2022, Authentication and Hacking - Cyber Security Informer

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. GoDaddy has not disclosed the source of the breach in December 2022 that led to malware on some customer websites.

Hacking

Hacking Social Engineering Phishing Scams

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. ” TMO UP!

Mobile

Mobile Phishing Authentication Advertising

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication

Authentication Healthcare Artificial Intelligence Passwords

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Spyware

Spyware Cyber threats Security Defenses Cyber Attacks

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Hacking Government

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members. .” “If it was only the phone I will be in [a] bad situation,” USDoD said.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Internet Archive was breached twice in a month

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. Hunt also verified the authenticity of the information included in the stolen archive. Hunt will add the information of the impacted users to HIBP very soon.

Internet

Internet Internet Data breaches Authentication

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) using CVE-2022-22972. states VMware.

Authentication

Authentication Healthcare Education Cybersecurity

VMware fixed critical authentication bypass vulnerability

Security Affairs

AUGUST 2, 2022

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. Pierluigi Paganini.

Authentication

Authentication Hacking Information Security

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

DECEMBER 2, 2022

CyRC experts warn of weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities in the three apps. “An exploit of the authentication and authorization vulnerabilities could allow remote unauthenticated attackers to execute arbitrary commands. . Lazy Mouse versions 2.0.1

Hacking

Hacking Authentication Mobile Passwords

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall

Firewall Hacking Malware Passwords

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

MARCH 10, 2025

The Qilin ransomware group has been active since at least 2022 but gained attention in June 2024 for attacking Synnovis , a UK governmental service provider for healthcare. The attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA).

Ransomware

Ransomware VPN Healthcare Malware

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 9, 2024, U.S.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. Microsoft Corp. government inboxes.

Cybercrime

Cybercrime Passwords Authentication Malware

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition.

Hacking

Hacking Authentication Information Security

It’s Still Easy for Anyone to Become You at Experian

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. 9, 2022 and Dec. So once again I sought to re-register as myself at Experian.

Accountability

Accountability Authentication Passwords Identity Theft

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. A proof-of-concept (PoC) exploit code for the CVE-2022-40684 flaw has been released online.

Authentication

Authentication Firewall Hacking Risk

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

Security Affairs

JULY 4, 2024

Twilio states that threat actors have identified the phone numbers of users of its two-factor authentication app, Authy, TechCrunch reported. This week the messaging firm told TechCrunch that “threat actors” identified data of Authy users, a two-factor authentication app owned by Twilio, including their phone numbers.

Authentication

Authentication Social Engineering Phishing Accountability

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

The Last Watchdog

AUGUST 29, 2022

Related: Damage caused by ‘business logic’ hacking. This is according to Verizon’s latest 2022 Data Breach Investigations Report ( DBIR ). In 2022, 69 percent of personal data and 67 percent of credentials became compromised in a web breach. Authentication bypass. 2009 DBIR page 17) .

Hacking

Hacking Passwords Password Management Data breaches

Cisco will not fix the authentication bypass flaw in EoL routers

Security Affairs

SEPTEMBER 8, 2022

The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) The CVE-2022-28199 flaw stems from a lack of proper error handling in DPDK’s network stack. Cisco also addressed a medium severity issue, tracked as CVE-2022-20863 (CVSS score: 4.3), in Cisco Webex Meetings App.

Authentication

Authentication Small Business Software Firewall

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. Pierluigi Paganini.

Authentication

Authentication Firewall Hacking Risk

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. To nominate, please visit:? Pierluigi Paganini.

Authentication

Authentication Hacking Software Cybersecurity

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

Security Affairs

MARCH 5, 2022

Anonymous announced to have hacked more than 2,500 websites linked to the Russian and Belarusian governments, state-owned media outlets spreading disinformation, Russian private organizations, banks, hospitals, airports. FckPutin #FreeUkraine pic.twitter.com/NJZiLx5c0d — Anonymous TV (@YourAnonTV) March 3, 2022.

Hacking

Hacking Government Banking Media

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

The Last Watchdog

NOVEMBER 11, 2020

As a tradeoff for enjoying our digital lives, we’ve learned to live with password overload and even tolerate two-factor authentication. I had a chance to discuss this seminal transition with George Avetisov, co-founder and chief executive officer of HYPR , a Manhattan-based supplier of advanced authentication technologies.

Authentication

Authentication VPN Passwords Hacking

Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products

Security Affairs

OCTOBER 14, 2022

Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) SecurityAffairs – hacking, CVE-2022-40684).

Authentication

Authentication Firewall Hacking Risk

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking

Hacking Government Marketing Spyware

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 31, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication

Authentication Cybersecurity Risk Information Security

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

CVE-2022-41040 , is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Hacking

Hacking Passwords Internet Internet

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Passwords Authentication Accountability

Google Authenticator App now supports Google Account synchronization

Security Affairs

APRIL 25, 2023

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account.

Authentication

Authentication Accountability Backups Education

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

Ukraine’s intelligence service announced the hack of the Russian Federal Air Transport Agency, ‘Rosaviatsia.’ ’ Ukraine’s intelligence service announced they have hacked Russia’s Federal Air Transport Agency, ‘Rosaviatsia.’ In the same period in 2022, 50 such incidents were recorded.

Hacking

Hacking Engineering Government Manufacturing

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

” The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. .” SecurityAffairs – hacking, Yanluowang ransomware). Pierluigi Paganini.

Ransomware

Ransomware Hacking VPN Phishing

Okta discloses a new data breach after a third-party vendor was hacked

Security Affairs

NOVEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Data breaches

Data breaches Hacking Social Engineering Healthcare

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned.

Social Engineering

Social Engineering Engineering Accountability Hacking

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 3, 2025

“Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.” Cisco will not release a fix for this issue.

Small Business

Small Business Authentication Hacking Accountability

Best Identity and Access Management (IAM) Solutions for 2022

eSecurity Planet

JANUARY 27, 2022

It also includes advanced features such as SAML-based single sign-on (SSO) and the company's security architecture has never been hacked. A static single sign-on (SSO) or multi-factor authentication (MFA) product isn’t going to cut it at the enterprise level, where the cost of a breach is high. Learn more about Dashlane.

Authentication

Authentication Artificial Intelligence Technology Marketing

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

OCTOBER 15, 2022

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 SecurityAffairs – hacking, CVE-2022-0030).

Firewall

Firewall Authentication Software Hacking

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. 11-12, 2022. 11-12, 2022. 11, 2022 after they SIM-swapped an AT&T customer by impersonating them at a retail store using a fake ID. .” technology companies during the summer of 2022.

Cryptocurrency

Cryptocurrency Ransomware Retail Government

The dangers of “connected” healthcare: predictions for 2022

SecureList

NOVEMBER 23, 2021

After the first vaccines appeared on the Internet – and especially dark web forums – a busy trade in vaccines began online, with no one being able to verify the authenticity of the vaccines being sold. Our prediction that hacking attacks against vaccine developers would ramp up did not come true. Predictions for the year 2022.

Healthcare

Healthcare Ransomware Cybercrime Information Security

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). For its part, Snowflake says it now requires all new customers to use multi-factor authentication. In a regulatory filing with the U.S.

Data breaches

Data breaches Passwords Authentication Accountability

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. This article focuses on the top five attack vectors organizations should look out for and defend against in 2022. SecurityAffairs – hacking, attack vectors). Conclusion.

IoT

IoT Phishing Passwords Scams

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Trending Sources

When Low-Tech Hacks Cause High-Impact Breaches

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

GUEST ESSAY: ‘Continuous authentication’ is driving passwordless sessions into the mainstream

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Internet Archive was breached twice in a month

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

VMware fixed critical authentication bypass vulnerability

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Chinese national charged for hacking thousands of Sophos firewalls

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

FBI Hacker Dropped Stolen Airbus Data on 9/11

VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest

It’s Still Easy for Anyone to Become You at Experian

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

A Day in the Life of a Prolific Voice Phishing Crew

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

Cisco will not fix the authentication bypass flaw in EoL routers

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Anonymous #OpRussia Thousands of sites hacked, data leaks and more

SHARED INTEL: Coming very soon — ‘passwordless authentication’ as a de facto security practice

Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Microsoft: Two New 0-Day Flaws in Exchange Server

Threat actors hacked the Dropbox Sign production environment

Google Authenticator App now supports Google Account synchronization

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Cisco was hacked by the Yanluowang ransomware gang

Okta discloses a new data breach after a third-party vendor was hacked

Hackers Stole Access Tokens from Okta’s Support Unit

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

Best Identity and Access Management (IAM) Solutions for 2022

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Arrests in $400M SIM-Swap Tied to Heist at FTX?

The dangers of “connected” healthcare: predictions for 2022

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Top 5 Attack Vectors to Look Out For in 2022

Stay Connected