#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
Get the Free Newsletter
password reuse | Breaking Cybersecurity News | The Hacker News
FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks
Apr 05, 2022
The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time," incident response firm Mandiant said in a Monday analysis. The cybercriminal group, since its emergence in the mid-2010s, has gained notoriety for large-scale malware campaigns targeting the point-of-sale (POS) systems aimed at restaurant, gambling, and hospitality industries with credit card-stealing malware. FIN7's shift in monetization strategy towards ransomware follows an October 2021 report from Recorded Future's Gemini Advisory unit, which found the adversary setting up a fake front company named Bastion Secure to recruit unwitt
Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online
Dec 12, 2017
Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released on Torrent as well) that contains a whopping 1.4 billion usernames and passwords in clear text. The aggregate database, found on 5 December in an underground community forum, has been said to be the largest ever aggregation of various leaks found in the dark web to date, 4iQ founder and chief technology officer Julio Casal noted in a blog post. Though links to download the collection were already circulating online over dark-web sites from last few weeks, it took more exposure when someone posted it on Reddit a few days ago, from where we also downloaded a copy and can now verify its auth
Guide: How to Minimize Third-Party Risk With Vendor Management
Vendor Risk Management
Manage third-party risk while dealing with challenges like limited resources and repetitive manual processes.
How to Handle Retail SaaS Security on Cyber Monday
Nov 27, 2023
SaaS Security / Cyber Monday
If forecasters are right, over the course of today, consumers will spend $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information. SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen. The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve
Vevo Music Video Service Hacked — 3.12TB of Internal Data Leaked
Sep 16, 2017
OurMine is in headlines once again—this time for breaching the popular video streaming service Vevo . After hunting down social media accounts of HBO and defacing WikiLeaks website , the infamous self-proclaimed group of white hat hackers OurMine have hacked Vevo and leaked about 3.12 TB worth of internal files. Vevo is a joint venture between Sony Music Entertainment, Universal Music Group, Abu Dhabi Media, Warner Music Group, and Google's parent company Alphabet Inc. OurMine managed to get hold of Vevo's "sensitive" data including its internal office documents, videos and promotional materials after the hacking collective successfully hacked into the Vevo servers. The group then posted the stolen documents (approximately 3.12 terabytes) from Vevo on its website on late Thursday, though OurMine removed the stolen information from its website on Vevo's request. Although it's not clear what prompted OurMine to hack Vevo, the group noted on its
Sony PlayStation Social Media Accounts Hacked; Claims PSN Database Breach
Aug 21, 2017
After hacking social media accounts of HBO and its widely watched show Game of Thrones , a notorious group of hackers calling itself OurMine took control over the official Twitter and Facebook accounts for Sony's PlayStation Network (PSN) on Sunday. After taking over the accounts, OurMine, Saudi Arabian group of hackers which claims to be a "white hat" security firm, posted its first tweet on Sunday evening, claiming to have breached PlayStation Network and stolen its database. The tweet followed by a series of tweets encouraging the company to contact the hacking group through its website to buy its IT security service in an effort to protect itself from future cyber attacks. "PlayStation Network Databases leaked #OurMine," the first tweet by OurMine on the compromised PlayStation Twitter account read. "No, we aren't going to share it, we are a security group if you work at PlayStation then please go to our website," the followed Twe
Github accounts Hacked in 'Password reuse attack'
Jun 17, 2016
Popular code repository site GitHub is warning that a number of users' accounts have been compromised by unknown hackers reusing email addresses and passwords obtained from other recent data breaches . Yes, GitHub has become the latest target of a password reuse attack after Facebook CEO Mark Zuckerberg and Twitter . According to a blog post published by Shawn Davenport, VP of Security at GitHub, an unknown attacker using a list of email addresses and passwords obtained from the data breach of " other online services " made a significant number of login attempts to GitHub's repository on June 14. After reviewing the logins, administrators at GitHub found that the attacker had gained access to a number of its users' accounts in order to gain illicit access to their accounts' data. Although the initial source of the leaked credentials isn't clear, the recent widespread "megabreaches" of LinkedIn , MySpace , Tumblr , and the dating site Fling,
Befriend Your Mom with Technology
Explain cybersecurity with Moonlock
Discover Our Unparalleled Threat Detection Capabilities
Try Fidelis Elevate for 30 days and discover threats your current provider missed.
Webinar: A New Approach to Mitigating Insider Risks
Learn how you can easily mitigate the modern security risks introduced by your employees.
Advance in the Field of Cybersecurity with Georgetown
Learn cybersecurity strategies from the experts. Attend a sample class on Nov. 30.
Join 120,000+ Professionals
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.