Security Affairs

FEBRUARY 29, 2024

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. Use this code to log in/reset the FB account password for the user account.”

Accountability 145

Accountability Passwords Hacking Information Security 145

Security Affairs

MAY 24, 2024

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835 , that allows attackers to take over user accounts. The flaw can be exploited to hijack an account without any interaction.

Accountability 143

Accountability Passwords Hacking Cybersecurity 143

Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. Then Kokorin disclosed the flaw on X.

Accountability 145

Accountability Phishing Hacking Information Security 145

Security Affairs

APRIL 27, 2024

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Your account may have been one of those accessed.” ” continues the notification.

Accountability 143

Accountability Passwords Data breaches Hacking 143

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.” government and defense entities.

Hacking 142

Hacking Identity Theft Social Engineering Accountability 142

Security Affairs

SEPTEMBER 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits.

Hacking 141

Hacking Accountability Passwords Cybercrime 141

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The threat that API security breaches pose to enterprises should not be taken lightly.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 144

Banking Accountability Malware Mobile 144

Security Affairs

SEPTEMBER 7, 2024

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations.

Accountability 139

Accountability Authentication Hacking Information Security 139

Security Affairs

MAY 2, 2024

Investigations revealed that a threat actor gained access to data, including customer information like emails, usernames, phone numbers, and hashed passwords. Additionally, certain account settings and authentication information such as API keys, OAuth tokens, and multi-factor authentication details were compromised.

Hacking 139

Hacking Passwords Authentication Accountability 139

Security Affairs

SEPTEMBER 26, 2024

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. They discovered that Kia would send a registration link to the customers’ email addresses, allowing them to register their vehicle or add it to their Kia account.

Hacking 143

Hacking Accountability Mobile Internet 143

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The gang published a series of documents as proof of the hack, including people’s ID cards, data sheets, payroll payment requesters and a picture of the folder exfiltrated from the victim’s systems.

Hacking 144

Hacking Ransomware Phishing Malware 144

Security Affairs

APRIL 9, 2024

“An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.” . “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by the LG ThinkQ smartphone app to control the TV. ” reads the advisory.

Hacking 143

Hacking Internet Internet Authentication 143

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking 144

Banking Government Accountability Hacking 144

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams 284

Scams DDOS Cryptocurrency Accountability 284

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. Microsoft Corp.

Malware 322

Malware Software Technology Accountability 322

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime 338

Cybercrime VPN Malware Ransomware 338

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., ” The U.S.

Firewall 84

Firewall Hacking Malware Passwords 84

Daniel Miessler

MAY 14, 2020

Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Enable two-factor authentication on all critical accounts. Automatic Logins Using Lastpass.

Risk 345

Risk Password Management Passwords Accountability 345

Security Affairs

JUNE 27, 2024

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The LockBit ransomware group hasn’t hacked the Federal Reserve as it has recently claimed, the real victim is the Evolve Bank. The real victim is the Evolve Bank. ” continues the report.

Hacking 123

Hacking Banking Retail Ransomware 123

Krebs on Security

FEBRUARY 22, 2024

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government 302

Government Hacking Cyber threats Mobile 302

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. of the the targeted accounts were compromised.

Passwords 138

Passwords Accountability Authentication Hacking 138

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts. million in restitution.

Scams 132

Scams Phishing Identity Theft Accountability 132

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools.

Cybercrime 137

Cybercrime Cryptocurrency Banking Accountability 137

Security Affairs

MARCH 4, 2024

“Account information of some of our Card Members, including some of your account information, may have been involved. ” The security breach occurred at a service provider that lets customers book flights, hotels and other reservations using an online portal. .”

Data breaches 140

Data breaches Accountability Hacking Mobile 140

Joseph Steinberg

OCTOBER 6, 2022

According to The New York Times , in 2016, while the Federal Trade Commission (FTC) was investigating an earlier breach of Uber’s computer systems, Sullivan learned of a subsequent compromise that affected more than 57 million Uber accounts. Serving as a Chief Information Security Officer is a daunting task. 0001% get through.

CISO 258

CISO Artificial Intelligence Data breaches Cybersecurity 258

Security Affairs

OCTOBER 14, 2024

“Between August 17 and August 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established. An investigation was promptly launched with assistance from external security experts.”

Data breaches 139

Data breaches Financial Services Accountability Hacking 139

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 139

Phishing Accountability Information Security Cyber Attacks 139

Security Affairs

JUNE 3, 2024

The presence of the emails on dark web shows that politicians used their official emails to create an account on third-party web services that suffered a data breach. “The fact that these emails, which are publicly available on government websites, are on the dark web isn’t a security failure by itself. ” reads the report.

Passwords 145

Passwords Government Accountability Hacking 145

Security Affairs

JUNE 19, 2024

The kraken security team discovered “an isolated bug” that allowed an attacker, under specific circumstances, to initiate a deposit onto the platform and receive funds in their account without fully completing the deposit. The security team addressed the vulnerability within an hour.

Cryptocurrency 138

Cryptocurrency Accountability Hacking Marketing 138

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. The Rockstar admin panel is user-friendly, it allows customers to track phishing activity, including visit stats and account validity, and offers tools like URL generators and customizable email themes.

Phishing 121

Phishing Accountability Authentication Advertising 121

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Identity Theft 133

Identity Theft Passwords Malware Banking 133

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 133

Cyber Attacks Telecommunications Data breaches Banking 133

Security Affairs

MARCH 29, 2024

The attackers detected suspicious login activity to certain Hot Topic Rewards accounts. Threat actors obtained valid account credentials obtained from an unknown third-party source. Hot Topic was not the source of the account credentials used in these attacks.” The company also recommends changing the account password.

Accountability 140

Accountability Mobile Passwords Authentication 140

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. RockYou2021 had 8.4 RockYou2021 had 8.4 ” concludes CyberNews.

Passwords 138

Passwords Data breaches Hacking Accountability 138

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency 113

Cryptocurrency Hacking Government Accountability 113

Security Affairs

JUNE 24, 2024

CISA warns chemical facilities that its Chemical Security Assessment Tool (CSAT) environment was breached in January. In March, the Recorded Future News first reported that the US Cybersecurity and Infrastructure Security Agency (CISA) agency was hacked in February. ” concludes the advisory.

Hacking 138

Hacking Encryption Accountability Risk 138