Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. Discover whether your data was included in the 2023 breach. For some customers, thats exactly the problem. Select View.

Passwords 113

Passwords Accountability Data breaches Phishing 113

Security Affairs

DECEMBER 8, 2024

On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. In 2023, upon discovering the cyber attack, the Anna Jaques Hospital took the impacted systems down and launched an investigation into the security breach. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches 115

Data breaches Insurance Healthcare Ransomware 115

Krebs on Security

MAY 9, 2023

First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. ” Adam Barnett , lead software engineer at Rapid7 , said CVE-2023-24932 deserves a considerably higher threat score.

Malware 275

Malware Software Internet Internet 275

Krebs on Security

MARCH 15, 2023

The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest. While CVE-2023-23397 is labeled as an “Elevation of Privilege” vulnerability, that label doesn’t accurately reflect its severity, said Kevin Breen , director of cyber threat research at Immersive Labs.

Passwords 276

Passwords Cyber threats Authentication Internet 276

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. That Joeleoli moniker registered on the cybercrime forum OGusers in 2018 with the email address joelebruh@gmail.com , which also was used to register accounts at several websites for a Joel Evans from North Carolina.

Identity Theft 250

Identity Theft Phishing Cryptocurrency Accountability 250

Krebs on Security

AUGUST 8, 2023

They were assigned a single placeholder designation of CVE-2023-36884. Satnam Narang , senior staff research engineer at Tenable, said the August patch batch addresses CVE-2023-36884 , which involves bypassing the Windows Search Security feature. out of a possible 10, even though Microsoft rates it as an important flaw, not critical.

Engineering 228

Engineering Accountability Passwords Software 228

Krebs on Security

DECEMBER 19, 2024

Rumors of a cracked version of Acunetix being used by attackers surfaced in June 2023 on Twitter/X , when researchers first posited a connection between observed scanning activity and Araneida. According to an August 2023 report (PDF) from the U.S. co — first came online in February 2023. 2023 on the forum Cracked.

Hacking 230

Hacking Cybercrime Advertising Data breaches 230

Krebs on Security

DECEMBER 11, 2024

Sanders spent most of 2023 in Ukraine, traveling with Ukrainian soldiers while mapping the shifting landscape of Russian crypto exchanges that are laundering money for narcotics networks operating in the region. wtf, and PQHosting ; -sites selling aged email, financial, or social media accounts, such as verif[.]work com and rdp[.]monster;

Cryptocurrency 280

Cryptocurrency Banking Cybercrime Advertising 280

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking 337

Hacking Accountability Passwords Cybersecurity 337

Security Affairs

FEBRUARY 10, 2025

Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. reads a Form 8-K filing with the SEC.

Accountability 62

Accountability Passwords Cybersecurity Marketing 62

Malwarebytes

FEBRUARY 14, 2025

In 2023, data allegedly belonging to Zacks containing 8,615,098 records was leaked online. Now, a cybercriminal using the monicker Jurak, leaked sensitive information related to roughly 12 million accounts, which allegedly stems from a breach that happened last year. Over the years Zacks has suffered a few data breaches.

Accountability 80

Accountability Data breaches Passwords Phishing 80

Security Boulevard

APRIL 7, 2025

In October 2023, 23andMe, one of the most well-known consumer genetic testing companies, disclosed a significant breach that affected nearly 7 The post 23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability appeared first on Seceon Inc.

Data breaches 59

Data breaches Accountability 59

Krebs on Security

AUGUST 19, 2024

12 , saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023. NPD acknowledged the intrusion on Aug.

Passwords 355

Passwords Data breaches Accountability Data privacy 355

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Schneier on Security

SEPTEMBER 13, 2023

The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.” “We refer to the exploit chain as BLASTPASS.

Spyware 350

Spyware Accountability 350

Schneier on Security

MAY 17, 2024

The seizure messages include ways to contact the FBI about the seizure, including an email, a Telegram account, a TOX account, and a dedicated page hosted on the FBI’s Internet Crime Complaint Center (IC3). “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc ”

Hacking 320

Hacking Accountability Ransomware Internet 320

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed).

Hacking 236

Hacking Government Identity Theft Accountability 236

Malwarebytes

APRIL 16, 2025

Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately. December 2024 saw around 330,000 such incidents, up from around 190,000 in December 2023.

Internet 142

Internet Internet Passwords Artificial Intelligence 142

Schneier on Security

AUGUST 19, 2024

Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke.

Ransomware 315

Ransomware Accountability 315

Krebs on Security

JANUARY 16, 2025

In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S. A notice from MassDOT cautions that “the targeted phone numbers seem to be chosen at random and are not uniquely associated with an account or usage of toll roads.” Postal Service customers.

Phishing 296

Phishing Scams Mobile Passwords 296

The Last Watchdog

JULY 27, 2023

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities.

Phishing 186

Phishing Social Engineering Engineering Media 186

Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. Affected accounts were disabled. The breach was confirmed on Feb. OCC on Feb. OCC on Feb.

Accountability 122

Accountability Banking Information Security Hacking 122

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account.

Cybercrime 336

Cybercrime Passwords Authentication Malware 336

Krebs on Security

JULY 15, 2024

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Accountability 325

Accountability Cryptocurrency Passwords DNS 325

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. These routers are used to relay brute-force attacks on Microsoft 365 accounts.

Passwords 132

Passwords Wireless VPN Accountability 132

Malwarebytes

DECEMBER 3, 2024

While hard to measure precisely, tech support scams accounted for $924M, according to the FBI’s 2023 Internet Crime Report. We’ve identified specific advertiser accounts that make up the bulk of fraudulent ads we have reported to Google this past year.

Scams 131

Scams Advertising Accountability Engineering 131

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Transparent, traceable, and accountable AI practices are crucial to mitigate biases and align actions with ethical standards. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. In 2023, cybercriminals put up information belonging to as many as seven million 23andMe customers for sale on criminal forums following a credential stuffing attack against the genomics company.

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

NOVEMBER 18, 2024

In 2023, the carrier disclosed two data breaches , one in January and another in May. In May 2023, T-Mobile threat actors had access to the personal information of hundreds of customers starting in late February 2023. The bad news is that this isn’t the first incident suffered by T-Mobile.

Mobile 112

Mobile Telecommunications Data breaches Hacking 112

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Retail 253

Retail Advertising Cryptocurrency Cybercrime 253

Krebs on Security

DECEMBER 4, 2024

At several points throughout his career, Wazawaka claimed he made good money stealing accounts from drug dealers on darknet narcotics bazaars. Love your country, and you will always get away with everything.” ” Still, Wazawaka may not have always stuck to that rule.

Cybercrime 230

Cybercrime Ransomware Cryptocurrency Government 230

SecureWorld News

NOVEMBER 22, 2024

Scattered Spider has gained infamy for its high-profile cyberattacks, including the ransomware assault on MGM Casino in 2023 , which caused widespread disruption. The attacks have resulted in millions of dollars in theft, including cryptocurrency and sensitive corporate data, showcasing the ongoing threat of organized cybercrime.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. The flaw can be exploited to hijack an account without any interaction.

Accountability 138

Accountability Passwords Hacking Cybersecurity 138

Krebs on Security

NOVEMBER 29, 2023

20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Accountability 291

Accountability Authentication Passwords Antivirus 291

Joseph Steinberg

JANUARY 2, 2023

In 2023 I will finally lose the weight that I gained during the COVID-19 pandemic. Having stated that publicly I am now accountable!). As 2022 departs, and 2023 enters, I am going to do more than hope – I am going to actively replace the former’s curses with the latter’s blessings.

Artificial Intelligence 312

Artificial Intelligence Accountability Cybersecurity 312

Schneier on Security

JULY 20, 2023

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” ” Lots of interesting bits. But there are missed opportunities as well.

Cybersecurity 186

Cybersecurity Software Risk Accountability 186

The Last Watchdog

DECEMBER 14, 2022

Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023. Continuous pentesting. However, a longtime challenge with pentesting has been the “point-in-time” nature of the tests.

Penetration Testing 229

Penetration Testing Risk Marketing Government 229