Tag

Credentials

All articles tagged with #credentials

security6 days ago•9 min saved

Public GitHub repo exposed CISA secrets, enabling high-privilege access

Security researchers revealed that a public GitHub repo named Private-CISA exposed plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025, potentially enabling high-privilege access to AWS GovCloud; the repo is now offline and reportedly managed by Nightwing, a CISA contractor, which has not publicly commented, following earlier CISA missteps including a director uploading sensitive docs to ChatGPT.

via Ars Technica|

#aws-govcloud #cisa #credentials

technology28 days ago•4 min saved

Open-source supply-chain attack steals credentials via poisoned package

Attackers exploited a GitHub Actions workflow to gain access to signing keys and credentials, publishing a malicious element-data 0.23.3 package that scanned environments for sensitive data; the package was removed within ~12 hours, credentials rotated, and users are urged to upgrade to 0.23.4, purge caches, and rotate any exposed secrets.

via Ars Technica|

#credentials #github-actions #malware

cybersecurity3 months ago•2 min saved

Misconfigured Moltbot dashboards leak credentials and invite takeovers

Misconfigured Moltbot (formerly Clawdbot) control panels exposed hundreds of internet-facing dashboards, leaking API keys, private chats and other credentials. With autonomous agent capabilities, attackers could impersonate operators, inject messages, and even run commands with elevated privileges. The root cause was localhost-trust and reverse-proxy defaults; the project has rebranded Clawdbot to Moltbot (Molty) while keeping the same core functionality.

via Bitdefender|

#ai #credentials #cybersecurity

technology4 months ago•4 min saved

Untold Credential Hoard Exposed: 149 Million Logins Leaked Across Major Platforms

A security researcher found an unsecured database containing about 149 million usernames and passwords from services including Gmail, Facebook, Yahoo, Netflix, and more. The data, accessed without authentication and likely compiled by infostealing malware, was hosted on a Canadian provider and expanded over a month before being removed after notification. The breach enables potential account takeovers and identity theft across email, social media, streaming, banking, and government services. Experts advise using unique passwords with a password manager, enabling multi-factor authentication, and monitoring accounts for suspicious activity.

via | Cord Cutters News|

#credentials #cybersecurity #data-breach

technology7 months ago•3 min saved

Google and Gmail Users Warned of 183 Million Password Data Breach

Google has denied reports of a massive Gmail data breach, clarifying that the compromised accounts were part of a collection of credentials stolen over years through malware, phishing, and other attacks, not a new breach. The false claims originated from misinterpretations of stolen credential databases, causing unnecessary alarm. Google emphasizes the importance of changing passwords if credentials are exposed, but reassures users that their Gmail security remains strong.

via BleepingComputer|

#credentials #cybersecurity #data-breach

technology11 months ago•6 min saved

Urgent: Protect Your Accounts from the 16 Billion Password Breach

The reported 16 billion credential breach is likely exaggerated and based on recycled, outdated data rather than a single, recent event, highlighting the dangers of misinformation in cybersecurity and the importance of focusing on proven threats like infostealer malware and online hygiene.

via CyberScoop|

#credentials #cybersecurity #data-breach

cybersecurity11 months ago•3 min saved

Massive 16 Billion Passwords Leaked in Record Data Breach

A massive data breach dubbed the 'Mother of All Data Breaches' allegedly exposed 16 billion user credentials from various platforms, but experts suggest it may be a compilation of old breaches rather than a new one. The breach highlights the ongoing risks of credential theft and the use of malware like infostealers, emphasizing the importance of updating passwords and enhancing online security.

via Gizmodo|

#credentials #cybercrime #cybersecurity

technology11 months ago•1 min saved

Webinar Highlights: Stolen Credentials as the New Network Entry Point

A webinar on July 9th will explore how cybercriminals are increasingly breaching networks using stolen credentials instead of vulnerabilities, covering attack methods, detection, and prevention strategies, with insights from industry experts.

via BleepingComputer|

#credentials #cybersecurity #identitytheft

cybersecurity2 years ago•3 min saved

Android Password Managers Expose User Data in Major Security Breach

Security researchers have discovered a major vulnerability, called AutoSpill, that affects the Android autofill function in popular password managers. The vulnerability allows hackers to bypass security mechanisms and expose credentials to the host app. Password managers such as 1Password, LastPass, Enpass, Keeper, and Keepass2Android are vulnerable to the exploit, along with DashLane and Google Smart Lock when a JavaScript injection method is enabled. While there is no evidence of exploitation in the wild, the researchers warn that the implications of AutoSpill are highly dangerous. The affected password managers and the Android security team have been informed, and fixes are being developed.

via Forbes|

#android #autospill-vulnerability #credentials

technology2 years ago•2 min saved

Beware: Password Managers May Expose Your Credentials

Researchers have discovered a vulnerability in the WebView autofill mechanism used by many Android apps, which can potentially expose credentials from mobile password managers. The flaw, known as "AutoSpill," allows malicious apps to grab the credentials of unsuspecting Android users and access sensitive information. Popular mobile password managers such as LastPass, 1Password, Enpass, and Keeper were found to be vulnerable to credential leakage. While Google is working on a fix, most companies deferred the problem to Google, except for 1Password, which promised to find its own fix. The researchers suggest that the best solution would be to move away from passwords and adopt passwordless authentication.

via TechSpot|

#android #credentials #password-managers

technology2 years ago•2 min saved

Microsoft's November 2023 Patch Tuesday addresses critical bugs and leaked credentials

Microsoft has patched a critical security vulnerability in Azure CLI that could have allowed attackers to steal credentials from GitHub Actions or Azure DevOps logs. The vulnerability, reported by a security researcher, could enable unauthenticated attackers to remotely access plain text contents written by Azure CLI to CI/CD logs. Microsoft advises customers to update to the latest Azure CLI version (2.54) and take steps to prevent accidental exposure of secrets in logs. The company has also implemented new security measures to restrict the presentation of secrets in output and broaden credential redaction capabilities.

via BleepingComputer|

#azure-cli #credentials #github-actions

politics2 years ago•1 min saved

Pence and Ramaswamy Clash in Fiery Debate: Unraveling the Arguments

Former Vice President Mike Pence and biotech entrepreneur Vivek Ramaswamy clashed during the first GOP presidential debate, with Pence dismissing Ramaswamy as a "rookie" leader and emphasizing the need for an experienced president to handle various crises. Ramaswamy advocated for unlocking American energy, including drilling, fracking, burning coal, and embracing nuclear power, as a means to boost employment. Other candidates, such as Chris Christie, also criticized Ramaswamy's lack of experience.

via The Hill|

#credentials #energy-policy #gop-presidential-debate

cybersecurity3 years ago•2 min saved

The Risks of Buying Used Routers for Corporate Security

Researchers from ESET found that more than half of the secondhand enterprise routers they bought for testing had been left completely intact by their previous owners, and the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to. All nine of the unprotected devices contained credentials for the organization's VPN, credentials for another secure network communication service, or hashed root administrator passwords.

via Ars Technica|

#credentials #cybersecurity #data-privacy

cybersecurity3 years ago•2 min saved

The Risks of Buying Used Routers for Corporate and Personal Data Security

via Ars Technica|

#credentials #cybersecurity #data-privacy

cryptocurrency3 years ago•2 min saved

Ethereum's $798M in Staked and Waiting Funds, Binance Withdrawals Delayed

According to Nansen analytics, 18.5% of Ethereum network validators holding 284,286 Ethereum, worth $596 million, have not updated their withdrawal credentials following the Shapella upgrade. Validators without updated credentials will have to wait for the network to run through and update them, which could take up to 100 hours. Over 31,166 validators have signaled for a "full exit," with 1,118,291 Ethereum, but half of that demand comes from Kraken, which recently shuttered its staking service in the US. Liquid staking platforms like Lido Finance and Rocketpool have signaled that upgrading credentials for stakers won't be an issue.

via Decrypt|

#credentials #cryptocurrency #ethereum