Schneier on Security

NOVEMBER 21, 2023

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens.

Authentication 322

Authentication Government Software 322

Security Affairs

MARCH 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. It should be noted that this vulnerability can be triggered without the need for authentication and is therefore more harmful.” ” reads the advisory. .

Government 127

Government Healthcare Authentication Hacking 127

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government 144

Government VPN Accountability Authentication 144

Krebs on Security

NOVEMBER 21, 2024

The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule.

Identity Theft 251

Identity Theft Phishing Cryptocurrency Accountability 251

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Government 297

Government Authentication Passwords Mobile 297

The Hacker News

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee.

Government 139

Government Accountability VPN Authentication 139

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 135

Data collection Authentication Government Hacking 135

Schneier on Security

MARCH 29, 2023

How will the networks manage keys, authenticate users, and moderate content? Interoperability will vastly increase the attack surface at every level in the stack ­ from the cryptography up through usability to commercial incentives and the opportunities for government interference. This opens up a real Pandora’s box.

Authentication 292

Authentication Marketing Internet Internet 292

Krebs on Security

OCTOBER 30, 2024

” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.)

Healthcare 296

Healthcare Insurance Computers and Electronics Data breaches 296

The Last Watchdog

SEPTEMBER 24, 2024

Governments can create a digital identity at birth to replace SSN in its current use. About the essayist: Ambuj Kumar is Co-founder and CEO of Simbian , AI Agents for cybersecurity The post GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator first appeared on The Last Watchdog.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. The exploit was used to steal the Zimbra authentication token.

Government 139

Government Authentication Phishing Hacking 139

Krebs on Security

JANUARY 31, 2025

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party. “Presumably, these buyers also include Dutch nationals.

Phishing 252

Phishing Cybercrime Advertising Malware 252

eSecurity Planet

NOVEMBER 6, 2024

This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With cyberthreats getting more advanced , businesses and local governments alike must work together to share resources, insights, and best practices to improve cybersecurity across the board.

Ransomware 116

Ransomware Authentication Identity Theft Penetration Testing 116

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. With multifactor authentication, a username and password are no longer enough to sign into an account.

Phishing 127

Phishing Passwords Mobile Authentication 127

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

The Last Watchdog

MARCH 11, 2025

Treasury Department breach as a warning: “A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. “This requires a comprehensive approach that includes automated discovery, detection, remediation, and stronger secrets governance across all enterprise platforms.”

Government 130

Government Passwords Authentication CISO 130

SecureWorld News

FEBRUARY 13, 2025

Attackers now impersonate executives, government officials, and even family members to gain trust and manipulate victims. Misinformation and market manipulation : Deepfake videos of CEOs or government officials making false statements can manipulate stock prices or incite public panic.

Social Engineering 76

Social Engineering Authentication Identity Theft Education 76

Krebs on Security

SEPTEMBER 13, 2023

Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal ). government inboxes. Microsoft Corp.

Cybercrime 339

Cybercrime Passwords Authentication Malware 339

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. Real-time defense and a robust security mindset are crucial to staying resilient.

Risk 173

Risk Threat Detection Technology Phishing 173

SecureWorld News

OCTOBER 28, 2024

From a governance standpoint, Agnidipta Sarkar, Vice President of CISO Advisory at ColorTokens, emphasizes the critical role of regulatory frameworks. In his view, prolonged breach response times often indicate inadequate data governance and limited internal controls. The good thing is that the affected parties have been notified.

Healthcare 105

Healthcare Insurance Government Data breaches 105

Adam Levin

SEPTEMBER 1, 2020

Cybersecurity researchers have determined the records are authentic and current as of March 2020. State and federal government officials have denied that the data was acquired via hacking and have maintained that the data was available through the Freedom of Information Act (FOIA).

Hacking 281

Hacking Cyber Attacks Authentication Government 281

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. All of the access Bug is currently offering was allegedly stolen from non-U.S.

Government 314

Government Accountability Education Media 314

SecureList

JULY 8, 2024

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Victims Government organizations in the Russian Federation.

Government 141

Government Malware Data collection DNS 141

Schneier on Security

JULY 21, 2022

BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers.

Manufacturing 329

Manufacturing Surveillance Mobile Authentication 329

Security Affairs

FEBRUARY 7, 2025

Trimble Cityworks is a GIS-centric asset management and permitting software designed for local governments, utilities, and public works organizations. “Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution.” The vulnerability CVE-2025-0994 (CVSS v4 score of 8.6)

Authentication 92

Authentication Internet Internet Government 92

Schneier on Security

FEBRUARY 3, 2021

Once the attackers had that initial foothold, they used a variety of complex privilege escalation and authentication attacks to exploit flaws in Microsoft’s cloud services. On attribution: Earlier this month, the US government has stated the attack is “likely Russian in origin.”

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Schneier on Security

AUGUST 7, 2023

A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. Master signing keys are not supposed to be left around, waiting to be stolen.

Authentication 246

Authentication Government Hacking Accountability 246

Schneier on Security

JANUARY 5, 2021

Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. intelligence service revealed these points: The breach is far broader than first believed.

Hacking 361

Hacking System Administration Software Surveillance 361

Schneier on Security

FEBRUARY 1, 2023

In all, the auditors cracked 18,174—or 21 percent—­of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees. In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts.

Passwords 285

Passwords Accountability Authentication Government 285

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. 3, and said it learned about the flaw from the NSA. ” Indeed, the NSA’s Dec.

Software 363

Software Authentication Hacking Government 363

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. These infected websites host a PHP script which displays a seemingly authentic update. implacavelvideos[.]com).

Education 136

Education Government Business Services Software 136

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). For its part, Snowflake says it now requires all new customers to use multi-factor authentication. In a regulatory filing with the U.S.

Data breaches 348

Data breaches Passwords Authentication Accountability 348

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 124

Data breaches Healthcare Passwords Insurance 124

The Last Watchdog

SEPTEMBER 10, 2024

Instead of traditional methods that rely on storing and matching biometrics, SenseCrypt eID utilizes acts of encryption and decryption for registration and authentication, with no public/private keys stored anywhere. The company’s stakeholders include government organizations and bodies from both Singapore and Australia.

Computers and Electronics 278

Computers and Electronics Encryption Government Authentication 278

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Firewall 131

Firewall Government VPN Authentication 131

Digital Shadows

MARCH 17, 2025

The ransomware targets unpatched internet-facing servers, impacting systems across 70+ countries in sectors like critical infrastructure, health care, governments, education, technology, manufacturing, and small- to medium-sized businesses. This ensures that even if the VPN is compromised, attackers can’t move laterally.

VPN 133

VPN Authentication Ransomware Risk 133

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). “In January and February 2023, I contacted government organizations and several companies, but I did not receive any response from these organizations,” Akiri said. ”

Banking 342

Banking Government Information Security Authentication 342