Security News

Week in review: 15 million Trello users’ scraped data on sale, attackers can steal NTLM hashes
2024-01-28 09:00

Beyond blockchain: Strategies for seamless digital asset integrationIn this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Attackers can steal NTLM password hashes via calendar invitesA recently patched vulnerability in Microsoft Outlook that can be used by attackers to steal users' NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has shared on Friday.

Trello API abused to link email addresses to 15 million accounts
2024-01-23 21:31

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. In a conversation with emo, BleepingComputer learned that a publicly exposed API was used to associate email addresses with public Trello profiles.

Data of 15 million Trello users scraped and offered for sale
2024-01-23 11:15

Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum.According to the service, the data was scraped from Trello in January 2024, and "Was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses."