SecureList

APRIL 29, 2025

We identified an odd authorized SSH key for a user called suporte (in a Portuguese-speaking environment, this is an account typically used for administrative tasks in the operating system). Such accounts are often configured to have the same username as the password, which is a bad practice, making it easy for the attackers to exploit them.

Passwords 96

Passwords Authentication System Administration Malware 96

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 313

Mobile Wireless Advertising Accountability 313

Adam Levin

DECEMBER 3, 2018

Shodan’s most popular search terms include “unprotected webcams” and “routers with default passwords.” Side note: always change the default password on your devices.). The data is thought to have originated from Data&Leads, Inc. Secure your accounts and practice good data hygiene accordingly.

Identity Theft 194

Identity Theft Data collection Engineering Passwords 194

Security Affairs

NOVEMBER 28, 2020

A credible threat actor is offering access to the email accounts of hundreds of C-level executives for $100 to $1500 per account. Access to the email accounts of hundreds of C-level executives is available on the Exploit.in for $100 to $1500 per account. Exploit.in ” reported ZDNet. Pierluigi Paganini.

Accountability 115

Accountability Cybercrime Hacking Retail 115

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims. A single bitcoin is trading at around $45,000. ” SEPTEMBER.

Cryptocurrency 291

Cryptocurrency Cybercrime Computers and Electronics Scams 291

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

Surveillance 75

Surveillance Telecommunications Malware Data breaches 75

Security Affairs

DECEMBER 23, 2023

Our investigation indicates that certain information associated with your account was impacted.” ” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Data breaches 134

Data breaches Mobile Wireless Data collection 134

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering 144

Social Engineering Data collection Media Passwords 144

Krebs on Security

JULY 18, 2022

Namely, the ability to route one’s malicious traffic through a computer that is geographically close to the consumer whose credit card they’re about to charge at some website, or whose bank account they’re about to empty. Others are fairly opaque about their data collection and retention policies. ”

VPN 352

VPN Computers and Electronics Antivirus Software 352

Security Affairs

DECEMBER 30, 2020

T-Mobile has disclosed a data breach exposing customers’ account’s information. “We are reaching out to let you know about a security incident we recently identified and quickly shut down that may have impacted some of your T-Mobile account information.”

Data breaches 144

Data breaches Mobile Telecommunications Accountability 144

Security Affairs

SEPTEMBER 3, 2019

We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” ” read a message published on the XKCS forum “The data includes usernames , email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,”.

Data breaches 108

Data breaches Passwords Advertising Data collection 108

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Altogether, Meduza makes a great competitor to Azorult , Redline , Racoon , and Vidar Stealer used by cybercriminals for account takeover (ATO), online-banking theft, and financial fraud.

Password Management 143

Password Management Cryptocurrency Passwords Authentication 143

Joseph Steinberg

APRIL 20, 2021

It is also not uncommon for firms in the healthcare vertical to symbiotically share various types of information with one another; private healthcare-related data is also almost always shared during the M&A process – even before deals have closed.

Healthcare 233

Healthcare Insurance Computers and Electronics Data collection 233

eSecurity Planet

AUGUST 20, 2024

The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. When creating passwords, use at least 12 characters, combining uppercase and lowercase letters, numbers, and special symbols.

Identity Theft 130

Identity Theft Data breaches Passwords Encryption 130

Hot for Security

MARCH 17, 2021

The attacker managed to steal the names, email addresses, usernames, hashed passwords (salted), associated phone numbers, linked Facebook IDs and any requested password reset tokens. If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already.

Data breaches 105

Data breaches Passwords Accountability Media 105

SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. These documents are in fact password-protected ZIP or other archives. CloudSorcerer also employs GitHub as its initial C2 server.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware 229

Spyware Mobile Advertising Software 229

SecureWorld News

AUGUST 15, 2024

NPD, which provides background check services to employers, investigators, and other businesses, reportedly obtains this information by scraping data from various sources, often without the direct consent of the individuals involved. Use complex, unique passwords for all accounts and consider using a password manager.

Data breaches 110

Data breaches Identity Theft Password Management Data collection 110

The Last Watchdog

APRIL 22, 2020

PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory ( AD ) environment. It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. But SSO proved to be a boon for intruders, as well.

Accountability 138

Accountability Authentication Digital transformation Passwords 138

SecureList

MAY 28, 2024

However, the customer company often gives the service provider quite a lot of access to its systems, including: allocating various systems for conducting operations; issuing accesses for connecting to the infrastructure; creating domain accounts. In other cases, they used data that was stolen before the incident began.

VPN 125

VPN Accountability Passwords Antivirus 125

Security Affairs

SEPTEMBER 19, 2018

In the first half of 2018, researchers at Kaspersky Lab said that the most popular attack vector against IoT devices remains cracking Telnet passwords (75,40%), followed by cracking SSH passwords (11,59%). Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan.

IoT 106

IoT Passwords Malware Advertising 106

SecureWorld News

APRIL 29, 2024

Information collected by online trackers is often shared with an extensive network of marketers, advertisers, and data brokers. The plethora of online accounts most people have necessitates the use of a strong and unique password for each and every one. Protecting your information online starts with good cyber hygiene.

Data breaches 114

Data breaches Healthcare Identity Theft Advertising 114

Troy Hunt

DECEMBER 17, 2017

The Red Cross Blood Service breach gave us our largest ever incident down here in Australia (and it included data on both my wife and I). CloudPets left their MongoDB exposed which subsequently exposed data collected from connected teddy bears (yes, they're really a thing). Oh - and it uses a password of 12345678.

Data breaches 238

Data breaches Education Passwords Penetration Testing 238

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Telecommunications 131

Telecommunications Authentication Data collection Passwords 131

Malwarebytes

JULY 29, 2024

At Malwarebytes, we reported how a team of researchers at Mozilla who reviewed the privacy and data collection policies of various product categories for several years now, named “Privacy Not Included,” found cars to be the worst product category they ever reviewed for privacy.

Insurance 114

Insurance Data collection Data breaches Manufacturing 114

Security Affairs

SEPTEMBER 11, 2018

The security researcher that handle the Twitter account Privacy First first reported the alleged unethical behavior and published a video that shows how the app harvest users ‘data. “The data collected was explicitly identified to the customer in the data collection policy and is highlighted to the user during the install.

Adware 108

Adware Data collection Advertising Antivirus 108

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. Game over: cybercriminals targeting gamers’ accounts and money.

Mobile 133

Mobile Passwords Software Accountability 133

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Let’s not mince words: passwords are difficult for most organizations to manage.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. Recently, a client with several different social media accounts and a large team of people working on them approached BH Consulting to review its security and policies around them. More than 4.7

Media 52

Media Accountability Passwords Authentication 52

Identity IQ

FEBRUARY 2, 2022

The CFPB issued orders to BNPL apps Affirm, Afterpay, Klarna, PayPal and Zip to explain how they gather detailed information about consumers´ shopping behavior, fees, loan performance, users´ demographics, data collection and other elements of their business models. The companies have until March 1 to send the information to the CFPB.

Identity Theft 119

Identity Theft Consumer Protection Data collection Accountability 119

Malwarebytes

APRIL 10, 2024

From our safe portal, everyday people can view past password breaches, active social media profiles, potential leaks of government ID info, and more. Why data matters I can’t tell you how many times I’ve read that “data is the new oil” without reading any explanations as to why people should care.

Data breaches 93

Data breaches Passwords Banking Malware 93

Security Boulevard

JANUARY 16, 2024

Put into context, it would make little sense to use a privacy-oriented browser and all the features such a browser may have to offer, but continue to reuse passwords across online accounts. Security and privacy overlap, both inside and outside the digital space. Your privacy can be compromised when security is weak or lax.

Accountability 111

Accountability Engineering Passwords Internet 111

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. rar archive files. Dangerous email.

Ransomware 98

Ransomware Antivirus Malware Banking 98

Security Affairs

MAY 23, 2024

Attackers also manipulate local Administrator accounts to maintain persistence, they were spotted enabling the disabled local Administrator account, followed by resetting its password. ” The threat actors used both custom malware and off-the-shelf tools to gather sensitive data from victim machines.

Malware 131

Malware Accountability Phishing Data collection 131

Malwarebytes

JANUARY 18, 2021

You can also visit the Help Center if you would prefer to delete your account. The key focus of concern around the update, was how data would be shared going forward. Simply by having to explain the differences between forms of messaging, data collection is thrown into sharp relief. But now you do. Decisions, decisions.

Data collection 75

Data collection Encryption Accountability Passwords 75

Security Affairs

JULY 21, 2019

A flaw could have allowed hackers to take over any Instagram account in 10 minutes. Mysterious hackers steal data of over 70% of Bulgarians. Sprint revealed that hackers compromised some customer accounts via Samsung site. Israel surveillance firm NSO group can mine data from major social media.

Small Business 86

Small Business Media Spyware Advertising 86