Information Management Today

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

Only a dozen or so of my accounts get authenticated via self-hosted services. When I try to log into one of these self-hosted accounts, such as an address book web app, I am redirected, via OIDC, to the self-hosted identity manager and prompted to login. the address book web app). Scale to come.

Authentication

Authentication Blockchain Passwords Access

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

. “When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins.”

Authentication

Authentication Passwords Libraries Access

Crime Shop Sells Hacked Logins to Other Crime Shops

Krebs on Security

JANUARY 21, 2022

Criminals ripping off other crooks is a constant theme in the cybercrime underworld; Accountz Club’s slogan — “the best autoshop for your favorite shops’ accounts” — just normalizes this activity by making logins stolen from users of various cybercrime shops for sale at a fraction of their account balances.

Authentication

Authentication Passwords Sales Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Roku disclosed a new security breach impacting 576,000 accounts

Security Affairs

APRIL 12, 2024

In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work. Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials.”

Passwords

Passwords Security Authentication Data breaches

Turn on MFA Before Crooks Do It For You

Krebs on Security

JUNE 19, 2020

When they went to turn on multi-factor authentication for his son’s Xbox profile — which was tied to a non-Microsoft email address — the Xbox service said it would send a notification of the change to unauthorized Gmail account in his profile.

IT

IT Authentication Passwords Access

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing

Phishing Passwords Authentication IT

Recycle Your Phone, Sure, But Maybe Not Your Number

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Such services are already offered by companies like NumberBarn and Park My Phone , and they generally cost between $2-5 per month.

Authentication

Authentication Passwords Financial Services Risk

Disneyland Malware Team: It’s a Puny World After All

Krebs on Security

NOVEMBER 16, 2022

The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. Here’s another domain registered this year by the Disneyland Team: [link] which spoofs the login page of financial advisor Charles Schwab with the landing page of cli?nt?chwab[.]com.

Phishing

Phishing Authentication Financial Services Access

MCCrash botnet targets private Minecraft servers, Microsoft warns

Security Affairs

DECEMBER 16, 2022

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers.

IoT

IoT Mining IT Risk

How did the Okta Support breach impact 1Password?

Security Affairs

OCTOBER 24, 2023

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The activity is linked to the recent attack on the Okta support case management system. The attackers gained access to files uploaded by certain Okta customers as part of some recent support cases.

Archiving

Archiving Access Authentication Data breaches

Okta reveals additional attackers’ activities in October 2023 Breach

Security Affairs

NOVEMBER 29, 2023

In October, the Cloud identity and access management solutions provider said that threat actors broke into its support case management system and stole authentication data, including cookies and session tokens, that can be abused in future attacks to impersonate valid users. reads the post published by the company.

Authentication

Authentication Cloud Access Archiving

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Security Affairs

FEBRUARY 19, 2024

The researchers pointed out that some of the droppers successfully exploited the accessibility service and bypassed Google Play’s enhanced detection and protection mechanisms. “All droppers in this campaign have demonstrated the capability to bypass the restricted settings for accessibility service in Android 13.”

Access

Access Authentication Cybersecurity IT

New Vultur malware version includes enhanced remote control and evasion capabilities

Security Affairs

APRIL 1, 2024

In July 2021, ThreatFabric researchers discovered the Android version of Vultur, which uses screen recording and keylogging to capture login credentials. The banking Trojan leverages Accessibility Services to determine what application is in the foreground. Experts believe that the malware has already infected thousands of devices.

Access

Access Encryption Communications Cloud

Canadian government impacted by data breaches of two of its contractors

Security Affairs

NOVEMBER 20, 2023

The Canadian government declared that two of its contractors,Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees.

Data breaches

Data breaches Government IT Ransomware

Dubai’s largest taxi app exposes 220K+ users

Security Affairs

DECEMBER 12, 2023

The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. The exposed DTC app user data include email address, phone number, phone model, and the apps’ tokens for email, login, session, and signup.

Encryption

Encryption Passwords Marketing Risk

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

KmsdBot is an evasive Golang-based malware that was first detected by Akamai in November 2022, it infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. ” reads the report published by Akamai.

IoT

IoT Mining Manufacturing Education

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

2023-11-29 (Wednesday): Email –> #JinxLoader –> #Formbook / #XLoader – IOCs available at [link] – Of note, #JinxLoader is a relatively new malware service first posted to hackforums[.]net Once the archive is opened, the infection chain starts leading to the deployment of the JinxLoader payload.

Archiving

Archiving Passwords Phishing IT

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. ” reads the post published by Akamai.

Mining

Mining Manufacturing Authentication Security

Credential stuffing attack targeted 300K+ Spotify users

Security Affairs

NOVEMBER 24, 2020

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Threat actors behind the campaign are using a database containing over 380 million records, including login credentials and other data for Spotify accounts, likely amassed from various sources.

Passwords

Passwords Phishing Data breaches Authentication

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

APRIL 4, 2023

Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. ” The Genesis Store had more than 450,000 bots for sale as of Mar.

Marketing

Marketing Passwords Authentication Access

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing

Phishing Passwords Access Cloud

Top Single Sign-On (SSO) Solutions for 2022

eSecurity Planet

FEBRUARY 8, 2022

Single sign-on (SSO) is one of several authentication technologies aimed at streamlining and keeping login information and processes secure. SSO makes it feasible for one login to be enough for a group of related sites and applications. Thus, if the SSO login is compromised, MFA operates as an extra layer of security.

Authentication

Authentication Passwords Cloud Access

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

The Agenda ransomware can reboot systems in safe mode, attempts to stop many server-specific processes and services, and could run in multiple modes. ” The analysis published by Trend Micro details the commands supported by the ransomware, the malicious code is able to. Trend Micro concludes. Pierluigi Paganini.

Ransomware

Ransomware Encryption Passwords Education

New Go-written GobRAT RAT targets Linux Routers in Japan

Security Affairs

MAY 29, 2023

Loader Script acts as a loader, it supports multiple functions for downloading and deploying the GobRAT. The Loader Script maintains persistence via crontab because GobRAT does not support such a function. .” reads the alert published by the JPCERT Coordination Center (JPCERT/CC). ssh/authorized_keys.

Communications

Communications Access IT Security

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Authentication

Authentication Passwords Data collection Communications

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

CISA: hackers breached a state government organization Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs US Gov dismantled the Moobot botnet controlled by Russia-linked APT28 A cyberattack halted operations at Varta production plants North Korea-linked actors breached the emails of a Presidential Office member Nation-state (..)

Security

Security Ransomware Data breaches Libraries

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

It’s such a big industry that Ransomware-as-a-Service ( RaaS ) actually offers criminals customer service and tech support. This means it’s now a commoditized industry leveraging backend services and capabilities all built for scale. Ransomware is likely going to be here for years to come. Best practices.

Access

Access Ransomware Risk Cloud

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

MAY 12, 2022

. “The EPIC System Portal (ESP) enables vetted users to remotely and securely share intelligence, access the National Seizure System, conduct data analytics, and obtain information in support of criminal investigations or law enforcement operations,” the 2016 White House document reads. There are 3,330 results.

Authentication

Authentication Passwords Government Access

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Security Affairs

NOVEMBER 8, 2022

CVE-2022-27516 – The vulnerability is a user login brute force protection functionality bypass. The flaw can be exploited only if the appliance is configured as a VPN (Gateway) or AAA virtual server with “Max Login Attempts” configuration. . “Customers using Citrix-managed cloud services do not need to take any action.”

Authentication

Authentication Phishing Cloud Security

Work from Home: 7 Best Security Practices for Remote Teams

AIIM

APRIL 16, 2020

This doesn’t mean asking for your employee’s personal information; the audit is designed to ask for access to the company’s services for security purposes. 4) Consider Using Cloud Services. Also, when you allow the use of cloud storage services in your organization, have your information security team review them for safety.

Security

Security Passwords Cloud Risk

Teach a Man to Phish and He’s Set for Life

Krebs on Security

AUGUST 4, 2023

RLO is a special character within unicode — an encoding system that allows computers to exchange information regardless of the language used — that supports languages written from right to left, such as Arabic and Hebrew.

Phishing

Phishing Computer and Electronics Marketing IT

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

APRIL 11, 2019

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft.

Security

Security Authentication Passwords Phishing

BMW dealer at risk of takeover by cybercriminals

Security Affairs

DECEMBER 19, 2023

The file contained credentials for various business accounts throughout India, including 19 other dealerships, logins to the platform to send marketing-related SMS, tokens, and API keys that give access to internal systems and their own WhatsApp account. env) accessible to the public.

Risk

Risk Data breaches Sales Communications

Law enforcement shutdown a long-standing DDoS-for-hire service

Security Affairs

JUNE 17, 2023

Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. Viewer discretion is advised.

Computer and Electronics

Computer and Electronics Ransomware Security Information Security

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

The Last Watchdog

JANUARY 27, 2022

Related: Stolen data used to target mobile services. Many attribute this steady growth to the increase in work-from-home models and adoption of cloud services since the beginning of the COVID-19 pandemic. Fast-paced deals and lack of support from the acquired organization can also exacerbate these risks. Hybrid Integration.

Privacy

Privacy Security Risk Marketing

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Security Affairs

SEPTEMBER 5, 2020

The experts observed the new technique in an attack aimed at an unnamed company, the messages were posing as the technical support team of the employee’s company. The emails claimed that the company’s email-security service had quarantined three valid email messages and asked the victims to review them by accessing their inbox.

Phishing

Phishing Communications Access IT

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

Security Affairs

SEPTEMBER 5, 2022

Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. Original post: [link].

Phishing

Phishing Authentication Data collection Sales

New England Biolabs leak sensitive data

Security Affairs

OCTOBER 24, 2023

They included a lot of sensitive information, such as database credentials, login information for the SMTP server, enterprise payment processing information, and others. The company, founded in 1974, also provides products and services supporting genome editing, synthetic biology, and next-generation sequencing.

Data breaches

Data breaches Phishing Access Encryption

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

In contrast, a Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F) , which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. Most major password managers also now support U2F, including Dashlane , Keepass and LastPass.

Phishing

Phishing Security Authentication Passwords

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

The threat was gaining access over the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit. Lemon_Duck miner uses a port scanning module that searches for Internet-connected Linux systems listening on the 22 TCP port used for SSH Remote Login, then launches SSH brute force attacks. ” Pierluigi Paganini.

Mining

Mining Authentication Passwords Access

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

biz , a long-running crypting service that is trusted by some of the biggest names in cybercrime. Thanks to the high demand for reliable crypting services, there are countless cybercriminals who’ve hung out their shingles as crypting service providers. This story explores the history and identity behind Cryptor[.]biz

e-Delivery

e-Delivery Passwords Cybersecurity Sales

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. The messages began at 2022-07-20 22:50 UTC. Some messages were also sent to the employees family members.”

Phishing

Phishing Authentication Passwords Access

Ivanti Policy Secure: NAC Product Review

eSecurity Planet

APRIL 14, 2023

Unified under the Ivanti brand, the component technologies provide solutions for unified endpoint management, service management, asset management, supply chain operations, patching solutions, and zero trust solutions. Similarly, appliance size determines the expected login rate and max tunnel throughput.

Security

Security IoT Access Authentication

TeaBot Android banking Trojan targets banks in Europe

Security Affairs

MAY 12, 2021

TeaBot supports the main features of Android banking Trojan and like other similar malware families it abuses Accessibility Services. “Once TeaBot is successfully installed in the victim’s device, attackers can obtain a live streaming of the device screen (on demand) and also interact with it via Accessibility Services.”

Access

Access Authentication Cybersecurity IT

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Experts released PoC exploit for critical Progress Software OpenEdge bug

Webinars

Trending Sources

Crime Shop Sells Hacked Logins to Other Crime Shops

Webinars

Roku disclosed a new security breach impacting 576,000 accounts

Turn on MFA Before Crooks Do It For You

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Recycle Your Phone, Sure, But Maybe Not Your Number

Disneyland Malware Team: It’s a Puny World After All

MCCrash botnet targets private Minecraft servers, Microsoft warns

How did the Okta Support breach impact 1Password?

Okta reveals additional attackers’ activities in October 2023 Breach

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

New Vultur malware version includes enhanced remote control and evasion capabilities

Canadian government impacted by data breaches of two of its contractors

Dubai’s largest taxi app exposes 220K+ users

Updated Kmsdx botnet targets IoT devices

Experts warn of JinxLoader loader used to spread Formbook and XLoader

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Credential stuffing attack targeted 300K+ Spotify users

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

ConnectWise Quietly Patches Flaw That Helps Phishers

Top Single Sign-On (SSO) Solutions for 2022

New Agenda Ransomware appears in the threat landscape

New Go-written GobRAT RAT targets Linux Routers in Japan

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

DEA Investigating Breach of Law Enforcement Data Portal

Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw

Work from Home: 7 Best Security Practices for Remote Teams

Teach a Man to Phish and He’s Set for Life

Android 7.0+ Phones Can Now Double as Google Security Keys

BMW dealer at risk of takeover by cybercriminals

Law enforcement shutdown a long-standing DDoS-for-hire service

GUEST ESSAY: Addressing data leaks and other privacy, security exposures attendant to M&As

Hackers use overlay screens on legitimate sites to steal Outlook credentials

EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web

New England Biolabs leak sensitive data

Google: Security Keys Neutralized Employee Phishing

Lemon_Duck cryptomining malware evolves to target Linux devices

Why Malware Crypting Services Deserve More Scrutiny

How 1-Time Passcodes Became a Corporate Liability

Ivanti Policy Secure: NAC Product Review

TeaBot Android banking Trojan targets banks in Europe

Stay Connected