Threats & Malware, Virus & Malware
March 30, 2023
Via: The Hacker NewsA new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. “The spread of AlienFox represents an unreported trend towards attacking […]
January 23, 2023
Via: Security WeekMarketing automation platform Mailchimp revealed recently that its security team discovered unauthorized access to one of its tools on January 11. The tool is used by the company’s customer-facing teams for support and account administration. According to Mailchimp, the hacker […]
April 22, 2022
Via: Help Net SecurityForgeRock released its next-generation Authenticator App. The redesigned app offers a quicker and simpler login process and provides improved navigation, in addition to new biometric lock options to suit a user’s security needs without diminishing their experience. The app integrates […]
Threats & Malware, Vulnerabilities
February 25, 2022
Via: Help Net SecurityCybelAngel published a research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks faced by large organizations across the globe. The report also highlights how the market pressures of 2021 led to an increase […]
Cyber-crime, Email security, Phishing, Security
August 31, 2021
Via: Help Net SecurityAbnormal Security released a report which examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats—both financial and reputational—to organizations worldwide. The report surveyed advanced email attacks across eight major industry sectors, including retail […]
Application security, Cyber-crime, Malware, Security, Vulnerabilities
March 16, 2020
Via: Security IntelligenceThe video gaming landscape has changed drastically over the past few decades. Some of these changes have led to considerable developments in the cyberthreat landscape as it applies to gaming companies, the games themselves and the user base that enjoys […]
November 7, 2019
Via: Help Net SecurityFraud increased 30% overall in Q3 2019 and bot-driven account registration fraud is up 70% as cybercriminals test stolen credentials in advance of the holiday retail season, according to Arkose Labs. After analyzing over 1.3 billion transactions spanning account registrations, […]
February 18, 2019
Via: Threat PostThe banking trojan is consistently evolving in hopes of boosting its efficacy. The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony […]
February 8, 2019
Via: Security AffairsCrooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. The security expert Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), discovered that cybercriminals are […]
December 21, 2018
Via: Security WeekPhishing attacks have become more targeted and sophisticated and also show a focus on enterprises, cloud-based Internet security services provider Cyren says. After analyzing 2,025 phishing kits during the second half of the year, Cyren’s security researchers were able to […]
April 20, 2018
Via: Threat PostCredential theft and abuse have long been a nagging problem for local network administrators. The threat surface ranges from pretexting scams to insiders who abuse network privileges in order to grant themselves higher permissions than otherwise assigned. Here at RSA […]
Application security, Cloud security
April 5, 2018
Via: Security WeekAmazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials. Private Certificate Authority One of the new services is called Private Certificate […]
September 21, 2017
Via: Security WeekJoomla 3.8 brings more than 300 improvements to the popular content management system (CMS) and patches two vulnerabilities, including one that can be exploited to obtain administrator credentials. Researchers at RIPS Technologies discovered that Joomla versions between 1.5 and 3.7.5 […]
August 31, 2017
Via: Threat PostResearchers have managed to penetrate a spam bot and uncover a massive list of 711 million records that includes email addresses, email and password combinations (some in cleartext), and SMTP credentials and configuration files. Troy Hunt who runs the Have […]
August 30, 2017
Via: Security WeekInternet of Things (IoT) botnets such as Mirai might not be in the headlines as often as they were several months ago, but the threat posed by insecure IoT devices is as high as before, a recent experiment has revealed. […]
August 24, 2017
Via: Threat PostA business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links […]
February 16, 2017
Via: Help Net SecurityAt RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution. Bomgar Vault helps organizations secure, manage, and administer shared and sensitive credentials for privileged users and IT vendors, and improve […]
September 12, 2016
Via: InfoWorldMost users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn’t good enough, a researcher demonstrated this week. Rob Fuller, principal security engineer at R5 Industries, found out […]
September 9, 2016
Via: Help Net SecuritySecurity researcher Rob Fuller has demonstrated a simple way for stealing login credentials from locked computers running Windows and OS X. For the attack to work, you’ll need to have: Access to the targeted computer A portable, plug-in computer that […]
June 15, 2016
Via: MalwarebytesPhishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to […]