Adam Levin

DECEMBER 16, 2020

Here are 12 New Year Resolutions for a safer and more secure digital you in 2021: Think before you click that email link: 2020 was a record-breaking year for ransomware, malware, and phishing , and many, if not most of these attacks were launched with the click on a link in an email. That’s always the case when it comes to cybersecurity.

VPN 245

VPN Antivirus Passwords Backups 245

Krebs on Security

DECEMBER 19, 2024

codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity]. Archive.org’s history for that domain shows that in 2021 it featured a website for a then 18-year-old Altu ara from Ankara, Turkey. LinkedIn finds this same altugsara[.]com

Hacking 232

Hacking Cybercrime Advertising Data breaches 232

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Password overhaul. Stolen passwords that can lead to data leaks.

Passwords 182

Passwords Password Management Accountability Authentication 182

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene. Mar 24, 2021 — Thanks to Andrew R.

Authentication 363

Authentication Passwords Internet Internet 363

Troy Hunt

AUGUST 29, 2023

We provided similar support in 2021 with the Emotet botnet , although this time around with a grand total of 6.43M impacted email addresses. Further, the passwords from the malware will shortly be searchable in the Pwned Passwords service which can either be checked online or via the API.

Malware 346

Malware Passwords Password Management Antivirus 346

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Prioritize fixing vulnerabilities exploited by Ghost, such as ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.    It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches 303

Data breaches Passwords B2B Technology 303

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords 144

Passwords Data breaches Media Phishing 144

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. billion passwords from various internet data leaks. RockYou2021 had 8.4

Passwords 131

Passwords Data breaches Hacking Accountability 131

Schneier on Security

MAY 19, 2022

After specifically crawling sites for password leaks in May 2021, the researchers also found 52 websites in which third parties, including the Russian tech giant Yandex, were incidentally collecting password data before submission. The group disclosed their findings to these sites, and all 52 instances have since been resolved.

Passwords 350

Passwords Marketing Data collection 350

eSecurity Planet

MARCH 24, 2025

The compromised database contains approximately 6 million lines of data, including critical assets such as JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys. Immediate mitigation measures include: Resetting passwords, particularly for privileged LDAP accounts. (region-name).oraclecloud.com),

Risk 120

Risk Passwords Hacking Encryption 120

Troy Hunt

JANUARY 17, 2024

Website, username and password: That's just the first 20 rows out of 5 million in that particular file, but it gives you a good sense of the data. The question of how valid the accompanying passwords remain aside, time and time again the email addresses in the stealer logs checked out on the services they appeared alongside.

Passwords 361

Passwords Password Management Hacking Accountability 361

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 254

Identity Theft Phishing Cryptocurrency Accountability 254

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Mitigation: do not store files containing sensitive data, such as passwords or backups, in web application publish directories.

Passwords 140

Passwords Authentication Architecture Risk 140

Troy Hunt

SEPTEMBER 3, 2021

let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! I'm not even sure what the next milestone will be.)

Password Management 274

Password Management Passwords Data breaches 274

Krebs on Security

DECEMBER 19, 2022

From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. The indictment charges that McCarty continued his swatting spree in 2021 from his hometown in Kayenta, Ariz., . “ChumLul,” 22, of Racine, Wisc.,

Hacking 329

Hacking Media Passwords Accountability 329

Troy Hunt

MARCH 12, 2021

Home Assistant started telling people not to use Pwned Password, and people got pissed (this is nuts, and it deserved a dedicated blog post) Sponsored by safepass.me: Get a FREE password audit on your Active Directory users with pwncheck from safepass.me. But hey, at least the audio is spot on, hope you enjoy this week's video.

Passwords 295

Passwords IoT Hacking 295

Troy Hunt

JANUARY 1, 2021

Ok, so these may not be 2021 breaches but I betcha that by next week's update there'll be brand new ones from the new year to discuss. I'll talk more about the last past of the trip then as well as those all new fresh 2021 data breaches I'm sure we'll have by Friday. It's a new year! With lots of breaches to discuss already ?

Data breaches 335

Data breaches Password Management Scams Passwords 335

Krebs on Security

JANUARY 31, 2025

We caught up with The Manipulaters again in 2021, with a story that found the core employees had started a web coding company in Lahore called WeCodeSolutions — presumably as a way to account for their considerable Heartsender income. “Presumably, these buyers also include Dutch nationals.

Phishing 254

Phishing Cybercrime Advertising Malware 254

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 327

Hacking Social Engineering Phishing Scams 327

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. SCAN NOW If your data was exposed in the 23andMe breach, here is what you can do: Change your password. What is happening?

Passwords 112

Passwords Accountability Data breaches Phishing 112

Krebs on Security

JANUARY 19, 2023

T-Mobile says it is in the process of notifying affected customers, and that no customer payment card data, passwords, Social Security numbers, driver’s license or other government ID numbers were exposed. Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach.

Mobile 340

Mobile Accountability Data breaches Identity Theft 340

Krebs on Security

MARCH 4, 2021

In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. ” On Feb.

Cybercrime 364

Cybercrime Hacking Passwords Accountability 364

Security Affairs

DECEMBER 17, 2024

The threat actors attempted to exploit multiple vulnerabilities in DVRs, including CVE-2017-7921, CVE-2018-9995 , CVE-2020-25078, CVE-2021-33044 , and CVE-2021-36260. Attackers also attempted to exploit weak vendor-supplied passwords.

Architecture 107

Architecture Internet Internet Malware 107

Security Affairs

FEBRUARY 13, 2025

“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. Since 2021, Seashell Blizzards subgroup has used web shells for persistence, the group was observed exploiting Microsoft Exchange (CVE-2021-34473) and Zimbra (CVE-2022-41352).

Telecommunications 106

Telecommunications DNS Passwords Hacking 106

Krebs on Security

APRIL 6, 2021

14, 2021 Twitter post from Under the Breach’s Alon Gal , the 533 million Facebook accounts database was first put up for sale back in June 2020, offering Facebook profile data from 100 countries, including name, mobile number, gender, occupation, city, country, and marital status. . — rely on that number for password resets.

Mobile 358

Mobile Accountability Passwords Authentication 358

Krebs on Security

SEPTEMBER 2, 2024

agency , a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. KrebsOnSecurity profiled OTP Agency in a February 2021 story about arrests tied to another phishing-related service based in the U.K.

Accountability 299

Accountability Banking Passwords Scams 299

Krebs on Security

NOVEMBER 6, 2023

January 2021 posts on Verified show that Fearlless and his partner Universalo purchased the SWAT reshipping business from a Verified member named SWAT, who’d been operating the service for years. Apathyp told the proprietor that his chosen password on the service was “ 12Apathy.” ” But the triploo@mail.ru

Passwords 299

Passwords Cybercrime Accountability Hacking 299

Security Affairs

JULY 12, 2022

Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. The post Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021? Pierluigi Paganini.

Phishing 144

Phishing Authentication Social Engineering Passwords 144

SecureWorld News

SEPTEMBER 6, 2023

Not one of them involves passwords. Multi-factor authentication If changing passwords is like the eating your veggies of the security world, multi-factor authentication (MFA) is more like eating fresh fruits. And since MFA already requires an established password, you're already halfway there. And guess what?

Passwords 126

Passwords Encryption Authentication Cyber Attacks 126

Krebs on Security

NOVEMBER 19, 2021

In reality, the fraudster initiates a transaction — such as the “forgot password” feature on the financial institution’s site — which is what generates the authentication passcode delivered to the member. CFPB-2021-0017 in the subject line of the message. Be sure to include Docket No.

Scams 362

Scams Banking Passwords Authentication 362

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). million customers. Binns never explained why he sent this in Feb.

Cybercrime 277

Cybercrime Mobile Media Hacking 277

Krebs on Security

APRIL 15, 2024

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. “Given that I am pretty picky about what I trust on my devices, I downloaded Chirp and after decompiling, found that they were storing passwords and private key strings in a file.”

Software 338

Software Mobile Marketing Engineering 338

SecureWorld News

NOVEMBER 12, 2024

CVE-2023-20198 (Cisco IOS XE Web UI): This vulnerability allows unauthorized users to gain initial access and issue a command to create a local user and password combination, resulting in the ability to log in with standard user access. Malicious cyber actors began exploiting the vulnerability after it was publicly disclosed in December 2021.

Software 111

Software Passwords Cyber threats Risk 111

Troy Hunt

NOVEMBER 13, 2021

Everything here is perfect 😎 🌴 🐋 [link] — Troy Hunt (@troyhunt) November 12, 2021 The water looked so perfect that true to my word, we then had to go jet skiing 😎 Epic jet ski ride! 🙂) Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.

Password Management 290

Password Management Passwords 290

eSecurity Planet

APRIL 2, 2025

According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021. Additionally, all users should use strong, unique passwords and enable two-factor authentication whenever possible to enhance their online security.

Identity Theft 122

Identity Theft Cybersecurity Scams Accountability 122

Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. ” a cybercrime forum ad for Genesis enthused. Image: KrebsOnSecurity.

Marketing 362

Marketing Passwords Cybercrime Banking 362