeland Security special agent Sylvette Reynoso testified that her team began by asking Google to produce a list of public IP addresses used to google the home of the victim in the run-up to the arson.

Surveillance 363

Surveillance Wireless Accountability Architecture 363

Security Affairs

OCTOBER 14, 2021

Since 2020, at least 130 different ransomware families have been active. The analysis of the temporal distribution of ransomware-related submissions revealed a sequence of peaks in the first two quarters of 2020. Finally, as noted earlier, Windows accounts for 95 percent of the ransomware targets, compared to 2 percent for Android.

Ransomware 124

Ransomware Malware Accountability Hacking 124

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 301

Scams DDOS Cryptocurrency Accountability 301

Security Affairs

DECEMBER 23, 2024

Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle. We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Spyware 108

Spyware Surveillance Software Hacking 108

Security Affairs

MARCH 3, 2021

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. Microsoft has awarded the security researcher Laxman Muthiyah $50,000 for reporting a vulnerability that could have allowed anyone to hijack users’ accounts without consent.

Accountability 134

Accountability Passwords Encryption Mobile 134

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The service now includes credentials for 441K accounts stolen by the popular info-stealer. RS is the key source of identity data sold on online criminal forums since its initial release in early 2020.

Accountability 145

Accountability Malware Data breaches Passwords 145

Security Affairs

AUGUST 19, 2021

Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. The report states that the servers did not provide access to 2020 decennial census networks, this means that the attacker did not interfere with the results of the census.

Hacking 128

Hacking Firewall Ransomware Accountability 128

Security Affairs

NOVEMBER 12, 2020

The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam has suffered a data breach impacting 46 million accounts belonging to children and parents who signed up for the game. . records include the birth year the player entered at account creation 23.9M

Data breaches 141

Data breaches Accountability Passwords Encryption 141

Krebs on Security

APRIL 20, 2023

In many cases, the phony profiles spoofed chief information security officers at major corporations , and some attracted quite a few connections before their accounts were terminated. We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. Microsoft Corp.

Malware 329

Malware Software Technology Accountability 329

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. The Contileaks account did not respond to requests for comment. 22, 2020, the U.S. On Sunday, Feb. ” GAP #1.

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. ” reads trhe announcement published by DKWOC. “Activities using CVE-2023-23397 were first discovered by CERT-UA[2] and publicly described by Microsoft[3].

Accountability 128

Accountability Government Phishing Passwords 128

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 351

Cybercrime Malware VPN Ransomware 351

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 358

Hacking Ransomware Banking Accountability 358

Security Affairs

NOVEMBER 18, 2024

The security breach impacted a limited number of customers, only 836 individuals. The carrier states that personal financial account information and call records were not affected by the security breach. In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI).

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire.

Cyber Risk 173

Cyber Risk Risk Firewall Surveillance 173

Security Affairs

JANUARY 1, 2021

Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583 , related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. 2020 AP controllers NXC2500 V6.10

Firewall 144

Firewall VPN Firmware Passwords 144

Security Affairs

OCTOBER 16, 2024

“All information related to the cybercriminal has already been handed over to the authorities. Among them, it was possible to identify tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone number and city. The man used of the same email and phrases across social media and forums.

Data breaches 125

Data breaches Media Cybercrime Accountability 125

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co.,

Firewall 75

Firewall Hacking Malware Passwords 75

Security Affairs

OCTOBER 4, 2020

HP released a security advisory that includes details for three critical and high severity vulnerabilities, tracked as CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927, that impact the HP Device Manager. Base Score CVE-2020-6925 Weak Cipher All versions of HP Device Manager 7.0

Hacking 144

Hacking Accountability Passwords Advertising 144

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 98

Data breaches Mobile Accountability Telecommunications 98

Security Affairs

FEBRUARY 26, 2023

Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. “Our investigation indicates that this activity does not appear to be focused on exploiting personal information.”

Identity Theft 98

Identity Theft Data breaches Insurance Hacking 98

Security Affairs

FEBRUARY 2, 2025

The HeartSender group has sold phishing tools to criminals since 2020, causing over $3 million in U.S. Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims.” ” reads the press release published by DoJ.

Cybercrime 108

Cybercrime Advertising Phishing Hacking 108

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 132

Phishing Accountability Information Security Cyber Attacks 132

Security Affairs

SEPTEMBER 21, 2020

Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. ” reads the post published by Dexerto.

Hacking 142

Hacking Data breaches Accountability Passwords 142

Security Affairs

JULY 31, 2021

Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russia-linked SVR group as part of the SolarWinds hack, DoJ warns. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020. ” reads the update provided by DoJ.

Accountability 127

Accountability Hacking Information Security Government 127

Security Affairs

DECEMBER 29, 2021

T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’. According to The T-Mo Report , which viewed T-Mobile internal documents, there was “unauthorized activity” on some customer accounts. “Affected customers fall into one of three categories. .”

Data breaches 145

Data breaches Mobile Accountability Wireless 145

Security Affairs

AUGUST 3, 2020

2gether has disclosed a security breach, hackers have stolen roughly €1.2 million worth of cryptocurrency from cryptocurrency investment accounts. . Hackers stole roughly €1.183 million worth of cryptocurrency from investment accounts of 2gether, 26.79% of overall funds stored by the accounts.

Cryptocurrency 143

Cryptocurrency Accountability Hacking Advertising 143

Security Affairs

JULY 28, 2020

Million March 26th, 2020 Yes Dave.com 7 Million July 2020 * Yes Drizly.com 2.4 Million July 2020 * No GGumim.co.kr Million March 2020 * Yes Havenly.com 1.3 Million June 2020 * No Hurb.com 20 Million N/A Yes Indabamusic.com 475 Thousand N/A No Ivoy.mx com 3 Million July 2020 * No Scentbird.com 5.8

Passwords 145

Passwords Advertising Education Banking 145

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. ”The access level can be limited to specific files only; however, in this case, the link was configured to share the entire storage account — including another 38TB of private files.” 5, 2021 Oct.

Accountability 139

Accountability Backups Risk Passwords 139

Security Affairs

OCTOBER 30, 2020

The CVE-2020-1472 flaw is an elevation of privilege that resides in the Netlogon. “If the original guidance is not applied, the vulnerability could allow an attacker to spoof a domain controller account that could be used to steal domain credentials and take over the domain.”

Authentication 144

Authentication Advertising Architecture Cybercrime 144

Security Affairs

DECEMBER 17, 2020

According to a private industry notification alert (PIN), sent by the FBI to private organizations, the Bureau is aware of extortion activities that have been happening since February 2020. Audit user accounts regularly, particularly Remote Monitoring and Management accounts that are publicly accessible. PIN Number 20201210-001.

Ransomware 144

Ransomware Backups Firmware Accountability 144