Top

Tag: Credentials


Threats & Malware, Virus & Malware

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

March 30, 2023

Via: The Hacker News

A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. “The spread of AlienFox represents an unreported trend towards attacking […]


Data loss, Threats & Malware

Companies Impacted by Recent Mailchimp Breach Start Notifying Customers

January 23, 2023

Via: Security Week

Marketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]


Mobile, Mobile security

ForgeRock Authenticator App reduces the number of steps users must take to authenticate

April 22, 2022

Via: Help Net Security

ForgeRock released its next-generation Authenticator App. The redesigned app offers a quicker and simpler login process and provides improved navigation, in addition to new biometric lock options to suit a user’s security needs without diminishing their experience. The app integrates […]


Threats & Malware, Vulnerabilities

Data leaks and shadow assets greatly exposing organizations to cyberattacks

February 25, 2022

Via: Help Net Security

CybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase […]


Cyber-crime, Email security, Phishing, Security

Increase in credential phishing and brute force attacks causing financial and reputational damage

August 31, 2021

Via: Help Net Security

Abnormal Security released a report which examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organizations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail […]


Application security, Cyber-crime, Malware, Security, Vulnerabilities

Player vs. Hacker: Cyberthreats to Gaming Companies and Gamers

March 16, 2020

Via: Security Intelligence

The video gaming landscape has changed drastically over the past few decades. Some of these changes have led to considerable developments in the cyberthreat landscape as it applies to gaming companies, the games themselves and the user base that enjoys […]


Access control, Security

Cybercriminals are testing exposed credentials for future account takeover attacks

November 7, 2019

Via: Help Net Security

Fraud increased 30% overall in Q3 2019 and bot-driven account registration fraud is up 70% as cybercriminals test stolen credentials in advance of the holiday retail season, according to Arkose Labs. After analyzing over 1.3 billion transactions spanning account registrations, […]


Malware, Virus & Malware

Trickbot Malware Goes After Remote Desktop Credentials

February 18, 2019

Via: Threat Post

The banking trojan is consistently evolving in hopes of boosting its efficacy. The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony […]


Cyber-crime, Phishing

Phishing campaign leverages Google Translate as camouflage

February 8, 2019

Via: Security Affairs

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. The security expert Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), discovered that cybercriminals are […]


Phishing

Office 365, Outlook Credentials Most Targeted by Phishing Kits

December 21, 2018

Via: Security Week

Phishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says. After analyzing 2,025 phishing kits during the second half of the year, Cyren’s security researchers were able to […]


Cloud security

Cloud Credentials: New Attack Surface for Old Problem

April 20, 2018

Via: Threat Post

Credential theft and abuse have long been a nagging problem for local network administrators. The threat surface ranges from pretexting scams to insiders who abuse network privileges in order to grant themselves higher permissions than otherwise assigned. Here at RSA […]


Application security, Cloud security

AWS Launches New Tools for Firewalls, Certificates, Credentials

April 5, 2018

Via: Security Week

Amazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials. Private Certificate Authority One of the new services is called Private Certificate […]


Vulnerabilities

Joomla Login Page Flaw Exposes Admin Credentials

September 21, 2017

Via: Security Week

Joomla 3.8 brings more than 300 improvements to the popular content management system (CMS) and patches two vulnerabilities, including one that can be exploited to obtain administrator credentials. Researchers at RIPS Technologies discovered that Joomla versions between 1.5 and 3.7.5 […]


Email security

Spambot Contains ‘Mind-Boggling’ Amount of Email, SMTP Credentials

August 31, 2017

Via: Threat Post

Researchers have managed to penetrate a spam bot and uncover a massive list of 711 million records that includes email addresses, email and password combinations (some in cleartext), and SMTP credentials and configuration files. Troy Hunt who runs the Have […]


Vulnerabilities

IoT Device Hit by Credential Attack Every Two Minutes: Experiment

August 30, 2017

Via: Security Week

Internet of Things (IoT) botnets such as Mirai might not be in the headlines as often as they were several months ago, but the threat posed by insecure IoT devices is as high as before, a recent experiment has revealed. […]


Email security, Phishing

Business Email Compromise Campaign Harvesting Credentials in Numerous Industries

August 24, 2017

Via: Threat Post

A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links […]


Access control

Remote credential rotation for distributed environments

February 16, 2017

Via: Help Net Security

At RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution. Bomgar Vault helps organizations secure, manage, and administer shared and sensitive credentials for privileged users and IT vendors, and improve […]


Hacker

A USB device is all it takes to steal credentials from locked PCs

September 12, 2016

Via: InfoWorld

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn’t good enough, a researcher demonstrated this week. Rob Fuller, principal security engineer at R5 Industries, found out […]


Access control

Stealing login credentials from locked computers in 30 seconds or less

September 9, 2016

Via: Help Net Security

Security researcher Rob Fuller has demonstrated a simple way for stealing login credentials from locked computers running Windows and OS X. For the attack to work, you’ll need to have: Access to the targeted computer A portable, plug-in computer that […]


Identity theft, Phishing

Advanced phishing tactics used to steal PayPal credentials

June 15, 2016

Via: Malwarebytes

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to […]