Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military. ” prosecutors in the case said Wednesday.

Hacking 245

Hacking Government Identity Theft Accountability 245

Troy Hunt

MAY 28, 2021

Today, it's finally happened with Pwned Passwords now completely open to all. And just to make things really interesting, we're all going to build some code for the FBI to feed passwords obtained in the process of their various investigations into HIBP. Reinvent web application security.

Passwords 343

Passwords IoT Government 343

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

Phishing 304

Phishing Scams Mobile Passwords 304

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. The only data we've been provided with is email addresses and disassociated password hashes, that is they don't appear alongside a corresponding address.

Passwords 343

Passwords Password Management Data breaches Cybercrime 343

The Last Watchdog

OCTOBER 10, 2024

Where a traditional threat intelligence or investigations tool may provide a small number of records directly correlated to the search input, IDLink expands the pool of results to include identity data correlated across shared usernames, emails, passwords, and PII – with flexible options around pivoting depth, confidence levels, and visualization.

Risk 286

Risk Cybercrime Identity Theft Phishing 286

Krebs on Security

FEBRUARY 4, 2025

In addition, the government seized the domain names for two popular anonymity services that were heavily advertised on Cracked and Nulled and allowed customers to rent virtual servers: StarkRDP[.]io The DOJ said the law enforcement action, dubbed Operation Talent , also seized domains tied to Sellix , Cracked’s payment processor.

eCommerce 208

eCommerce Cybercrime Accountability Passwords 208

Krebs on Security

NOVEMBER 21, 2024

The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time.

Identity Theft 256

Identity Theft Phishing Cryptocurrency Accountability 256

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The requests are bogus and simply a method for harvesting passwords.

Phishing 126

Phishing Passwords Mobile Authentication 126

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly.

VPN 363

VPN Passwords Software Telecommunications 363

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government 142

Government Hacking Media Passwords 142

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Change your password. You can make a stolen password useless to thieves by changing it. Enable two-factor authentication (2FA).

Data breaches 124

Data breaches Healthcare Passwords Insurance 124

Schneier on Security

APRIL 2, 2020

account number and points balance, but not passwords) Additional Personal Details (e.g., This isn't nearly as bad as the 2014 Marriott breach -- made public in 2018 -- which was the work of the Chinese government. It would be nice if there were a government regulatory body that could investigate and hold the company accountable.

Hacking 274

Hacking Accountability Data breaches Government 274

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Disabling unnecessary protocols and services, avoiding default passwords, and verifying software integrity bolster resilience. reported the WSJ.

Telecommunications 111

Telecommunications Government Mobile Cyber threats 111

Krebs on Security

JANUARY 31, 2025

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party. “Presumably, these buyers also include Dutch nationals.

Phishing 258

Phishing Cybercrime Advertising Malware 258

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.

Government 300

Government Authentication Passwords Mobile 300

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear.

IoT 135

IoT Passwords Social Engineering Telecommunications 135

Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The US government deserves considerable blame, of course, for its inadequate cyberdefense. Who is at fault?

Risk 363

Risk Government Marketing Software 363

The Hacker News

OCTOBER 19, 2023

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign.

Government 136

Government Passwords 136

Troy Hunt

APRIL 14, 2022

I really don't like password strength indicators like this (there's really nothing of practical use people can take away from them) Hey, here's a blog post on how much I dislike password strength meters! (5

Passwords 289

Passwords Government 289

Security Affairs

MARCH 10, 2025

This aligns with prior findings that cybercriminals cracked master passwords from LastPass to carry out major heists. The governments latest action officially secures the recovered funds. The scale and speed of the theft indicate a coordinated effort, consistent with previous breaches of online password managers and crypto thefts.

Password Management 83

Password Management Cryptocurrency Passwords Data breaches 83

Schneier on Security

MAY 6, 2019

Don't reuse passwords for anything important -- ­and get a password manager to remember them all. The best way for you to protect yourself is to change that incentive, which means agitating for government oversight of this space. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

Security Boulevard

JULY 9, 2024

Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? The post Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW? appeared first on Security Boulevard.

Passwords 127

Passwords Social Engineering Data privacy IoT 127

Schneier on Security

MARCH 31, 2020

So in 2016 they sued the federal government, seeking a declaration that this part of the CFAA violated the First Amendment. Someone violates the CFAA when they bypass an access restriction like a password. As a result, most users aren't even aware of the contractual terms that supposedly govern the site.

Passwords 262

Passwords Government Marketing Accountability 262

Krebs on Security

JUNE 15, 2021

According to the government, that database contained a large number of credit card numbers and stolen credentials from the Trickbot botnet, as well as information about infected machines available as bots. “Many in the gang not only knew her gender but her name too,” Holden wrote.

Cybercrime 356

Cybercrime Ransomware Passwords Banking 356

Krebs on Security

SEPTEMBER 13, 2023

USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems. government inboxes. And when all of your passwords are stolen and your important accounts have been hijacked or sold, you will wish you had simply paid for the real thing.

Cybercrime 343

Cybercrime Passwords Authentication Malware 343

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Require 16+ character unique passwords stored in an enterprise password manager.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Thales Cloud Protection & Licensing

MARCH 12, 2025

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 - 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. Trade Agreements Act (TAA).

Passwords 71

Passwords Authentication Digital transformation Government 71

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Change your password.

Data breaches 112

Data breaches Passwords Ransomware Phishing 112

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. “The actor can also use these phished authentication tokens to gain access to other services where the user has permissions, such as email or cloud storage, without needing a password.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Schneier on Security

JULY 1, 2019

government due to a firmware flaw. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords. Wow, is this an embarrassing bug : Yubico is recalling a line of security keys used by the U.S.

Firmware 277

Firmware Passwords Government Encryption 277

The Last Watchdog

MARCH 11, 2025

Treasury Department breach as a warning: “A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. “This requires a comprehensive approach that includes automated discovery, detection, remediation, and stronger secrets governance across all enterprise platforms.”

Government 130

Government Passwords Authentication CISO 130

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Earlier this year, AT&T reset passwords for millions of customers after the company finally acknowledged a data breach from 2018 involving approximately 7.6

Data breaches 351

Data breaches Passwords Authentication Accountability 351

Troy Hunt

DECEMBER 19, 2020

That said, the present COVID outbreak in Sydney may impact the final leg in the trip as the government guidance now stipulates that we'd need to be tested on re-entry to Queensland and self-isolate until a test result is returned.

Password Management 335

Password Management Healthcare Passwords Government 335

SecureWorld News

JANUARY 8, 2025

We look forward to collaborating with industry partners and the government on consumer education efforts and implementation strategies." This initiative marks a significant step forward in improving IoT security while fostering trust between consumers, manufacturers, and the government. We believe consumers will value seeing the U.S.

IoT 116

IoT Manufacturing Government Cybersecurity 116

Schneier on Security

FEBRUARY 12, 2021

ArsTechnica is reporting on the poor cybersecurity at the plant: The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.

Manufacturing 336

Manufacturing Firewall Media Passwords 336

Krebs on Security

MARCH 5, 2021

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Hacking 364

Hacking Software Government Internet 364

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). government agencies and first responders. CRACKDOWN ON HARM GROUPS?

Cybercrime 280

Cybercrime Mobile Media Hacking 280