Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education 72

Education Passwords Accountability Encryption 72

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services 119

Financial Services Passwords Accountability Antivirus 119

Security Affairs

FEBRUARY 28, 2025

The German news outlet DW interviewed hackers who’ve exposed security flaws in rooftop installations and solar power plants worldwide. The US-basedhacker explained that control consoles for smart solar systems are often poorly protected or configured with weak or default passwords. ” reads the article published by DW. .”

Hacking 100

Hacking Passwords Risk Cyber threats 100

Security Affairs

APRIL 9, 2025

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. ” reads the advisory. . Upgrade to 7.6.1

Passwords 72

Passwords Hacking Information Security 72

Krebs on Security

OCTOBER 28, 2020

Linus Larsson , the journalist who broke the story, says the hacked material was uploaded to a public server during the second half of September, and it is not known how many people may have gained access to it. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 356

Hacking Ransomware Banking Accountability 356

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. 54% were already in @haveibeenpwned.

Data breaches 120

Data breaches Internet Internet DDOS 120

Security Affairs

APRIL 19, 2025

Threat actors were spotted exploiting the default super admin account (admin@LocalDomain), which often still uses the weak default password password. Even fully patched devices can be compromised if password hygiene is poor. Arctic Wolf is monitoring the situation and urges organizations to secure all local accounts.

Passwords 105

Passwords VPN Firewall Accountability 105

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft 124

Identity Theft Passwords Malware Banking 124

Security Affairs

APRIL 15, 2025

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. where active user sessions are not properly invalidated after password changes. where active user sessions are not properly invalidated after password changes. All versions 6.1.4 are affected. version 6.1.5

Passwords 55

Passwords Big data Software Hacking 55

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] com , a service that sold access to billions of passwords and other data exposed in countless data breaches. In 2019, a Canadian company called Defiant Tech Inc. Abusewith[.]us

Hacking 234

Hacking Accountability Data breaches Marketing 234

Security Affairs

APRIL 18, 2025

It finally recommends using strong, unique passwords (min. 10 characters, mix of letters, numbers, symbols) for both Wi-Fi and admin pages and avoiding reusing passwords or using easy sequences like 1234567890. ” concludes the security advisory.

Firmware 114

Firmware Authentication Passwords VPN 114

Security Affairs

FEBRUARY 4, 2025

Then GrubHub locked out the attackers and removed the hacked account. ” Compromised data include names, emails, phone numbers, partial card info for some campus diners, and hashed passwords from legacy systems. .” The company reset affected passwords.

Data breaches 113

Data breaches Passwords Accountability Hacking 113

Security Affairs

OCTOBER 31, 2024

Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen data online. Alleged stolen data includes personal info, credit card details, CVVs, passwords, and API credentials. A threat actor that uses the moniker ‘kzoldyck’ claims the leak of 3.7

Data breaches 127

Data breaches Financial Services Hacking Mobile 127

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov

Malware 115

Malware Scams Identity Theft Antivirus 115

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. billion passwords from various internet data leaks.

Passwords 130

Passwords Data breaches Hacking Accountability 130

Security Affairs

MARCH 8, 2025

The attacker then moved via RDP to a server and attempted to deploy ransomware as a password-protected zip file, but the victims EDR tool blocked it. They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware.

Ransomware 128

Ransomware IoT Encryption Passwords 128

Security Affairs

OCTOBER 28, 2024

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed. million IBAN details. .

Cyber Attacks 124

Cyber Attacks Telecommunications Data breaches Banking 124

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. Users can save passwords, however it was not visible to them.

Password Management 140

Password Management Passwords Engineering Hacking 140

SecureWorld News

DECEMBER 12, 2024

The details of the Krispy Kreme hack are still emerging, but the companys Form 8-K filing brought the incident to light, offering a rare glimpse into the challenges businesses face when their systems are compromised. The Krispy Kreme hack is a sobering reminder that no industry is immune to cyber threats.

Password Management 109

Password Management Passwords CISO Cybersecurity 109

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. Security researcher ZachXBT identified the victim as Ripple co-founder Chris Larsen. The governments latest action officially secures the recovered funds. ” reads the complaint.

Password Management 86

Password Management Cryptocurrency Passwords Data breaches 86

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords 130

Passwords Accountability Authentication Hacking 130

Security Affairs

SEPTEMBER 27, 2023

DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. The data leak, first identified on September 18th, was closed instantly after Diachenko informed the company about the issue.

Passwords 145

Passwords Data breaches Phishing Hacking 145

Security Affairs

NOVEMBER 13, 2024

Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. The random password is generated from network traffic and memory data, making brute-forcing difficult. ” concludes the report.

Ransomware 121

Ransomware Encryption Passwords Backups 121

Security Affairs

FEBRUARY 25, 2025

” reads the security breach notification published by GosSOPKA. “The NKTsKI recommends that all organizations change passwords and keys for accessing their systems operated in LANIT data processing centers as soon as possible. designated military-industrial base entities such as Rostec and United Aircraft Corporation.”

Telecommunications 100

Telecommunications Software Technology Healthcare 100

Security Affairs

MARCH 27, 2025

Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, Compromised data includes usernames, passwords, security details, emails, and Firebase integration data.

Hacking 76

Hacking Telecommunications Data breaches Internet 76

Security Affairs

JULY 17, 2024

A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. The issue is due to an improper implementation in the password-change process. “This vulnerability is due to improper implementation of the password-change process. .

Passwords 138

Passwords Software Authentication Hacking 138

Security Affairs

OCTOBER 17, 2024

The fixed version sets a randomly-generated password for the duration of the image build and it disables the builder account at the conclusion of the image build. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Kubernetes Image Builder)

Accountability 133

Accountability Passwords Hacking Cybersecurity 133

Security Affairs

OCTOBER 21, 2024

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes.

Internet 127

Internet Internet Data breaches Authentication 127

Security Affairs

OCTOBER 4, 2024

update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. Apple released iOS 18.0.1 Apple released iOS 18.0.1 and iPadOS 18.0.1

Passwords 131

Passwords Media Hacking Mobile 131

Security Affairs

JANUARY 5, 2024

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. Scammers can use email addresses and plain text passwords for various attacks. However, the instance has been closed off since.

Passwords 138

Passwords Identity Theft Mobile Technology 138

Security Affairs

FEBRUARY 5, 2025

In the updated statement published by ICAO, the agency said it is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations. The observed data set includes logins (usernames), hashes of passwords, emails, titles, and communications.

Data breaches 98

Data breaches Information Security Hacking Marketing 98

Security Affairs

APRIL 6, 2025

The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack. The incident has raised serious concerns about the security of Oracles cloud infrastructure and the potential implications for affected customers. Oracle has since taken the server offline.

Data breaches 124

Data breaches Encryption Hacking Passwords 124

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Firewall 130

Firewall Passwords VPN Authentication 130

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Attackers also used it for code debugging assistance. “The tasks the CyberAv3ngers asked our models in some cases focused on asking for default username and password combinations for various PLCs.

Malware 135

Malware Social Engineering Engineering Hacking 135

The Last Watchdog

APRIL 4, 2022

They are often unaware of the risks they take on, which can include hacking, fraud, phishing, and more. SMBs and enterprises alike have been struggling with APIs as a mechanism for information security. The threat that API security breaches pose to enterprises should not be taken lightly.

Hacking 222

Hacking Penetration Testing Data breaches Authentication 222

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta. ” reported Meta.

Passwords 131

Passwords Media Encryption Internet 131

Security Affairs

MAY 2, 2025

” “New users will have several passwordless options for signing into their account and theyll never need to enroll a password. Existing users can visit their account settings to delete their password.”” The IT giant states that passkey users log in 3x more successfully and 8x faster than those using passwords.

Accountability 60

Accountability Passwords Social Engineering Authentication 60