Media and Passwords - Cyber Security Informer

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. ” concludes Microsoft.

Passwords

Passwords Wireless VPN Accountability

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” “ Sanixer “) from the Ivano-Frankivsk region of the country.

Passwords

Passwords Accountability Hacking Password Management

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

APRIL 2, 2020

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Passwords

Passwords Media Technology Accountability

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords

Passwords Phishing Accountability Mobile

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

He's not a techie (he runs a pizza restaurant), but somehow, we ended up talking about passwords. Change the password to one 1Password automatically generates c. Obviously, he still has a heap of accounts to set decent passwords on, but now he knows the pattern and he can repeat that over and over again.

Passwords

Passwords Password Management Banking Accountability

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Mobile Authentication Banking

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

MAY 10, 2021

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work. This ad, from workplaceunited[.]com, Click to enlarge.

Passwords

Passwords Mobile Accountability Marketing

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

Tip 2: Implementing Strong Password Policies Weak passwords can be easily compromised, giving attackers access to sensitive systems and data. LastPass reports that 80% of all hacking-related breaches leveraged either stolen and/or weak passwords. 1 – Storing 1 copy offsite (e.g.,

Small Business

Small Business Data breaches Backups Passwords

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. ” WHOLESALE PASSWORD THEFT. “If you want proof we have hacked T-Systems as well.

Passwords

Passwords Ransomware Password Management Malware

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

The bot allowed the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website. The feds then obtained records from Virgin Media, which showed the address was leased for several months to Tyler Buchanan , a 22-year-old from Dundee, Scotland.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

NOVEMBER 17, 2022

On top of that, it seems that the system has a new vulnerability : A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication. This is not a good sign.

Authentication

Authentication Passwords Accountability Media

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Security Affairs

OCTOBER 4, 2024

update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. The vulnerability CVE-2024-44204 is a logic issue that could potentially enable VoiceOver to read aloud users’ saved passwords. Apple released iOS 18.0.1 Apple released iOS 18.0.1 and iPadOS 18.0.1

Passwords

Passwords Media Hacking Mobile

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The requests are bogus and simply a method for harvesting passwords.

Phishing

Phishing Passwords Mobile Authentication

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

Where a traditional threat intelligence or investigations tool may provide a small number of records directly correlated to the search input, IDLink expands the pool of results to include identity data correlated across shared usernames, emails, passwords, and PII – with flexible options around pivoting depth, confidence levels, and visualization.

Risk

Risk Cybercrime Identity Theft Phishing

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

The Last Watchdog

AUGUST 15, 2023

Social media giants have long held too much power over our digital identities. By making people feel like mere products- this exploitative digital environment further encourages a bubble of distrust amongst social media users. The fine was the largest ever imposed on a social media company for privacy violations.

Media

Media Accountability Social Engineering Hacking

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

404 Media recently reported that law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock. 404 Media obtained the document from a mobile forensics source and verified it with another source. reported 404 Media. ” reported 404 Media.

Media

Media Wireless Mobile Encryption

Prevent Account Takeover with Better Password Security

The Hacker News

JUNE 6, 2024

He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web.

Passwords

Passwords Accountability Media

“Can you try a game I made?” Fake game sites lead to information stealers

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. Verifying invitations from friends through a different channel, such as texting them directly or contacting them on another social media platform. These sites on blogspot have a different, but also standard, design.

Scams

Scams Identity Theft Media Accountability

Snapchat Password Cracking Tools: A Guide to Staying Safe

Hacker's King

DECEMBER 25, 2024

Snapchat is a widely popular social media platform that connects millions of users daily. Tools designed for password cracking often exploit weak security practices, but understanding these methods is vital for safeguarding your account. Weak or simple passwords are particularly vulnerable.

Passwords

Passwords Social Engineering Accountability Scams

Hacked Ring Cams Used to Record Swatting Victims

Krebs on Security

DECEMBER 19, 2022

Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived. Whereas, when cybercriminals reuse passwords, it often costs them their freedom. “Aspertaine,” of Charlotte, N.C.,

Hacking

Hacking Passwords Media Accountability

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

Facebook and Instagram passwords were stored in plaintext, Meta fined

Malwarebytes

OCTOBER 1, 2024

Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.

Passwords

Passwords Data breaches Media Phishing

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media.

Media

Media Mobile Passwords Hacking

How to enhance the security of your social media accounts

Pen Test Partners

AUGUST 29, 2024

TL;DR Strong passwords : Use a password manager. This makes it harder for unauthorised users to gain access even if they have your password. Secure networks : Avoid using untrusted public Wi-Fi to access social media accounts, instead, use mobile data. These systems store your passwords in a single encrypted vault.

Media

Media Accountability Password Management Passwords

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

The Hacker News

SEPTEMBER 29, 2024

million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

Passwords

Passwords Media

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. Almost every year since their founding, The Manipulaters have posted a picture of a FudCo cake from a company party celebrating its anniversary.

Phishing

Phishing Cybercrime Advertising Malware

Booking.com Phishers May Leave You With Reservations

Krebs on Security

NOVEMBER 1, 2024

Booking.com said it now requires 2FA , which forces partners to provide a one-time passcode from a mobile authentication app (Pulse) in addition to a username and password. A scan of social media networks showed this is not an uncommon scam. .” The phony booking.com website generated by visiting the link in the text message.

Phishing

Phishing Accountability Artificial Intelligence Cybercrime

RockYou2024 compilation containing 10 billion passwords was leaked online

Security Affairs

JULY 8, 2024

Threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. The Cybernews researchers reported that threat actors leaked the largest password compilation ever, known as RockYou2024, on a popular hacking forum. billion passwords from various internet data leaks. RockYou2021 had 8.4

Passwords

Passwords Data breaches Hacking Accountability

Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format

Security Affairs

SEPTEMBER 28, 2024

The Irish Data Protection Commission (DPC) fined Meta €91 million for storing the passwords of hundreds of millions of users in plaintext. In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them. ” reported Meta. ” reported Meta.

Passwords

Passwords Media Encryption Internet

Breached Mashable User Database Leaked Online

Adam Levin

NOVEMBER 10, 2020

The company specified that no user passwords or financial information had been compromised. Mashable users are encouraged to be on the alert for suspicious emails and to avoid sharing potentially sensitive information online, including passwords or financial information. .

Passwords

Passwords Media Technology

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

DECEMBER 2, 2020

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment.

Accountability

Accountability Hacking Scams Media

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

FEBRUARY 4, 2021

At the center of the account ban wave are some of the most active members of OGUsers , a forum that caters to thousands of people selling access to hijacked social media and other online accounts. “ Amp ,” a major middleman and account seller on OGUusers.

Accountability

Accountability Hacking Media Mobile

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). prosecutors and federal law enforcement agencies. CRACKDOWN ON HARM GROUPS?

Cybercrime

Cybercrime Mobile Media Hacking

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. Our brains just won’t do it.”.

Authentication

Authentication Passwords Banking Digital transformation

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Our free Digital Footprint scan searches the dark web, social media, and other online sources, to tell you where your data has been exposed. Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Phishing

Phishing Malware Passwords Password Management

Pokemon Company resets some users’ passwords

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords

Passwords Accountability Authentication Hacking

Two Charged in SIM Swapping, Vishing Scams

Krebs on Security

NOVEMBER 3, 2020

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Prosecutors say Jordan K.

Scams

Scams Wireless Identity Theft Mobile

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Automatic Logins Using Lastpass.

Risk

Risk Passwords Password Management Accountability

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Schneier on Security

JUNE 23, 2021

Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device — including passwords, search queries and messages sent via encrypted messaging apps — can be tracked and monitored.

Manufacturing

Manufacturing Spyware Surveillance Marketing

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.

Hacking

Hacking Cybercrime Phishing Passwords

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

The Hacker News

JULY 12, 2024

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done.

Passwords

Passwords Banking Media Accountability

Chinese threat actors use Quad7 botnet in password-spray attacks

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Trending Sources

‘War Dialing’ Tool Exposes Zoom’s Password Problems

How Coinbase Phishers Steal One-Time Passwords

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

The Rise of One-Time Password Interception Bots

Fintech Startup Offers $500 for Payroll Passwords

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Hidden Cost of Ransomware: Wholesale Password Theft

Feds Charge Five Men in ‘Scattered Spider’ Roundup

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Failures in Twitter’s Two-Factor Authentication System

Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs

Phishing evolves beyond email to become latest Android app threat

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Prevent Account Takeover with Better Password Security

“Can you try a game I made?” Fake game sites lead to information stealers

Snapchat Password Cracking Tools: A Guide to Staying Safe

Hacked Ring Cams Used to Record Swatting Victims

International law enforcement operation dismantled RedLine and Meta infostealers

Facebook and Instagram passwords were stored in plaintext, Meta fined

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

How to enhance the security of your social media accounts

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Booking.com Phishers May Leave You With Reservations

RockYou2024 compilation containing 10 billion passwords was leaked online

Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format

Breached Mashable User Database Leaked Online

Account Hijacking Site OGUsers Hacked, Again

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Canadian Man Arrested in Snowflake Data Extortions

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Pokemon Company resets some users’ passwords

Two Charged in SIM Swapping, Vishing Scams

10 Behaviors That Will Reduce Your Risk Online

Mollitiam Industries is the Newest Cyberweapons Arms Manufacturer

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Stay Connected