Tag: credentials

New PumaBot botnet brute forces SSH credentials to breach devices

May 28, 2025 10:55 PM

Tags: botnet, breach, credentials, iot, linux, malicious, malware

A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/
Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands

May 28, 2025 7:55 PM

Tags: android, banking, control, credentials, crypto, cyber, data, finance, malware, theft, threat

The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware, known for impersonating legitimate Peruvian Android apps, tricks users into granting accessibility permissions, thereby enabling extensive data theft and remote control capabilities. Evolution of a…
BSidesLV24 PasswordsCon Zero Downtime Credential Rotation

May 28, 2025 5:55 PM

Tags: conference, credentials

Author/Presenter: Kenton McDonough Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-passwordscon-zero-downtime-credential-rotation/
New PumaBot targets Linux IoT surveillance devices

May 28, 2025 5:55 PM

Tags: attack, botnet, credentials, Internet, iot, linux, malware

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its…
Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems

May 28, 2025 3:55 PM

Tags: access, credentials, cyber, defense, detection, endpoint, microsoft, RedTeam, service, threat, windows

Threat actors are now leveraging the often-overlooked Component Object Model (COM) and its distributed counterpart, Distributed Component Object Model (DCOM), to harvest credentials on Windows systems. As traditional red team methods like direct access to the Local Security Authority Subsystem Service (LSASS) face heightened scrutiny from Microsoft’s enhanced defenses and advanced Endpoint Detection and Response…
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

May 28, 2025 3:55 PM

Tags: attack, botnet, control, credentials, crypto, Internet, iot, linux, malware

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.”Rather than scanning the internet, the malware retrieves a list of targets…
What are OAuth Grant Types?

May 28, 2025 2:55 PM

Tags: api, credentials

Discover the different OAuth grant types, including authorization code, client credentials, and more. Learn how each type works and when to use them for secure API access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/what-are-oauth-grant-types/
‘Secure email’: A losing battle CISOs must give up

May 28, 2025 10:55 AM

Tags: access, attack, authentication, business, cisco, ciso, communications, compliance, corporate, credentials, cyber, cybercrime, data, dkim, dmarc, dns, email, encryption, finance, google, Internet, mail, mfa, microsoft, mobile, password, phishing, risk, service, threat, tool, windows

End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?

May 28, 2025 8:54 AM

Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trust

Passwordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police

May 28, 2025 1:55 AM

Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, tool

Switch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
Salt Typhoon Believed to Be Behind Commvault Data Breach

May 28, 2025 12:55 AM

Tags: advisory, backup, breach, china, cisa, cloud, credentials, data, data-breach, group, hacking, infrastructure, microsoft, threat, vulnerability

CISA Advisory Says Threat Actors Stole App Secrets in Azure-Hosted Backup Platform. A suspected Chinese state hacking group linked to last year’s telecom intrusions breached Commvault’s Microsoft Azure environment, exposing sensitive Microsoft 365 credentials and reigniting fears over U.S. cloud infrastructure vulnerabilities and default security settings. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-believed-to-be-behind-commvault-data-breach-a-28496
BSidesLV24 PasswordsCon Long Live Short Lived Credentials Auto-Rotating Secrets At Scale

May 27, 2025 11:54 PM

Tags: conference, credentials

Author/Presenter: Dwayne McDaniel Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-passwordscon-long-live-short-lived-credentials-auto-rotating-secrets-at-scale/
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

May 27, 2025 10:54 PM

Tags: access, antivirus, credentials, crypto, cybercrime, cybersecurity, finance, malicious, rat, software

Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.The campaign indicates a “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems,” the…
NATO Countries Targeted By New Russian Espionage Group

May 27, 2025 8:54 PM

Tags: breach, credentials, espionage, group, hacking, intelligence, marketplace, microsoft, russia

‘Laundry Bear’ Has Been Active Since 2024. Dutch intelligence agencies and Microsoft say a novel Russian state intelligence hacking group is likely buying stolen credentials from criminal marketplaces to gain entry to North American and European networks. It has a specific interest in European Union and NATO member states. First seen on govinfosecurity.com Jump to…
Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

May 27, 2025 5:54 PM

Tags: corporate, credentials, cyber, data, phishing, threat

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of Fortune 500 companies, and boasts a user base exceeding one billion. However, this widespread adoption has made DocuSign a prime target for cybercriminals. Leveraging the platform’s trusted reputation, threat actors are increasingly deploying sophisticated phishing campaigns to harvest corporate credentials,…
Hackers Use Fake OneNote Login to Capture Office365 and Outlook Credentials

May 27, 2025 3:54 PM

Tags: attack, cloud, credentials, cyber, data, google, hacker, login, phishing, service

A recent investigation by security analysts has uncovered a persistent phishing campaign targeting Italian and U.S. users, utilizing a chain of free cloud platforms and Telegram bots for credential harvesting and data exfiltration. The attack typically begins with a phishing page hosted on services like Notion or Google Docs, masquerading as legitimate portals such as…
Massive Data Breach Exposes 184 Million Login Credentials

May 27, 2025 2:54 PM

Tags: breach, credentials, cyber, data, data-breach, login, risk

A major data breach exposed 184 million login credentials. Discover the risks and learn how to protect yourself from cyber threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/massive-data-breach-exposes-184-million-login-credentials/
Iranian Cybergroup Toufan Targets Organizations to Steal Login Credentials

May 27, 2025 2:54 PM

Tags: breach, credentials, cyber, defense, finance, government, group, iran, login, threat

A pro-Palestinian cybergroup called Cyber Toufan, which means >>cyber storm,
How CISOs can defend against Scattered Spider ransomware attacks

May 27, 2025 8:54 AM

Tags: access, antivirus, attack, backup, ciso, control, credentials, data, defense, detection, edr, exploit, google, group, guide, hacker, hacking, identity, infrastructure, Internet, Intruder, law, mandiant, mfa, network, password, phishing, phone, ransom, ransomware, social-engineering, tactics, threat, tool, vmware, vpn, zero-day

Significant shift to social engineering: Over the past two years, many Scattered Spider members have been arrested and even convicted, including one key member known as “King Bob,” who was arrested in early 2024 and later pleaded guilty to the charges against him. Six other significant Scattered Spider members were arrested in late 2024.Due to…
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials

May 26, 2025 7:54 PM

Tags: browser, chrome, credentials, crypto, cyber, data, email, login, malware, password, service, theft

Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
CISA flags Commvault zero-day as part of wider SaaS attack campaign

May 26, 2025 2:55 PM

Tags: access, attack, authentication, backup, business, ceo, cisa, cloud, credentials, data, endpoint, exploit, flaw, governance, infrastructure, kev, least-privilege, microsoft, mitigation, monitoring, network, radius, saas, unauthorized, update, vulnerability, zero-day

CISA calls for swift patching: The high-severity flaw (CVSS 8.7 out of 10) affecting Commvault Web Server allowed bad actors to create and execute webshells within compromised environments. On 28 April 2025, CISA added the three vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV), giving FCEB agencies until 19 May 2025 to patch their systems…
D-Link Routers Exposed by Hard-Coded Telnet Credential

May 26, 2025 11:54 AM

Tags: credentials, cvss, cyber, data-breach, firmware, flaw, router, vulnerability

A recently disclosed vulnerability (CVE-2025-46176) exposes critical security flaws in D-Link’s DIR-605L and DIR-816L routers, revealing hardcoded Telnet credentials that enable remote command execution. The vulnerability affects firmware versions 2.13B01 (DIR-605L) and 2.06B01 (DIR-816L), scoring 6.5 on the CVSS v3.1 scale with medium severity. Security researchers identified improper command neutralization (CWE-77) as the root cause,…
Ensuring Stability with Robust NHI Strategies

May 24, 2025 1:55 AM

Tags: credentials, data, risk, strategy

Are Your Non-human Identities and Secrets Secure? The security of Non-Human Identities (NHIs) and their secretive credentials has proven to be an essential dimension of data management. NHIs, as machine identities, play a crucial role in businesses, especially those operating. If not managed properly, these non-human identities can expose organizations to risks of significant security……
Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

May 23, 2025 11:55 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, cctv, cisa, cloud, computer, control, credentials, crypto, cyber, cybercrime, cybersecurity, data, detection, email, espionage, exploit, finance, framework, germany, group, Hardware, infrastructure, injection, intelligence, iot, kev, law, linux, malware, metric, mfa, military, mitigation, network, nist, open-source, organized, passkey, password, phishing, risk, russia, skills, software, sql, tactics, technology, tool, training, ukraine, unauthorized, update, vpn, vulnerability, wifi, zero-trust

Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization. Dive into five things that…
Massive login credential database uncovered

May 23, 2025 10:55 PM

Tags: credentials, login

First seen on scworld.com Jump to article: www.scworld.com/brief/massive-login-credential-database-uncovered
Hackers Expose 184 Million User Passwords via Open Directory

May 23, 2025 2:55 PM

Tags: credentials, cyber, cybersecurity, data-breach, email, hacker, login, password

A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords”, totaling 47.42 GB of raw credential data. The exposed records included sensitive information such as emails, usernames, passwords, and direct URLs to login pages for a wide variety of services. These ranged…
Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks

May 23, 2025 11:55 AM

Tags: attack, banking, credentials, cyber, finance, malware, ransomware, theft, threat

Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that has plagued systems since its emergence in 2018. Initially designed as a banking trojan targeting financial credentials, DanaBot evolved into a multi-purpose threat, facilitating information theft and enabling secondary attacks like ransomware through payloads such as Latrodectus. At its peak in…
Google Chrome’s Built-in Manager Lets Users Update Breached Passwords with One Click

May 23, 2025 7:54 AM

Tags: browser, chrome, credentials, google, password, update

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.”When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai,…
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

May 22, 2025 8:55 PM

Tags: attack, cloud, credentials, crypto, cyber, data, exploit, hacker, infrastructure, malware, oracle, russia, service, threat, windows

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware. This malware-as-a-service (MaaS) infostealer, also known as LummaC2 Stealer, targets Windows systems to siphon credentials, system data, and cryptocurrency wallets. Investigations conducted in 2025 reveal…