Hacking and Passwords - Cyber Security Informer

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” Days after he apparently finished communicating with Country-1s military intelligence service, Wagenius Googled, ‘can hacking be treason.'” million customers.

Hacking

Hacking Government Identity Theft Accountability

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

Cyber threat analysts at Silent Push said they recently received reports from a partner organization that identified an aggressive scanning effort against their website using an Internet address previously associated with a campaign by FIN7 , a notorious Russia-based hacking group. co — first came online in February 2023.

Hacking

Hacking Cybercrime Advertising Data breaches

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. ” concludes Microsoft.

Passwords

Passwords Wireless VPN Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Using Hacked LastPass Keys to Steal Cryptocurrency

Schneier on Security

SEPTEMBER 18, 2023

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? That’s a really profitable hack. (It’s Look, I know that online password databases are more convenient.

Cryptocurrency

Cryptocurrency Hacking Passwords Encryption

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN

VPN Passwords Firewall Firmware

National Public Data Published Its Own Passwords

Krebs on Security

AUGUST 19, 2024

KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today. In April, a cybercriminal named USDoD began selling data stolen from NPD.

Passwords

Passwords Data breaches Accountability Data privacy

On world password day, Microsoft says fewer passwords, more passkeys

Malwarebytes

MAY 2, 2025

If there is a cybersecurity themed day that we would like to get rid as soon as possible its world password day. To quote Microsoft : As the world shifts from passwords to passkeys, were excited to join the FIDO Alliance in leaving World Password Day behind to celebrate the very first World Passkey Day.

Passwords

Passwords Password Management Authentication Accountability

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords

Passwords Accountability Authentication Malware

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. ” On Feb.

Cybercrime

Cybercrime Hacking Passwords Accountability

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

MAY 4, 2021

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. Interestingly, one of the more common connections involves re-using or recycling passwords across multiple accounts.

Passwords

Passwords Cybercrime Accountability Password Management

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. OGUsers was hacked at least twice previously, in May 2019 and again in March 2020. called Disco Payments. ”

Accountability

Accountability Hacking Scams Media

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Hacking

Hacking Cybercrime Phishing Passwords

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Today they are going to send me a report on the supposed hacking.” This is not the first time Mexico’s presidential office has been targeted in a hack involving sensitive information.

Government

Government Hacking Ransomware Insurance

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

JULY 13, 2020

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The apparent breach at St. An online post by the attackers who broke into Data Viper.

Hacking

Hacking Marketing Cybercrime Accountability

More Russian Hacking

Schneier on Security

JULY 2, 2021

The second is from the NSA, CISA, FBI, and the UK’s NCSC, which wrote that the GRU is continuing to conduct brute-force password guessing attacks around the world, and is in some cases successful. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.

Hacking

Hacking Passwords Malware Accountability

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

NetSpi Technical

NOVEMBER 14, 2024

Username domainuser -Password password Note: I’ve tried to provide time stamps and output during run-time, so you know what it’s doing. Hopefully the functionality will help people better understand where there may be risk of password exposure, data exposure, or command execution. They are all run automatically.

Passwords

Passwords Risk Data collection Backups

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Hacking

Hacking Accountability Passwords Cybersecurity

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords

Passwords Accountability VPN Malware

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

The site says it sells “cracked” accounts, or those that used passwords which could be easily guessed or enumerated by automated tools. As a result, it is often far easier for customers to simply create a new account than it is to regain control over a hacked one, or to change a forgotten password.

Hacking

Hacking Cybercrime Passwords Authentication

Subaru Starlink flaw allowed experts to remotely hack cars

Security Affairs

JANUARY 25, 2025

The duo found Subaru’s admin panel hosted on a subdomain, allowing password resets for employee accounts without confirmation, bypassing two-factor authentication. Researchers used the valid employee email to reset the password, bypass two-factor authentication, and gain access to the panels functionality. ” wrote Curry.

Hacking

Hacking Accountability Passwords Authentication

Why World Password Day Is a Perfect Reminder to Up Your Security Game

SecureWorld News

MAY 1, 2025

As we celebrate World Password Day on May 1st, it's clear that traditional password trickslike swapping "a" with "@" or adding an exclamation point at the endare no longer fooling hackers. Hackers today can guess common patterns and character swaps in mere seconds, leaving those "clever" passwords vulnerable.

Passwords

Passwords Password Management Authentication Mobile

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. “2FA has proven to be a powerful tool in securing communications channels. .”

Accountability

Accountability Hacking Authentication Marketing

Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time

Tech Republic Security

JULY 9, 2024

Nearly 10 billion passwords have been leaked on a popular hacking forum, according to Cybernews.

Passwords

Passwords Hacking Big data

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

OCTOBER 2, 2020

The account takeover all began with the Grindr password reset page: I entered Scott's address, solved a Captcha and then received the following response: I've popped open the dev tools because the reset token in the response is key. And as for the website I couldn't log into without being deferred back to the mobile app?

Accountability

Accountability Hacking Passwords InfoSec

Storm-1977 targets education sector with password spraying, Microsoft warns

Security Affairs

APRIL 27, 2025

Microsoft warns that threat actor Storm-1977 is behind password spraying attacksagainst cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector.

Education

Education Passwords Accountability Encryption

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Security Affairs

APRIL 10, 2025

The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack. Oracle initially privately notified customers of a breach affecting usernames, passkeys, and encrypted passwords, with the FBI and CrowdStrike investigating the incident.

Hacking

Hacking Data breaches Encryption Passwords

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But both SMS and app-based codes can be undermined by phishing attacks that simply request this information in addition to the user’s password.

Hacking

Hacking Social Engineering Phishing Scams

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Security Affairs

DECEMBER 9, 2024

According to The Guardian , which first reported the incident,hackers may have accessed company customers emails along with usernames, passwords and personal details of top accountancy firms blue-chip clients. Deloitte has faced hacking claims twice recently.

Hacking

Hacking Ransomware Accountability Architecture

Attackers could hack smart solar systems and cause serious damages

Security Affairs

FEBRUARY 28, 2025

One of these experts, the white hat hacker Aditya K Sood, demonstrated how weak or default passwords expose solar plants to cyber threats, allowing remote control over power systems, risking grid security. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,smart solar systems)

Hacking

Hacking Passwords Risk Cyber threats

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Hacking

Hacking Software Government Internet

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Avoid password reuse, choose complex passwords, and check account activity often. If you suspect fraud, change passwords and contact your brokerage immediately.

Financial Services

Financial Services Passwords Accountability Antivirus

Feds Link $150M Cyberheist to 2022 LastPass Hacks

Krebs on Security

MARCH 7, 2025

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing…

Password Management

Password Management Hacking Passwords

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

In the first step of the attack, they peppered the target’s Apple device with notifications from Apple by attempting to reset his password. The target told Michael that someone was trying to change his password, which Michael calmly explained they would investigate. “Password is changed,” the man said.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked. It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches

Data breaches Passwords B2B Technology

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

In this scam, dubbed “ ClickFix ,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

Phishing

Phishing Malware Scams Passwords

U.S. Hacks QakBot, Quietly Removes Botnet Infections

Krebs on Security

AUGUST 29, 2023

According to recent figures from the managed security firm Reliaquest , QakBot is by far the most prevalent malware “loader” — malicious software used to secure access to a hacked network and help drop additional malware payloads. ” The DOJ said it also recovered more than 6.5

Hacking

Hacking Malware Ransomware Government

LastPass Security Breach

Schneier on Security

DECEMBER 2, 2022

The company was hacked , and customer information accessed. No passwords were compromised.

Passwords

Passwords Hacking

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords.

Small Business

Small Business Data breaches Backups Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

Security Affairs

APRIL 9, 2025

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. A remote attacker can exploit the vulnerability to change administrator passwords. ” reads the advisory. . ” reads the advisory. Upgrade to 7.6.1 or above FortiSwitch 7.4 through 7.4.4

Passwords

Passwords Hacking Information Security

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked. Internet Archive hacked. 31M records breached The breach exposed user records including email addresses, screen names and bcrypt password hashes. HIBP added that 54% of the stolen record were already in its platform.

Data breaches

Data breaches Internet Internet DDOS

Attackers exploited SonicWall SMA appliances since January 2025

Security Affairs

APRIL 19, 2025

Threat actors were spotted exploiting the default super admin account (admin@LocalDomain), which often still uses the weak default password password. Even fully patched devices can be compromised if password hygiene is poor. Arctic Wolf is monitoring the situation and urges organizations to secure all local accounts.

Passwords

Passwords VPN Firewall Accountability

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Webinars

Trending Sources

Chinese threat actors use Quad7 botnet in password-spray attacks

Webinars

Using Hacked LastPass Keys to Steal Cryptocurrency

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

National Public Data Published Its Own Passwords

On world password day, Microsoft says fewer passwords, more passkeys

A large botnet targets M365 accounts with password spraying attacks

Three Top Russian Cybercrime Forums Hacked

The Wages of Password Re-Use: Your Money or Your Life

Account Hijacking Site OGUsers Hacked, Again

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Breached Data Indexer ‘Data Viper’ Hacked

More Russian Hacking

Hunting SMB Shares, Again! Charts, Graphs, Passwords & LLM Magic for PowerHuntShares 2.0

Microsoft Executives Hacked

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Crime Shop Sells Hacked Logins to Other Crime Shops

Subaru Starlink flaw allowed experts to remotely hack cars

Why World Password Day Is a Perfect Reminder to Up Your Security Game

Sendgrid Under Siege from Hacked Accounts

Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time

Hacking Grindr Accounts with Copy and Paste

Storm-1977 targets education sector with password spraying, Microsoft warns

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

When Low-Tech Hacks Cause High-Impact Breaches

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Deloitte denied its systems were hacked by Brain Cipher ransomware group

Attackers could hack smart solar systems and cause serious damages

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Feds Link $150M Cyberheist to 2022 LastPass Hacks

A Day in the Life of a Prolific Voice Phishing Crew

Inside the DemandScience by Pure Incubation Data Breach

ClickFix: How to Infect Your PC in Three Easy Steps

U.S. Hacks QakBot, Quietly Removes Botnet Infections

LastPass Security Breach

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Life Cycle of a Breached Database

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

Internet Archive data breach impacted 31M users

Attackers exploited SonicWall SMA appliances since January 2025

Stay Connected