Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. Affected accounts were disabled. The breach was confirmed on Feb. OCC on Feb.

Accountability 122

Accountability Banking Information Security Hacking 122

Security Affairs

FEBRUARY 17, 2025

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. The researchers warn that, at scale, this attack could impact thousands of AWS accounts, with around 1% of organizations estimated to be vulnerable. ” reads the advisory published by the company.

Accountability 61

Accountability Hacking Cybersecurity Information Security 61

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key. ” Orn advertising Araneida Scanner in Feb. 2023 on the forum Cracked.

Hacking 231

Hacking Cybercrime Advertising Data breaches 231

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. A Nigerian national was sentenced to 26 years in prison in the US for stealing millions by compromising the email accounts of real estate businesses. for phishing scams that resulted in the compromise of millions of email accounts. million in restitution.

Scams 123

Scams Phishing Identity Theft Accountability 123

Security Affairs

JUNE 20, 2024

A researcher discovered a flaw that allows attackers to impersonate Microsoft corporate email accounts and launch phishing attacks. The security researcher Vsevolod Kokorin (@Slonser) discovered a bug that allows anyone to impersonate Microsoft corporate email accounts. Then Kokorin disclosed the flaw on X.

Accountability 145

Accountability Phishing Hacking Information Security 145

Security Affairs

NOVEMBER 30, 2024

A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. “It is true our accounts were hacked into but not to the extent of what is being reported. billion shillings and that the stolen funds were transferred into accounts in Japan and the UK.

Banking 141

Banking Government Accountability Hacking 141

Krebs on Security

OCTOBER 20, 2023

BeyondTrust’s security team detected that someone was trying to use an Okta account assigned to one of their engineers to create an all-powerful administrator account within their Okta environment. He said that on Oct 2., 2 was not a result of a breach in its systems. But she said that by Oct. But she said that by Oct.

Social Engineering 355

Social Engineering Engineering Accountability Hacking 355

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Security Affairs

DECEMBER 7, 2024

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware 123

Ransomware Hacking Accountability Cyber Attacks 123

Security Affairs

JANUARY 2, 2025

The “DoubleClickjacking” exploit bypasses protections on major websites, using a double-click sequence for clickjacking and account takeover attacks. Attackers can exploit the technique to facilitate clickjacking attacks and account takeovers on almost all major websites. ” Paulos Yibelo wrote.

Accountability 117

Accountability Authentication Hacking Information Security 117

Security Affairs

JULY 31, 2024

BingoMod is a new Android malware that can wipe devices after stealing money from the victims’ bank accounts. Researchers at Cleafy discovered a new Android malware, called ‘BingoMod,’ that can wipe devices after successfully stealing money from the victims’ bank accounts.

Banking 141

Banking Accountability Malware Mobile 141

Security Affairs

NOVEMBER 24, 2024

Stolen information offered for sale on the carding website included bank account, credit card, and debit card numbers and associated information for conducting transactions. seized $283,000 in cryptocurrency from an account linked to Sami as part of actions against the illicit activities of PopeyeTools.

Cybercrime 130

Cybercrime Cryptocurrency Banking Accountability 130

Security Affairs

NOVEMBER 3, 2024

The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. These routers are used to relay brute-force attacks on Microsoft 365 accounts. In the majority of the campaigns, about 80 percent, CovertNetwork-1658 makes only one sign-in attempt per account per day.

Passwords 133

Passwords Wireless VPN Accountability 133

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. Only share the personal information you absolutely have to provide with the genetic testing company. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance 145

Insurance Accountability Risk Data breaches 145

Security Affairs

OCTOBER 14, 2024

“Between August 17 and August 19, a third party accessed and obtained certain information without authorization using two customer accounts that they had recently established. An investigation was promptly launched with assistance from external security experts.”

Data breaches 133

Data breaches Financial Services Accountability Hacking 133

Security Affairs

SEPTEMBER 7, 2024

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to take control of arbitrary accounts. The LiteSpeed Cache plugin is a popular caching plugin for WordPress that accounts for over 5 million active installations.

Accountability 133

Accountability Authentication Hacking Information Security 133

Security Affairs

NOVEMBER 29, 2024

Rockstar 2FA targets Microsoft 365 accounts and bypasses multi-factor authentication with adversary-in-the-middle (AitM) attacks. The Rockstar admin panel is user-friendly, it allows customers to track phishing activity, including visit stats and account validity, and offers tools like URL generators and customizable email themes.

Phishing 113

Phishing Accountability Authentication Advertising 113

Security Affairs

JANUARY 25, 2025

Subaru Starlink flaw exposed vehicles and customer accounts in the US, Canada, and Japan to remote attacks. The experts explained that they exploited the flaw to gain unrestricted targeted access to all vehicles and customer accounts in the above countries. ” wrote Curry. ” added Curry. I sent the unlock command.

Hacking 125

Hacking Accountability Passwords Authentication 125

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO 340

CISO Cybercrime Accountability Information Security 340

Security Affairs

OCTOBER 29, 2024

The cybersecurity firm’s recommendations for malware victims are: Consult an expert : For thorough malware removal and system security, seek professional help if needed. Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication.

Identity Theft 124

Identity Theft Passwords Malware Banking 124

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” Avoid password reuse, choose complex passwords, and check account activity often.

Financial Services 82

Financial Services Passwords Accountability Antivirus 82

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 288

Scams Artificial Intelligence Cryptocurrency Accountability 288

Security Affairs

OCTOBER 19, 2024

This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. reads a statement published by Sophos on Mastodon. “In In one case, attackers dropped Fog ransomware.

Backups 130

Backups VPN Ransomware Authentication 130

Schneier on Security

OCTOBER 13, 2020

The IPv6 addresses were traced to Verizon Wireless, which told the investigators that the addresses were in use by an account belonging to Williams. Data obtained by Avondale police from Google did show that a device logged into Molina’s Google account was in the area at the time of Knight’s murder.

Surveillance 363

Surveillance Wireless Accountability Architecture 363

Security Affairs

OCTOBER 17, 2024

The fixed version sets a randomly-generated password for the duration of the image build and it disables the builder account at the conclusion of the image build. Alternatively, disable the ‘builder’ account with usermod -L builder on affected VMs.” ” Kubernetes Image Builder v0.1.38

Accountability 133

Accountability Passwords Hacking Cybersecurity 133

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 125

Cyber Attacks Telecommunications Data breaches Banking 125

SecureWorld News

MARCH 20, 2025

Attackers are mimicking tournament brackets, betting promotions, and registration formstricking users into handing over credentials or linking bank accounts to fraudulent sites. A simple click on what seems like an innocent bracket challenge or promo offer can lead to compromised financial accounts before tipoff.

Scams 87

Scams Social Engineering Mobile Phishing 87

Security Affairs

FEBRUARY 16, 2025

The attackers employ a phishing technique called device code phishing, which tricks users into logging into productivity apps while capturing login tokens that can be used to take over compromised accounts. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data.

Phishing 114

Phishing Authentication Telecommunications Accountability 114

Security Affairs

FEBRUARY 4, 2025

The investigation revealed that attackers had compromised an account associated with a third-party provider of support services. Then GrubHub locked out the attackers and removed the hacked account. Upon discovery, we promptly launched an investigation, identifying unauthorized access to an account associated with this provider.”

Data breaches 114

Data breaches Passwords Accountability Hacking 114

Security Affairs

DECEMBER 18, 2024

The Irish Data Protection Commission (DPC) fined Meta 251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts. “This data breach impacted approximately 29 million Facebook accounts globally, of which approximately 3 million were based in the EU/EEA. ” reads the press release published by DPC.

Data breaches 105

Data breaches Accountability Risk Advertising 105

Security Affairs

DECEMBER 6, 2024

Impacts vary depending on users’ browsers, cookies, and third-party account activity. ” The potential exposed data includes IP addresses, third-party identifiers/cookies, and, in some cases, information about a patient’s treatment or provider if included in a URL or button text. added Atrium Health.

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Security Affairs

APRIL 12, 2025

. “The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the ‘secret_key’ value in the ‘autheticate_user’ function in all versions up to, and including, 1.0.78.”

Accountability 78

Accountability Authentication Passwords Hacking 78

Security Affairs

APRIL 19, 2025

Threat actors were spotted exploiting the default super admin account (admin@LocalDomain), which often still uses the weak default password password. Arctic Wolf is monitoring the situation and urges organizations to secure all local accounts. Even fully patched devices can be compromised if password hygiene is poor.

Passwords 75

Passwords VPN Firewall Accountability 75

Krebs on Security

APRIL 27, 2023

Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant’s full name, Social Security number, address, phone number, email, and bank account number.

Banking 339

Banking Government Information Security Authentication 339

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability 312

Accountability Scams Artificial Intelligence Cryptocurrency 312

Security Affairs

DECEMBER 4, 2024

that could be exploited to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. In mid-October, Sophos researchers warned that ransomware operators are exploiting the vulnerability CVE-2024-40711 to create rogue accounts and deploy malware. ” reads the advisory.

Backups 113

Backups Ransomware Accountability Hacking 113

Schneier on Security

AUGUST 2, 2023

In an email newsletter, Melissa Hathaway wrote: Now that the rule is final, companies have approximately six months to one year to document and operationalize the policies and procedures for the identification and management of cybersecurity (information security/privacy) risks.

Cybersecurity 242

Cybersecurity Risk Government Information Security 242