Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. .

Cryptocurrency 362

Cryptocurrency Passwords Encryption Accountability 362

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking 311

Hacking Phishing Cybercrime Passwords 311

Troy Hunt

AUGUST 30, 2023

Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing 335

Phishing Password Management Passwords Banking 335

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone.

Passwords 362

Passwords Accountability Engineering Phishing 362

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. However, far more interesting is their program for rewarding people who choose to sell Kopeechka usernames and passwords for working email addresses.

Accountability 232

Accountability Scams Cryptocurrency Advertising 232

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address.

Accountability 333

Accountability Authentication Passwords Identity Theft 333

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability 347

Accountability Passwords Authentication Password Management 347

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Malware 329

Malware Identity Theft Cybercrime Accountability 329

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture.

Passwords 293

Passwords Encryption Backups Password Management 293

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 309

Hacking Social Engineering Phishing Scams 309

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Earlier this year, AT&T reset passwords for millions of customers after the company finally acknowledged a data breach from 2018 involving approximately 7.6

Data breaches 336

Data breaches Passwords Authentication Accountability 336

Krebs on Security

DECEMBER 19, 2022

conspired to hack into Yahoo email accounts belonging to victims in the United States. From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. . “ChumLul,” 22, of Racine, Wisc.,

Hacking 328

Hacking Media Passwords Accountability 328

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium , APT33 , Elfin , and Magic Hound ).

Passwords 142

Passwords Accountability Authentication Hacking 142

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members.

Cybercrime 323

Cybercrime Passwords Authentication Malware 323

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords 145

Passwords Data breaches Media Phishing 145

Approachable Cyber Threats

MARCH 1, 2022

Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table. Hackers solve this problem by cracking the passwords instead.

Passwords 145

Passwords Software Internet Internet 145

Troy Hunt

MARCH 9, 2023

that was out of a total of more than 166M requests in the same period: Yep, we just hit "five nines" of cache hit ratio on Pwned Passwords being 99.999%. It also means that the 48c per day cost is going to come way down 🙂 Every time the FBI feeds new passwords into the service , the impacted file is purged from cache.

Passwords 337

Passwords Accountability 337

Krebs on Security

AUGUST 30, 2022

In mid-June 2022, a flood of SMS phishing messages began targeting employees at commercial staffing firms that provide customer support and outsourcing to thousands of companies. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com.

Mobile 329

Mobile Phishing Authentication Accountability 329

eSecurity Planet

FEBRUARY 4, 2022

Antivirus Software WiFi 6 Routers Virtual Private Networks Password Managers Email Security Software Web Application Firewall Bot Management Software. Also Read: 4 Best Antivirus Software of 2022. Also Read: Best Enterprise VPN Solutions for 2022. Password Managers. Key Features of a Password Manager. Back to top.

Internet 141

Internet Internet Software Antivirus 141

SecureList

MAY 16, 2023

Download the full version of the report (PDF) Kaspersky Incident Response in various regions and industries In 2022, 45.9% Key trends in 2022: initial attack vectors and impact In 2022, attackers most often penetrated organizations’ infrastructure by exploiting various vulnerabilities in public-facing applications (42.9%).

Ransomware 143

Ransomware Encryption Security Awareness Authentication 143

SecureList

DECEMBER 19, 2022

The first one, later identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability that allows an authenticated attacker to remotely trigger the next vulnerability – CVE-2022-41082. After CVE-2022-41040 and CVE-2022-41082 were revealed, Microsoft provided mitigation guidance followed by a few updates.

Malware 145

Malware Passwords Authentication Internet 145

Security Affairs

JULY 15, 2022

Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project files. The password cracking software also acts as a dropper for the Sality P2P bot. Pierluigi Paganini.

Passwords 136

Passwords Software Firmware Malware 136

Krebs on Security

MARCH 23, 2022

Our investigation has found a single account had been compromised, granting limited access. “LAPSUS$ currently does not operate a clearnet or darknet leak site or traditional social media accounts—it operates solely via Telegram and email,” Flashpoint wrote in an analysis of the group.

Social Engineering 327

Social Engineering Accountability Mobile Passwords 327

SecureList

SEPTEMBER 6, 2022

According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion , with 3 billion players globally. One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave.

Mobile 139

Mobile Passwords Software Accountability 139

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 140

Accountability Phishing Passwords Hacking 140

Troy Hunt

APRIL 14, 2022

No passwords, so I'm guessing they're hashed. — pḧÿzömë (@phyzome) April 4, 2022 On a hunch that this wasn't going to be an easy process, I started recording and kicked off my usual disclosure process. Here's the whole thing: The Avvo data breach is now searchable in HIBP.

Data breaches 315

Data breaches Scams Passwords Accountability 315

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords 142

Passwords Authentication Hacking Accountability 142

Krebs on Security

DECEMBER 16, 2021

Truglia admitted to a New York federal court that he let a friend use his account at crypto-trading platform Binance in 2018 to launder more than $20 million worth of virtual currency stolen from Michael Terpin , a cryptocurrency investor who co-founded the first angel investor group for bitcoin enthusiasts.

Cryptocurrency 354

Cryptocurrency Mobile Accountability Scams 354

SecureList

FEBRUARY 16, 2023

Fake donation sites started popping up after the Ukraine crisis broke out in 2022, pretending to accept money as aid to Ukraine. The pandemic The COVID-19 theme had lost relevance by late 2022 as the pandemic restrictions had been lifted in most countries. “Promotional campaigns by major banks” were a popular bait in 2022.

Phishing 127

Phishing Scams Accountability Energy and Utilities 127

SecureWorld News

JUNE 21, 2023

Cybersecurity firm Group-IB recently uncovered a significant security breach involving ChatGPT accounts. These compromised accounts pose a serious risk to businesses, especially in the Asia-Pacific region, which has experienced the highest concentration of ChatGPT credentials for sale.

Accountability 124

Accountability Data collection Cyber threats Cybersecurity 124

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking 133

Banking Accountability Mobile Cryptocurrency 133

Anton on Security

APRIL 13, 2023

because of the security of the GCP platform most compromises in the cloud are simply from lack of passwords, poor password strength, reused and leaked credentials, or straightforwardly misconfigured software ” [ A.C. — this make all the jokes about it being ‘so 1980s’ but this is the reality today. You can have fun in the cloud!

Cybersecurity 221

Cybersecurity Passwords Accountability Ransomware 221

Krebs on Security

FEBRUARY 24, 2023

BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022. The account didn’t resume posting on the forum until April 2014. Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014.

Accountability 269

Accountability Advertising Marketing Malware 269

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Tue, 10/04/2022 - 05:20. Use strong passwords. The 2022 Thales Consumer Digital Trust Index data , based on an Opinium survey conducted in 11 countries with more than 21K participants, attempts to answer these questions.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

SecureList

OCTOBER 13, 2022

On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. In the context of CVE-2022-41352, the exploitation scenario unfolds as follows: An attacker sends an e-mail with a malicious Tar archive attached. Oracle Linux 7.

System Administration 142

System Administration Malware Passwords Internet 142

Krebs on Security

DECEMBER 29, 2022

Thanks to your readership and support, I was able to spend more time in 2022 on some deep, meaty investigative stories — the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Review review below. A single bitcoin is trading at around $45,000. million users.

Cryptocurrency 270

Cryptocurrency Cybercrime Computers and Electronics Scams 270