Authentication and Data collection - Cyber Security Informer

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Hacking Government

Web 3.0 Requires Data Integrity

Schneier on Security

APRIL 3, 2025

The second is authentication—much more nuanced than the simple “Who are you?” ” authentication mechanisms of today—which ensures that data access is properly verified and authorized at every step. creates the trusted environment that AI systems require to operate reliably.

Artificial Intelligence

Artificial Intelligence Architecture Internet Internet

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. Preliminary, qualitative data collected from user research also indicates that users already perceive this convenience as the key value of passkeys.

Authentication

Authentication Passwords Technology Password Management

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

The network of data brokers that political campaigns rely on to target voters with ads is enormous, as one Washington Post reporter found in 2020, with “3,000 data points on every voter.” Escaping this data collection regime has proven difficult for most people.

Scams

Scams Identity Theft Cybercrime Accountability

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

“If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. The bad news is that Collection #1 seems to be a subset of a significantly larger data collection being sold online containing nearly 1 terabyte of compromised and hacked passwords.

Accountability

Accountability Passwords Data breaches Data collection

5G Security

Schneier on Security

JANUARY 14, 2020

To be sure, there are significant security improvements in 5G over 4Gin encryption, authentication, integrity protection, privacy, and network availability. But the enhancements aren't enough. The 5G security problems are threefold. First, the standards are simply too complex to implement securely. What's more, U.S.

Data collection

Data collection Software Marketing Government

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

It is also not uncommon for firms in the healthcare vertical to symbiotically share various types of information with one another; private healthcare-related data is also almost always shared during the M&A process – even before deals have closed.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

The State of Digital Trust in 2025 - Consumers Still Shoulder the Responsibility

Thales Cloud Protection & Licensing

MARCH 19, 2025

While insurers benefit from regulatory oversight like the banking sector, persistent friction points like opaque claims processes and intrusive data collection eroded goodwill. However, adoption of passwordless authentication grew modestly, with 75% of consumers prioritizing it in 2025 (vs. 72% in 2024). 72% in 2024).

Insurance

Insurance Banking Authentication Data privacy

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

IT Security Guru

AUGUST 7, 2024

Robust CIAM platforms incorporate effective ID verification mechanisms, such as document verification and biometric authentication, to ensure the authenticity of customer identities while eliminating friction and fraud risks. In addition, the burden on IT is reduced through centralised and automated user management processes.

Insurance

Insurance Data collection Authentication Technology

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects. The New Year’s Update Before the New Year 2024, the Meduza team decided to please customers with an update.

Password Management

Password Management Cryptocurrency Passwords Authentication

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption

Encryption Artificial Intelligence IoT Data collection

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

’ The CERT-UA also reported that the state-sponsored hackers used compromised VPN accounts that weren’t protected by multi-factor authentication. Authentication data collected by POEMGATE can be used for lateral movement and other malicious activities on the compromised networks. “Note (!)

Telecommunications

Telecommunications Authentication Data collection Passwords

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Use multi-factor authentication. Multi-factor authentication (MFA) is the process of protecting your digital password with a physical form of identification. Multi-factor authentication can be conducted in a variety of ways—it might include a quick fingerprint scan, a phone call, a text message, or a code.

Passwords

Passwords Password Management Accountability Authentication

NationalPublicData.com Hack Exposes a Nation’s Data

Krebs on Security

AUGUST 15, 2024

Americans currently have very few rights to opt out of the personal and financial surveillance, data collection and sale that is pervasive in today’s tech-based economy. The breach at National Public Data may not be the worst data breach ever.

Hacking

Hacking Data breaches Identity Theft Accountability

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT

IoT InfoSec Data collection Encryption

Twitter Uses Phone Numbers, Emails to Sell Ads

Threatpost

OCTOBER 9, 2019

Data collected for two-factor authentication purposes “inadvertently” matched users to targeted-advertising lists, the company admits.

Data collection

Data collection Advertising Authentication Data breaches

Moving from WhatsApp to Signal: A good idea?

Malwarebytes

MARCH 27, 2025

Its minimal data collection, transparency, and advanced security features make it superior to WhatsApp in protecting user information. ” Enable “Screen Lock” to require biometric authentication or a PIN to access the app. Switching to Signal is justified if privacy is your top priority.

Encryption

Encryption Data collection Mobile Authentication

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Media Data collection Passwords

A week in security (July 31 - August 6)

Malwarebytes

AUGUST 6, 2023

Last week on Malwarebytes Labs: The end looms for Meta's behavioural advertising in Europe Microsoft Teams used in phishing campaign to bypass multi-factor authentication Film companies lose battle to unmask Reddit users FAQ: How does Malwarebytes ransomware rollback work?

Data collection

Data collection Ransomware Phishing Advertising

Top 7 CIAM tools

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. Marketers want to collect data about customers and their devices.

CSO

CSO Data collection Marketing Accountability

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

JUNE 21, 2023

This includes data from browsers, such as saved credentials, browsing history, and cookies, as well as information from instant messengers and emails. Info stealers are also indiscriminate, infecting as many computers as possible to maximize the amount of data collected.

Accountability

Accountability Data collection Cyber threats Risk

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

SecureWorld News

JANUARY 16, 2024

arrives in phases, with the first set of mandatory requirements around multi-factor authentication, penetration testing, and password security taking effect on March 31st. March 31, 2024: First compliance phase for PCI DSS v4.0 Hold onto your credit cards! The highly-anticipated PCI DSS v4.0

Cybersecurity

Cybersecurity Data privacy Data collection Penetration Testing

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

The Last Watchdog

APRIL 22, 2020

Together PAM and AD oversee processes that assign identities to all humans and machines while also authenticating these identities for each transaction. Legacy PAM and AD security solutions, Lansing argues, supply a kind of static, always-on privilege, and then focus on accurately authenticating the entity seeking to use that privilege.

Accountability

Accountability Authentication Digital transformation Passwords

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. Activate multi-factor authentication on all accounts where it’s available, especially on email, banking, and social media platforms.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

AUGUST 15, 2024

NPD, which provides background check services to employers, investigators, and other businesses, reportedly obtains this information by scraping data from various sources, often without the direct consent of the individuals involved. Enable multi-factor authentication (MFA) wherever possible.

Data breaches

Data breaches Identity Theft Password Management Data collection

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. Some of the flaws, rated as ‘critical,’ could be exploited by an unauthenticated attacker to take full control of the vulnerable systems.

Hacking

Hacking Advertising Surveillance Data collection

CloudSorcerer – A new APT targeting Russian government entities

SecureList

JULY 8, 2024

It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Government

Government Malware Data collection DNS

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

Open cmd.exe and execute PowerShell or PowerShell ISE using the runas command so that network communication authenticates using a provided set of domain credentials. If you are starting from a non-domain system typically people run it using the process below. The interactive HTML report attempts to consolidate and summarize the results.

Passwords

Passwords Risk Data collection Backups

NIST Report Highlights Rising Tide of Threats Facing AI Systems

SecureWorld News

JANUARY 17, 2024

These components include: Training data collection and preprocessing Model development environments Training procedures Model testing harnesses Live deployment architectures Monitoring and observability tools Threats manifest across this entire stack. It also summarizes known techniques to mitigate these multifaceted threats.

Artificial Intelligence

Artificial Intelligence Data collection Architecture Healthcare

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

The software components at this level include the servers and databases at the core of the production workflow that feed data collected from field devices to higher-level business systems, or those operating in the cloud. Francois Lasnier | VP, Authentication and Access Management Products. Identity & Access Management.

Healthcare

Healthcare Ransomware Authentication Threat Reports

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

MAY 11, 2021

I had assumed that they either stole or spoofed a SolarWinds digital certificate, which they then used to authenticate the tainted update. This level of granular scrutiny, oriented to flushing out coding that shouldn’t be there, can be done thanks to advances in data collection and data analytics.

Software

Software Hacking Malware Engineering

How a man used a fake finger to trick his smartphone biometrics

CyberSecurity Insiders

JUNE 29, 2021

In this instance, the severed tip belonged to the finger that was registered to the device and Kieran was able to access his device because the finger used to identify enrolment was the same used for the authentication. This means that there were no faults in the system of the manufacturer.

Marketing

Marketing Technology Data collection Authentication

5 Actions to Comply with NCSC’s New BYOD Rules

Duo's Security Blog

MARCH 18, 2022

Firms should consider a solution that collects only security information about devices – the less personal data collected, the better. You can learn more about this topic in Duo’s Two-Factor Authentication Evaluation Guide. Provide access only to applications based on roles and privileges.

Authentication

Authentication Mobile VPN Risk

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

Over 14 percent of the extensions studied by the researchers collect PII, more than 6 percent collect authentication data, 2.51 percent collect personal communications, and 1.21 percent collect financial and payment information. Chrome extensions used to aid in writing are the most data-hungry (79.5

Risk

Risk Adware Data collection Passwords

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

SecureWorld News

APRIL 29, 2024

Guccione continued: "While the data leaked in this breach did not include highly sensitive information like usernames, passwords, or financial details, users may feel violated knowing that information about interactions with their trusted healthcare provider was shared with advertisers without their knowledge or consent.

Data breaches

Data breaches Healthcare Identity Theft Advertising

Privacy Roundup: Week 11 of Year 2025

Security Boulevard

MARCH 17, 2025

Data Broker Brags About Having Highly Detailed Personal Information on Nearly All Internet Users Gizmodo An owner of a data broker business brags and showcases his company's ability to deliver "personalized messaging at scale." Of course, personalized in this context means leveraging extensive amounts of data collected on people.

Surveillance

Surveillance Data breaches Spyware Malware

Not the Invasion They Warned Us About: TikTok and the Continued Erosion of Online Privacy

Approachable Cyber Threats

AUGUST 2, 2021

Users must be better protected from the outset, and the only way to ensure that is to impose significant restrictions on data collection and usage by companies seeking to monetize or use it to their asymmetric benefit in any way. social engineer a mobile provider employee to facilitate a SIM swap).

Data collection

Data collection Media Mobile Identity Theft

Judging Facebook's Privacy Shift

Schneier on Security

MARCH 13, 2019

Most recently, the company used phone numbers provided for two-factor authentication for advertising and networking purposes. Facebook needs to be both explicit and detailed about how and when it shares user data. It even collects what it calls " shadow profiles " -- data about you even if you're not a Facebook user.

Advertising

Advertising Surveillance Engineering Encryption

TheTruthSpy stalkerware, still insecure, still leaking data

Malwarebytes

FEBRUARY 13, 2024

The publications described the bug as “extremely easy to exploit, and grants unfettered remote access to all of the data collected from a victim’s Android device.”

Spyware

Spyware Malware Data collection Hacking

The state of generative AI in 2024

Webroot

OCTOBER 3, 2024

As OpenText’s Muhi Majzoub, EVP and Chief Product Officer, points out: “ As personal and family AI use increases, it’s essential to have straightforward privacy and security solutions and transparent data collection practices so everyone can use generative AI safely.

Education

Education Passwords Password Management Authentication

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

CyberSecurity Insiders

APRIL 30, 2021

Earlier this month , popular Hollywood actor Tom Cruise was trending on social media not because of a new film that he’s working on, but thanks t o TikTok videos that went viral , generating many reactions from users around the ir authenticity. . What are deepfakes? .

Technology

Technology Authentication Media Accountability

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Trending Sources

Web 3.0 Requires Data Integrity

Making authentication faster than ever: passkeys vs. passwords

Election season raises fears for nearly a third of people who worry their vote could be leaked

Collection #1 Mega Breach Leaks 773 Million Email Accounts

5G Security

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

The State of Digital Trust in 2025 - Consumers Still Shoulder the Responsibility

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

New Version of Meduza Stealer Released in Dark Web

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

NationalPublicData.com Hack Exposes a Nation’s Data

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Twitter Uses Phone Numbers, Emails to Sell Ads

Moving from WhatsApp to Signal: A good idea?

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

A week in security (July 31 - August 6)

Top 7 CIAM tools

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

Over 100 flaws in management and access control systems expose buildings to hack

CloudSorcerer – A new APT targeting Russian government entities

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NIST Report Highlights Rising Tide of Threats Facing AI Systems

Access Management is Essential for Strengthening OT Security

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

How a man used a fake finger to trick his smartphone biometrics

5 Actions to Comply with NCSC’s New BYOD Rules

Almost Half of All Chrome Extensions Are Potentially High-Risk

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

Privacy Roundup: Week 11 of Year 2025

Not the Invasion They Warned Us About: TikTok and the Continued Erosion of Online Privacy

Judging Facebook's Privacy Shift

TheTruthSpy stalkerware, still insecure, still leaking data

The state of generative AI in 2024

Critical Success Factors to Widespread Deployment of IoT

Tom Cruise,?TikTok?and Fraud: How to combat?DeepFakes

Stay Connected