When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
Update 4/13/20: Made it clearer that credential stuffing attacks are not unique to Zoom. and added AmIBreached service from Cyble.
Any site is susceptible to credential stuffing if they don't have 2FA/MFA enabled and we continue to have an uneducated populace who insists on using the same username/password on every site
@thoiboi or anyone else? Just asking but do you guys go as far as using different passwords for even internet forums? Just curious what most people do. I do for everything remotely even critical but if someone really wants to post as me so bad on a car site or other internet forums then have at it. I know I could start adding those sites to my password manager but just haven't bothered.
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
... Security researcher Vinoth Kumar told Reuters that he contacted the company in 2019, alerting it that anyone could access its update server by guessing the password “solarwinds123.” Reuters also reports that hackers claiming they could sell access to SolarWinds’ computers since 2017. It is not clear from the wording of the story whether the offer was for a method of infiltrating SolarWinds itself, or if the black hat was offering to sell access to computers that used SolarWinds software.
“Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress – noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.”
I want to be clear that this specific password is not thought to be the means by which Cozy Bear accessed SolarWinds network management tool, dubbed Orion, but it speaks to a terrible security culture at the company, given the data security needs of its customers. Because Orion is often used to manage routers and switches inside large corporate networks, penetrating the software gave black hats a marvelous window into the external and internal network traffic of nearly 20,000 companies, federal agencies, and other types of organizations.
...
Wait until we find out that Dominion was indeed hacked, but the hackers thought that 10,000,000 extra votes for Don would be way more than enough. It makes sense that Don was pissed at Dominion and Putin didn't congratulate Biden until the Electoral College did its thing.
Intel drops 9% after a reported hack forced the chipmaker to release its 4th-quarter earnings early
Shares in Intel fell as much as 9% on Friday, after the company said its corporate website was hacked, pushing the chipmaker to release its fourth-quarter earnings earlier than planned.
George Davis, Intel's chief financial offer, told the Financial Times a hacker gained unauthorized access to sensitive data tied to its earnings report that was set to be published after the market close on Thursday. But upon finding out about the attack, the chipmaker released its results six minutes before the market close. "An infographic was hacked off of our PR newsroom site," Davis told the newspaper. "We put our earnings out as soon as we were aware." Without providing further details, he said the breach was caused by an unlawful action that didn't involve any unintentional disclosure by Intel.An Intel spokesperson told Insider the company is investigating reports that non-authorized access may have been obtained to one graphic from its earnings report.Intel's fourth-quarter results exceeded investor expectations and beat the company's own forecast on the back of strong PC sales. The chipmaker saw quarterly revenue fall 1% year-on-year to $20 billion, but still beat the $17.49 billion estimate of analysts polled by Refinitiv. Net income for the quarter came in at $1.52 per share, compared to $1.10 expected. Intel's shares closed up almost 7% at $62.46 on Thursday, but erased gains after the reported hacker's access to information.
Well this fucking sucks. LastPass got hacked badly. They got hacked months ago and just finally the Thursday before Christmas announced that hackers had got into their 3rd party backup server and stole ALL the data. Not just customer names and email addresses, fucking everything. Everyone's LastPass vaults are now in the hands of hackers so if your master password wasn't secure you're fucked.
They now have until the end of time to crack the master password and once they do they have access to all of your accounts. Yout now have to reset the password for every website you had saved in LastPass.
Most security experts are saying to switch to another Password Manager. I'm switching to 1Password. Bit Warden is supposedly another good option. 1Password is better than LastPass because they encrypt everything, LastPass didn't encrypt the website URLs so hackers can see what sites they'll gain access to before cracking your master password, 1Pass also uses a master password along with a secret key that they don't know or store anywhere so if they were to get hacked as bad as LastPass they still wouldn't be able to signin without the secret key.
It was easy to move your passwords over to 1Password
Pisses me off. Just within the last few years I stopped relying on my browser's password store and started using Last Pass. I should have dumped them when they started charging to use it on laptop and mobile. On the bright side I do have a complex master password.
T-Mobile announces another data breach, impacting 37 million accounts
https://www.theverge.com/2023/1/20/23563825/tmobile-data-breach-api-customer-accounts-hacker-security The attacker obtained customer names, billing addresses, emails, phone numbers, and birth dates through an internal API.
1Password has a builtin 2FA capability, if you set it up as the authenticator app then it will autofill the 6 digit code, no need to open a 2nd app. This is huge.
"This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault."
1Password has a builtin 2FA capability, if you set it up as the authenticator app then it will autofill the 6 digit code, no need to open a 2nd app. This is huge.
It works in iOS too, sort of, it automatically puts the code into your iOS clipboard but you still have to manually paste it in
“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”
“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”
I'd like the 4 hours of my life back I used to change the passwords of the sites that I cared about. I think it was the first time that I changed my AZ password in 22 years.
01-27-2020, 06:06 PM
US scrambling to understand fallout of suspected Russia hack
1Password has a builtin 2FA capability, if you set it up as the authenticator app then it will autofill the 6 digit code, no need to open a 2nd app. This is huge.
and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault."
