Accountability, Passwords and Software - Cyber Security Informer

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Cybercriminals could use your account to spread spam and phishing emails to your contacts.

Accountability

Accountability Authentication Malware Banking

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords

Passwords Accountability VPN Malware

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords

Passwords IoT Password Management Data breaches

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords

Passwords Media Technology Accountability

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com,

Passwords

Passwords Mobile Accountability Marketing

Tricky Phish Angles for Persistence, Not Passwords

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Phishing

Phishing Passwords Accountability Authentication

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity].

Hacking

Hacking Cybercrime Advertising Data breaches

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free. Instead, it operates on a larger scale, infecting everyone who stumbles upon the compromised software.

Software

Software Cryptocurrency Malware DNS

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

Phishing

Phishing Cybercrime Advertising Malware

Video: How Hackers Steal Your Cookies & How to Stop Them

eSecurity Planet

NOVEMBER 6, 2024

Transcript Cookie theft is a cyberattack where hackers exploit session data stored in cookies, like login credentials, to gain unauthorized access to your accounts. Though cookies themselves don’t steal passwords, they can be hijacked to access sensitive data. In this video, we’ll show you how to stay safe. How Do You Prevent It?

Identity Theft

Identity Theft Passwords Phishing Accountability

Service Rents Email Addresses for Account Signups

Krebs on Security

JUNE 6, 2023

One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Kopeechka also has multiple affiliate programs, including one that pays app developers for embedding Kopeechka’s API in their software.

Accountability

Accountability Scams Cryptocurrency Advertising

How to reset your Windows 10 password when you forget it

Tech Republic Security

AUGUST 9, 2022

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. The post How to reset your Windows 10 password when you forget it appeared first on TechRepublic.

Passwords

Passwords Accountability Software

I've Joined the 1Password Board of Advisers

Troy Hunt

OCTOBER 29, 2020

Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember.

Password Management

Password Management Passwords Software Accountability

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. Reporting the incident to IC3.gov

Malware

Malware Scams Identity Theft Antivirus

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. “It’s a patch for their own software. “It’s not like they forgot to patch something that Microsoft fixed years ago,” Holden said.

Software

Software Ransomware System Administration Authentication

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. Change your email account password. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The requests are bogus and simply a method for harvesting passwords.

Phishing

Phishing Passwords Mobile Authentication

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Setting up Google 2FA.

Risk

Risk Passwords Password Management Accountability

Password Manager Cheat Sheet: What Is a Password Manager?

Tech Republic Security

NOVEMBER 21, 2023

This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.

Password Management

Password Management Passwords Accountability Software

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Hacking

Hacking Software Government Internet

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems. By stealing these tokens, attackers can often reuse them in their own web browser, and bypass any authentication normally required for that account. Microsoft Corp. government inboxes.

Cybercrime

Cybercrime Passwords Authentication Malware

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. Citrix’s letter was prompted by laws in virtually all U.S.

VPN

VPN Passwords Software Telecommunications

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

APRIL 12, 2021

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Mobile

Mobile Passwords Accountability Cybercrime

Attackers exploit SimpleHelp RMM Software flaws for initial access

Security Affairs

JANUARY 28, 2025

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. This includes sensitive data like the serverconfig.xml file, which contains hashed admin and technician passwords, LDAP credentials, and other secrets, all encrypted with a hardcoded key.

Software

Software Passwords Accountability Encryption

Snapchat Password Cracking Tools: A Guide to Staying Safe

Hacker's King

DECEMBER 25, 2024

However, its immense popularity has made it a target for malicious actors seeking unauthorized access to user accounts. Tools designed for password cracking often exploit weak security practices, but understanding these methods is vital for safeguarding your account. Weak or simple passwords are particularly vulnerable.

Passwords

Passwords Social Engineering Accountability Scams

Malicious Office 365 Apps Are the Ultimate Insiders

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability

Accountability Advertising Passwords Phishing

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. Our brains just won’t do it.”.

Authentication

Authentication Passwords Banking Digital transformation

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking

Hacking Cybercrime Phishing Passwords

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

The Last Watchdog

JUNE 7, 2022

Then the operating scenarios of the system become different from those originally intended by the software developer. As a result, the system can be brought into a non-standard condition, which was not provided for by the software developer. We enter our login and password to sign in. The same thing happened to code writing.

Software

Software Mobile Accountability Risk

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Troy Hunt

APRIL 5, 2023

In its simplest form, the illegal data marketplace has long involved the exchange of currency for personal records containing attributes such as email addresses, passwords, names, etc. We block known breached passwords. So, we (the good guys) adapt and build better defences. We implement two factor authentication. It was that simple.

Marketing

Marketing Passwords Authentication Accountability

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

The Hacker News

MARCH 25, 2024

The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of

Passwords

Passwords Hacking Accountability Software

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Flashpoint said MrMurza appears to be extensively involved in botnet activity and “drops” — fraudulent bank accounts created using stolen identity data that are often used in money laundering and cash-out schemes. was used for an account “Hackerok” at the accounting service klerk.ru

Malware

Malware Passwords Accountability Advertising

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server).

Data breaches

Data breaches Ransomware Passwords Insurance

A Closer Look at the LAPSUS$ Data Extortion Group

Krebs on Security

MARCH 23, 2022

Our investigation has found a single account had been compromised, granting limited access. For a fee, the willing accomplice must provide their credentials and approve the MFA prompt or have the user install AnyDesk or other remote management software on a corporate workstation allowing the actor to take control of an authenticated system.

Social Engineering

Social Engineering Accountability Mobile Passwords

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

These often start with a call to users, claiming their Gmail account has been compromised. The goal is to convince the target to provide the criminals with the users Gmail recovery code, claiming its needed to restore the account. Use a password manager to autofill credentials only on trusted sites.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Macs targeted by info stealers in new era of cyberthreats

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware

Malware Software Passwords Cryptocurrency

How to secure your Twitter Account from Hacking

Hacker's King

JANUARY 1, 2025

You may also like to read: Instagram Hacked: Top 5 Ways to Protect Your Account Ways to Secure Your Twitter Account Set a Strong Password - Setting a strong password is the very first step to secure your Twitter account. It enables us to make our accounts more secure. Be cautious with public Wi-Fi.

Accountability

Accountability Hacking Passwords Scams

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

IT Security Guru

JANUARY 30, 2025

This gives the hacker the information to access your trading capital or, even worse, lock you out of your account. Data Breaches Data breaches are fairly common among cybercriminals who break into a platforms database and steal sensitive information like personal details, passwords and financial data. Keep software and devices updated.

Cyber Risk

Cyber Risk Risk Penetration Testing Accountability

Norton vs McAfee: Compare Antivirus Software 2025

eSecurity Planet

NOVEMBER 12, 2024

Norton has multiple training videos and help articles for using the software, and it offers phone, email, and chat options for customer support. Password manager: Norton generates strong passwords and syncs logins across all your protected devices. On the usability side, it supports Mac, Windows, Android, and iOS devices.

Antivirus

Antivirus Software Identity Theft VPN

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Antivirus software trusts signed programs more. For some types of software, a digital signature is mandatory.”

Malware

Malware Cybercrime Software Accountability

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Trending Sources

Home Assistant, Pwned Passwords and Security Misconceptions

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Fintech Startup Offers $500 for Payroll Passwords

Tricky Phish Angles for Persistence, Not Passwords

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

International law enforcement operation dismantled RedLine and Meta infostealers

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Video: How Hackers Steal Your Cookies & How to Stop Them

Service Rents Email Addresses for Account Signups

How to reset your Windows 10 password when you forget it

I've Joined the 1Password Board of Advisers

FBI warns of malicious free online document converters spreading malware

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Phishing evolves beyond email to become latest Android app threat

10 Behaviors That Will Reduce Your Risk Online

Password Manager Cheat Sheet: What Is a Password Manager?

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

FBI Hacker Dropped Stolen Airbus Data on 9/11

Hackers Were Inside Citrix for Five Months

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Attackers exploit SimpleHelp RMM Software flaws for initial access

Snapchat Password Cracking Tools: A Guide to Staying Safe

Malicious Office 365 Apps Are the Ultimate Insiders

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

GUEST ESSAY – The role of automation in keeping software from malicious, unintended usage

Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"

Experian, You Have Some Explaining to Do

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

Giving a Face to the Malware Proxy Service ‘Faceless’

Dental group lied through teeth about data breach, fined $350,000

A Closer Look at the LAPSUS$ Data Extortion Group

How AI was used in an advanced phishing campaign targeting Gmail users

Macs targeted by info stealers in new era of cyberthreats

How to secure your Twitter Account from Hacking

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

Norton vs McAfee: Compare Antivirus Software 2025

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Stay Connected