Tag: credentials

New Linux PumaBot Targets IoT Devices with SSH Credential Brute-Force Attack

Jun 3, 2025 5:54 PM

Tags: attack, botnet, credentials, cyber, cybersecurity, exploit, Internet, iot, linux, strategy, threat

A new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based Linux botnet meticulously designed to exploit embedded Internet of Things (IoT) devices. Unlike conventional botnets that cast a wide net through indiscriminate internet scans, PumaBot employs a highly targeted strategy, fetching a curated list of…
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence

Jun 3, 2025 4:54 PM

Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerability

In healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
Top Russian Dark Web Market Tools Drive Surge in Credential Theft Attacks

Jun 3, 2025 4:54 PM

Tags: attack, breach, credentials, cyber, cybersecurity, dark-web, risk, russia, service, theft, tool

In a chilling revelation for cybersecurity professionals, the Russian Market has solidified its position as the leading hub for stolen credentials, fueling a dramatic rise in credential theft attacks worldwide. According to a 2024 report by ReliaQuest’s GreyMatter Digital Risk Protection (DRP) service, over 136,000 customer alerts were raised concerning potential stolen credentials on this…
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
North Face Fashion Brand Alerts Customers to Credential Stuffing Attack

Jun 3, 2025 4:54 PM

Tags: access, attack, authentication, breach, credentials, cyber, cyberattack, malicious, unauthorized

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically…
AI gives superpowers to BEC attackers

Jun 3, 2025 9:54 AM

Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, training

The role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
The North Face warns customers of April credential stuffing attack

Jun 3, 2025 12:54 AM

Tags: attack, breach, credentials

Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company’s website in April. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Tycoon2FA leveraged by Dadsec to pilfer Microsoft 365 credentials

Jun 2, 2025 10:54 PM

Tags: credentials, microsoft

First seen on scworld.com Jump to article: www.scworld.com/brief/tycoon2fa-leveraged-by-dadsec-to-pilfer-microsoft-365-credentials
Breaking the Lifecycle of Stolen Credentials Before It Breaks You

Jun 2, 2025 8:54 PM

Tags: breach, credentials, cybersecurity, exploit, password

From Breach to Exploit: How Stolen Credentials Fuel the Underground Economy In cybersecurity, breaches often make headlines. But what happens next after usernames and passwords, or active session cookies, are stolen is just as dangerous. The lifecycle of stolen credentials reveals a dark ecosystem of harvesting, trading, and exploitation. This post explores how… First seen…
Sophisticated Malware Campaign Targets Windows and Linux Systems

Jun 2, 2025 5:54 PM

Tags: credentials, linux, malware, theft, tool, windows

A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-campaign-targets-windows/
IBM DataStage Bug Exposes Database Credentials in Plain Tex

Jun 2, 2025 4:54 PM

Tags: authentication, credentials, cve, cyber, data, flaw, ibm, vulnerability

A recently disclosed vulnerability in IBM InfoSphere DataStage, tracked as CVE-2025-1499, has raised concerns across the enterprise data management sector. The flaw centers on the cleartext storage of sensitive credential information, potentially exposing database authentication details to authenticated users. Below, we break down the technical aspects, impact, and available remediation for this issue. ClearText Storage…
‘Russian Market’ emerges as a go-to shop for stolen credentials

Jun 2, 2025 4:54 PM

Tags: breach, credentials, cybercrime, marketplace, russia

The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-market-emerges-as-a-go-to-shop-for-stolen-credentials/
OAuth 2.0 in Practice: Building an OAuth Client

Jun 2, 2025 3:54 PM

Tags: access, credentials

Explore OAuth 2.0 implementation by building your own client. Understand client credentials, access tokens, authorization code flow, and secure integration techniques. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/oauth-2-0-in-practice-building-an-oauth-client/
6 hard truths security pros must learn to live with

Jun 2, 2025 12:54 PM

Tags: ai, attack, breach, business, ciso, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, finance, fraud, gartner, hacker, ibm, insurance, jobs, network, phishing, resilience, risk, risk-management, skills, social-engineering, tactics, technology, threat, training, vulnerability

No matter how good you are, your organization will be victimized: This is a hard one to swallow, but if we take the “five stages of grief” approach to cybersecurity, it’s better to reach the “acceptance” level than to remain in denial because much of what happens is simply out of your control.A global survey…
Credential phishing facilitated by Google Apps Script exploitation

May 30, 2025 10:55 PM

Tags: credentials, exploit, google, phishing

First seen on scworld.com Jump to article: www.scworld.com/brief/credential-phishing-facilitated-by-google-apps-script-exploitation
Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

May 30, 2025 5:55 PM

Tags: credentials, cyber, cybersecurity, group, hacker, infrastructure, intelligence, microsoft, phishing, service, threat

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as >>Dadsec.
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks

May 30, 2025 4:55 PM

Tags: attack, authentication, cloud, credentials, cyber, data-breach, email, microsoft, phishing, threat

Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are adapting with advanced methods to steal credentials, especially targeting enterprise cloud environments. AiTM attacks, often…
New botnet hijacks AI-powered security tool on Asus routers

May 30, 2025 3:55 PM

Tags: access, ai, attack, botnet, credentials, detection, firmware, infection, login, malicious, monitoring, router, tool, unauthorized

Monitoring SSH access is the only protection: As upgrading the firmware doesn’t guarantee protection, admins are recommended to keep checking for unauthorized SSH access, particularly on TCP port 53282, which the botnet uses for persistent remote control.Additionally, checking the filesystem for a /tmp/BWSQL_LOG file can help detect attackers’ abuse of the logging feature. Changing default…
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code

May 30, 2025 2:55 PM

Tags: access, advisory, attack, credentials, cve, cyber, data-breach, flaw, network, risk, vulnerability

In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws”, CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047″, allow attackers to gain root-level access through a chain of authenticated attacks, with default credentials and sensitive information exposed in cleartext. Despite the risks, the vendor…
Novel PumaBot slips into IoT surveillance with stealthy SSH break-ins

May 30, 2025 12:55 PM

Tags: access, botnet, cctv, control, credentials, detection, exploit, firewall, Internet, iot, linux, login, malware, monitoring, network, password, service, vulnerability

bypasses the usual playbook of conducting internet-wide scanning and instead brute-forces secure shell (SSH) credentials for a list of targets it receives from a command and control (C2) server.”DarkTrace researchers have identified a custom Go-based Linux botnet targeting embedded Linux Internet of Things (IoT) devices,” researchers said in a blog post. “The botnet gains initial access…
Passwortlose Authentifizierung wird für CISOs immer wichtiger

May 30, 2025 12:55 PM

Tags: ai, authentication, business, ciso, credentials, cyber, cyberattack, deep-fake, gartner, mfa, microsoft, password, phishing, risk, risk-management, social-engineering

Selbst MFA ist vor raffinierten, KI-gesteuerten Phishing-Angriffen nicht sicher. Biometrische Verfahren gelten als vielversprechende Alternative.Die rasante Entwicklung von KI-Agenten eröffnet Cyberkriminellen neue Angriffsmöglichkeiten, die insbesondere für Chief Information Security Officers (CISOs) eine erhebliche Herausforderung darstellen. Automatisierte Angriffe, die von KI gesteuert werden, können herkömmliche Sicherheitsmaßnahmen wie Passwörter und Multi-Faktor-Authentifizierung (MFA) zunehmend unterlaufen. Trotz weit verbreiteter…
Safari Flaw Exploited by BitM Attack to Steal User Login Data

May 30, 2025 11:55 AM

Tags: api, attack, credentials, cyber, data, exploit, flaw, login, phishing

A new wave of phishing attacks, known as Fullscreen Browser-in-the-Middle (BitM) attacks, is exploiting browser features to steal user credentials with unprecedented stealth. Unlike traditional phishing, which relies on fake websites and visible clues, BitM attacks leverage remote browser sessions and the Fullscreen API to create convincing overlays that mask all browser interface elements, including…
Warning: Threat actors now abusing Google Apps Script in phishing attacks

May 30, 2025 5:55 AM

Tags: access, attack, awareness, cloud, communications, control, credentials, defense, email, google, login, malicious, microsoft, password, phishing, service, tactics, threat, tool, training

script[.]google[.]com. The attacker is betting the user will see and trust the Google brand, and therefore trust the content.”By using a trusted platform to host the phishing page, the threat actor creates a false sense of security, obscuring the underlying threat with the goal of getting the recipient to enter their email and password without…
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

May 30, 2025 12:55 AM

Tags: access, ai, api, attack, china, cloud, computer, credentials, detection, infrastructure, malicious, ml, network, pypi, risk, software, supply-chain, tool

Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
Apple Safari exposes users to fullscreen browserthe-middle attacks

May 29, 2025 6:55 PM

Tags: apple, attack, credentials, threat

A weakness in Apple’s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks/
Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

May 29, 2025 3:55 PM

Tags: api, attack, credentials, exploit

PALO ALTO, California, 29th May 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/fullscreen-bitm-attack-discovered-by-squarex-exploits-browser-fullscreen-apis-to-steal-credentials-in-safari/
Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

May 29, 2025 3:55 PM

Tags: api, attack, credentials, exploit

PALO ALTO, California, 29th May 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/fullscreen-bitm-attack-discovered-by-squarex-exploits-browser-fullscreen-apis-to-steal-credentials-in-safari/
Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

May 29, 2025 3:55 PM

Tags: access, api, attack, credentials, cyber, exploit, saas, threat, unauthorized

Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps. BitM attacks work by using a remote browser to trick victims into interacting with an attacker-controlled browser via a pop-up window…
PumaBot Malware Targets Linux IoT Devices

May 28, 2025 11:55 PM

Tags: botnet, cctv, credentials, Internet, iot, linux, malware

Stealthy Malware Installs Cryptomining Software. A botnet targeting Internet of Things devices works by brute forcing credentials and downloading cryptomining software. Researchers call the botnet PumaBot, since its malware checks for the string Pumatronix, the name of a Brazilian manufacturer of surveillance and traffic camera systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pumabot-malware-targets-linux-iot-devices-a-28526