Data collection and Passwords - Cyber Security Informer

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

Username domainuser -Password password Note: I’ve tried to provide time stamps and output during run-time, so you know what it’s doing. The Results directory houses csv files containing all the computer, share, file, and permission data collected, including things like excessive privileges and stored secret samples.

Passwords

Passwords Risk Data collection Backups

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Password overhaul. Stolen passwords that can lead to data leaks.

Passwords

Passwords Password Management Accountability Authentication

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches

Data breaches Passwords B2B Technology

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Websites that Collect Your Data as You Type

Schneier on Security

MAY 19, 2022

Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior. “If there’s a Submit button on a form, the reasonable expectation is that it does something — that it will submit your data when you click it,” says Güne?

Passwords

Passwords Marketing Data collection

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are not just easier to use, but also significantly faster than passwords. On average, a user can successfully sign in within 14.9

Authentication

Authentication Passwords Technology Password Management

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

JANUARY 18, 2019

A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords.

Accountability

Accountability Passwords Data breaches Data collection

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. The Raccoon v.

Malware

Malware Identity Theft Cybercrime Accountability

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

Shodan’s most popular search terms include “unprotected webcams” and “routers with default passwords.” Side note: always change the default password on your devices.). The data is thought to have originated from Data&Leads, Inc. which promptly took down their entire website as soon as the exposure was made public.

Identity Theft

Identity Theft Data collection Engineering Passwords

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

The network of data brokers that political campaigns rely on to target voters with ads is enormous, as one Washington Post reporter found in 2020, with “3,000 data points on every voter.” Escaping this data collection regime has proven difficult for most people.

Scams

Scams Identity Theft Cybercrime Accountability

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

SecureList

OCTOBER 29, 2024

Armed with BitLocker To Go, the attackers manipulate the registry, primarily to create the branches and keys that the Trojan needs to operate: That done, Lumma, again using the utility, searches the victim’s device for files associated with various cryptocurrency wallets and steals them: Then, the attackers view browser extensions related to (..)

Adware

Adware Malware Cryptocurrency Password Management

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile

Mobile Wireless Advertising Accountability

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS Cyber Insider Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers.

Surveillance

Surveillance Telecommunications Malware Data breaches

Outlaw cybergang attacking targets worldwide

SecureList

APRIL 29, 2025

Such accounts are often configured to have the same username as the password, which is a bad practice, making it easy for the attackers to exploit them. PasswordAuthentication no : disables password-based login. PermitEmptyPasswords no : prevents login with empty passwords. configrc5 / a directory.

Passwords

Passwords Authentication System Administration Malware

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

It is also not uncommon for firms in the healthcare vertical to symbiotically share various types of information with one another; private healthcare-related data is also almost always shared during the M&A process – even before deals have closed.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects.

Password Management

Password Management Cryptocurrency Passwords Authentication

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Data collection Media Passwords

Mobile virtual network operator Mint Mobile discloses a data breach

Security Affairs

DECEMBER 23, 2023

.” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Data breaches

Data breaches Mobile Wireless Data collection

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware

Spyware Mobile Advertising Software

XKCD forum data breach impacted 562,000 subscribers

Security Affairs

SEPTEMBER 3, 2019

We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection.” ” read a message published on the XKCS forum “The data includes usernames , email addresses, salted, hashed passwords, and in some cases an IP address from the time of registration,”.

Data breaches

Data breaches Passwords Advertising Data collection

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. Super Bowl Sunday watchers are treated to no fewer than a half-dozen commercials for cryptocurrency investing. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. These documents are in fact password-protected ZIP or other archives. CloudSorcerer also employs GitHub as its initial C2 server.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

US senators ask FTC to investigate car makers’ privacy practices

Malwarebytes

JULY 29, 2024

At Malwarebytes, we reported how a team of researchers at Mozilla who reviewed the privacy and data collection policies of various product categories for several years now, named “Privacy Not Included,” found cars to be the worst product category they ever reviewed for privacy.

Insurance

Insurance Data collection Data breaches Manufacturing

Microsoft AI “Recall” feature records everything, secures far less

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence

Artificial Intelligence Passwords Accountability Media

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. When creating passwords, use at least 12 characters, combining uppercase and lowercase letters, numbers, and special symbols.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Security Affairs

SEPTEMBER 11, 2018

Former NSA white hat hacker Patrick Wardle reported last week that Trend Micro apps were also collecting users’ personal data including their browsing history and then uploaded that data in a password-protected archive to a server. And what do you think that might be? ” wrote Wardle.

Adware

Adware Data collection Advertising Antivirus

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

In the first half of 2018, researchers at Kaspersky Lab said that the most popular attack vector against IoT devices remains cracking Telnet passwords (75,40%), followed by cracking SSH passwords (11,59%). Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan.

IoT

IoT Passwords Malware Advertising

Fixing Data Breaches Part 1: Education

Troy Hunt

DECEMBER 17, 2017

The Red Cross Blood Service breach gave us our largest ever incident down here in Australia (and it included data on both my wife and I). CloudPets left their MongoDB exposed which subsequently exposed data collected from connected teddy bears (yes, they're really a thing). Oh - and it uses a password of 12345678.

Data breaches

Data breaches Education Passwords Penetration Testing

Have you been Zynged? Who’s playing with your data even after you changed your breached credentials?

Hot for Security

MARCH 17, 2021

The attacker managed to steal the names, email addresses, usernames, hashed passwords (salted), associated phone numbers, linked Facebook IDs and any requested password reset tokens. If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already.

Data breaches

Data breaches Passwords Accountability Media

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

.” T-Mobile said that threat actors did not access names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs. The company reported the incident to the authorities and is investigating the incident with the heal of a cybersecurity firm.

Data breaches

Data breaches Mobile Telecommunications Accountability

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

SecureWorld News

AUGUST 15, 2024

NPD, which provides background check services to employers, investigators, and other businesses, reportedly obtains this information by scraping data from various sources, often without the direct consent of the individuals involved. Use complex, unique passwords for all accounts and consider using a password manager.

Data breaches

Data breaches Identity Theft Password Management Data collection

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

POEMGATE is a malicious PAM module that is used by attackers to authenticate with a statically determined password and saves logins and passwords entered during authentication in a file in XOR-encoded form. Sandworm employed two backdoors, named Poemgate and Poseidon, in the attacks against the Ukrainian telecommunications providers.

Telecommunications

Telecommunications Authentication Data collection Passwords

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. That’s why it is common for IoT devices to get shipped with default passwords that can’t be changed, or settings that transmit passwords in clear text.

Internet

Internet Internet IoT Technology

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

JUNE 21, 2023

This includes data from browsers, such as saved credentials, browsing history, and cookies, as well as information from instant messengers and emails. Info stealers are also indiscriminate, infecting as many computers as possible to maximize the amount of data collected.

Accountability

Accountability Data collection Cyber threats Risk

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

SecureWorld News

JANUARY 16, 2024

arrives in phases, with the first set of mandatory requirements around multi-factor authentication, penetration testing, and password security taking effect on March 31st. March 31, 2024: First compliance phase for PCI DSS v4.0 Hold onto your credit cards! The highly-anticipated PCI DSS v4.0

Cybersecurity

Cybersecurity Data privacy Data collection Penetration Testing

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters.

IoT

IoT InfoSec Data collection Encryption

Over 100,000 Hackers Exposed in Data from Top Cybercrime Forums

SecureWorld News

AUGUST 16, 2023

Their findings, which spanned data collected between 2018 and 2023, revealed an intriguing reality. As the researchers peered deeper into the realm of cybercrime forums, they discovered a complex interplay of password strength.

Cybercrime

Cybercrime Passwords Data collection Data breaches

Google collects the following data from its users

CyberSecurity Insiders

FEBRUARY 11, 2021

All these days we have seen many media speculations that Google collects some personalized data of its users for advertising and development purposes. On Wednesday, Google made an official announcement on the data collection it does and is as follows-.

Advertising

Advertising Data collection Internet Internet

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

SecureWorld News

APRIL 29, 2024

Information collected by online trackers is often shared with an extensive network of marketers, advertisers, and data brokers. The plethora of online accounts most people have necessitates the use of a strong and unique password for each and every one.

Data breaches

Data breaches Healthcare Identity Theft Advertising

Silent Night Zeus botnet available for sale in underground forums

Security Affairs

MAY 23, 2020

Silent Night is able to grab information from online forms and perform web injections in major browsers, including Google Chrome, Mozilla Firefox, and Internet Explorer, monitor keystrokes, take screenshots, harvest cookies and passwords.

Banking

Banking Advertising Malware Data collection

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware , or even log everything users do online, including accessing passwords and financial data.

Risk

Risk Adware Data collection Passwords

21 million free VPN users’ data exposed

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. According to the report, the exposed data belonged to as many as 20 million users.

VPN

VPN Passwords Internet Internet

Over 100 flaws in management and access control systems expose buildings to hack

Security Affairs

MAY 11, 2019

The extent of the flaw is wide, according to data collected by Krstic during the study, the vulnerabilities could impact up to 10 million people and 30,000 doors at 200 facilities. Some of the flaws, rated as ‘critical,’ could be exploited by an unauthenticated attacker to take full control of the vulnerable systems.

Hacking

Hacking Advertising Surveillance Data collection

What’s up with WhatsApp’s privacy policy?

Malwarebytes

JANUARY 18, 2021

Simply by having to explain the differences between forms of messaging, data collection is thrown into sharp relief. That is to say, you may not have known prior to this how much…or little…your favourite apps collect. The data collection genie is out of the bottle, and yet it may not matter too much.

Data collection

Data collection Encryption Accountability Passwords

Drawing the RedLine – Insider Threats in Cybersecurity

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Let’s not mince words: passwords are difficult for most organizations to manage.

Cybersecurity

Cybersecurity Social Engineering Passwords Malware

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Webinars

Trending Sources

Inside the DemandScience by Pure Incubation Data Breach

Webinars

Websites that Collect Your Data as You Type

Making authentication faster than ever: passkeys vs. passwords

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

114 Million US Citizens and Companies Found Unprotected Online

Election season raises fears for nearly a third of people who worry their vote could be leaked

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Privacy Roundup: Week 12 of Year 2025

Outlaw cybergang attacking targets worldwide

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

New Version of Meduza Stealer Released in Dark Web

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Mobile virtual network operator Mint Mobile discloses a data breach

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

XKCD forum data breach impacted 562,000 subscribers

Happy 13th Birthday, KrebsOnSecurity!

IT threat evolution Q3 2024

US senators ask FTC to investigate car makers’ privacy practices

Microsoft AI “Recall” feature records everything, secures far less

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Evolution of threat landscape for IoT devices – H1 2018

Fixing Data Breaches Part 1: Education

Have you been Zynged? Who’s playing with your data even after you changed your breached credentials?

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Massive Data Breach Includes Social Security Numbers, Potentially Affects Billions

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

Key Cybersecurity Compliance Deadlines You Can't Miss in 2024

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Over 100,000 Hackers Exposed in Data from Top Cybercrime Forums

Google collects the following data from its users

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

Silent Night Zeus botnet available for sale in underground forums

Almost Half of All Chrome Extensions Are Potentially High-Risk

21 million free VPN users’ data exposed

Over 100 flaws in management and access control systems expose buildings to hack

What’s up with WhatsApp’s privacy policy?

Drawing the RedLine – Insider Threats in Cybersecurity

Stay Connected