Tag: credentials
-
Infostealer malware poses potent threat despite recent takedowns
How CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Volume of attacks on network devices shows need to replace end of life devices quickly
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
CISA Warns of Cisco Smart Licensing Utility Credential Flaw Exploited in Attacks
Tags: advisory, attack, cisa, cisco, credentials, cve, cyber, cybersecurity, exploit, flaw, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning organizations about a critical vulnerability in Cisco’s Smart Licensing Utility (SLU) software that has reportedly been exploited in cyberattacks. The vulnerability, assigned CVE-2024-20439, stems from a static credential issue that could leave affected systems open to remote exploitation with potentially devastating consequences.…
-
Oracle Health Responding to Hack of Legacy Cerner EHR Data
Customer Credentials Possibly Compromised at EHR Vendor Acquired by Oracle in 2022. Oracle is dealing with a hacking incident involving legacy patient data of Cerner electronic health record customers. Oracle, which acquired Cerner in 2022, is reportedly telling clients the hack involved compromised credentials for systems scheduled to migrate to the cloud. First seen on…
-
Triton RAT Uses Telegram for Remote System Access and Control
Cado Security Labs has uncovered a new Python-based Remote Access Tool (RAT) named Triton RAT, which leverages Telegram for remote system access and data exfiltration. This open-source malware, available on GitHub, is designed to execute a wide range of malicious activities, including credential theft, system control, and persistence establishment. Technical Overview Triton RAT initiates its…
-
Hacker Tactics: Exploiting Edge Devices, Missing Multifactor
70% of Ransomware Incidents Trace to Attackers Simply Logging In, Researchers Warn. Hackers may have a reputation for wizardry, but researchers say two of their top tactics are entirely prosaic: exploiting known vulnerabilities in outdated networking gear to gain initial access, as well as using valid – albeit stolen – employee credentials and just logging…
-
New Android Malware “TsarBot” Targeting 750 Banking, Finance Crypto Apps
Tags: android, attack, banking, credentials, credit-card, crypto, cyber, finance, intelligence, login, malware, threatA newly identified Android malware, dubbed TsarBot, has emerged as a potent cyber threat targeting over 750 applications across banking, finance, cryptocurrency, and e-commerce sectors. Discovered by Cyble Research and Intelligence Labs (CRIL), this banking Trojan employs sophisticated overlay attacks to steal sensitive user credentials, including banking details, login information, and credit card data. Global…
-
Evilginx Tool (Still) Bypasses MFA
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/evilginx-bypasses-mfa
-
Inside Daisy Cloud: 30K Stolen Credentials Exposed
Veriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges to government portals, at disturbingly……
-
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. >>Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from…
-
Babuk Locker 2.0 vs Seceon Platform: MITRE ATTCK Mapping and Early-Stage Detection Remediation
Overview of Babuk Locker 2.0 Babuk Locker 2.0 is a ransomware strain that employs double extortion, where attackers encrypt victim files and exfiltrate sensitive data for ransom. It targets organizations by exploiting RDP vulnerabilities, unpatched systems, weak credentials, and phishing attacks. MITRE ATT&CK Mapping of Babuk Locker 2.0 & Seceon’s Early Detection & Remediation MITRE…
-
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey.”Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,”…
-
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive user base to execute commands, steal sensitive information, and manipulate both local machines and Discord servers. Bot Initialization and Functionality…
-
Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
A PhaaS platform, dubbed ‘Morphing Meerkat,’ uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/morphing-meerkat-phaas-platform/
-
Atlantis AIO tool automates credential stuffing across 140 platforms
First seen on scworld.com Jump to article: www.scworld.com/news/atlantis-aio-tool-automates-credential-stuffing-across-140-platforms
-
Large-Scale Phishing Campaign Targets Defense and Aerospace Companies
A recent investigation by DomainTools Investigations (DTI) has uncovered a massive phishing infrastructure targeting defense and aerospace entities, particularly those linked to the conflict in Ukraine. This sophisticated campaign involves a network of mail servers supporting domains that mimic legitimate organizations, designed to steal critical credentials from employees in these sectors. The infrastructure relies on…
-
New Atlantis AIO platform automates credential stuffing on 140 services
A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-atlantis-aio-automates-credential-stuffing-on-140-services/
-
Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks
In a concerning development for cybersecurity professionals, threat actors are increasingly utilizing a powerful tool called Atlantis AIO to automate and scale credential stuffing attacks across more than 140 platforms. This multi-checker tool, designed to exploit stolen user credentials, has emerged as a formidable weapon in the cybercriminal arsenal, enabling attackers to test millions of…
-
Threat Actors Abuse Trust in Cloud Collaboration Platforms
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-abuse-cloud-platforms/
-
Even anti-scammers get scammed: security expert Troy Hunt pwned by phishing email
Troy Hunt, creator of the Have I Been Pwned website Troy HuntThe phishing attack was “highly automated and designed to immediately export the list before the victim could take preventative measures,” Hunt wrote.The attack highlights the limitations of passwords and two-factor authentication (2FA) in preventing phishing attacks. Hunt said the incident highlights the need for…
-
Hackers Use Atlantis AIO Tool to Automate Account Takeover Attacks
Atlantis AIO, a tool available to hackers on the dark web, gives threat actors an automated tool to rapidly test millions of stolen credentials against email, ecommerce, and other online accounts on more than 140 email and other platforms in credential-stuffing attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/hackers-use-atlantis-aio-tool-to-automate-account-takeover-attacks/
-
Do You Own Your Permissions, or Do Your Permissions Own You?
Tags: attack, computer, credentials, data, data-breach, exploit, microsoft, powershell, update, vulnerabilitytl;dr: Less FPs for Owns/WriteOwner and new Owns/WriteOwnerLimitedRights edges Before we get started, if you’d prefer to listen to a 10-minute presentation instead of or to supplement reading this post, please check out the recording of our most recent BloodHound Release Recap webinar. You can also sign up for future webinars here. Back in August, a…
-
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.Atlantis AIO “has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession,” the cybersecurity company said in an analysis.Credential stuffing is a First…
-
New Windows Zero-Day Vulnerability Exposes NTLM Credentials Unofficial Patch Available
A new zero-day vulnerability has been discovered in Windows, impacting all versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into viewing malicious files in Windows Explorer. The issue has been reported to Microsoft, and while…
-
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-leaks-ntlm-hashes-gets-unofficial-patch/
-
New Phishing Campaign Targets Mac Users to Steal Login Credentials
A sophisticated phishing campaign, recently identified by LayerX Labs, has shifted its focus from Windows users to Mac users in response to enhanced security measures implemented by major browsers. Initially, this campaign targeted Windows users by masquerading as Microsoft security alerts, aiming to steal login credentials by creating the illusion of a compromised computer. The…
-
Multistage Info-Stealer SnakeKeylogger Targets Individuals and Businesses to Steal Login Credentials
SnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect. The attack begins with a malicious spam email containing a .img file attachment, which, when…