Collecting Cyber-News from over 60 sources

Tag: credentials

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Mar 13, 2025 5:52 PM

Tags: credentials, email, finance, fraud, microsoft, phishing, social-engineering

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware.The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It’s…
That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review

Mar 13, 2025 4:52 PM

Tags: credentials, email, microsoft, phishing, scam

Phishers check in, your credentials check out, Microsoft warns First seen on theregister.com Jump to article: www.theregister.com/2025/03/13/bookingdotcom_phishing_campaign/
‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality

Mar 13, 2025 4:52 PM

Tags: credentials, malware, microsoft, phishing, scam

Microsoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/clickfix-phishing-scam-booking/
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype

Mar 13, 2025 3:52 PM

Tags: ai, automation, credentials, malware, tactics, theft

Credential theft surged 3Ã— in a year”, but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the “perfect heist.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-report-2025-unmasking-a-3x-spike-in-credential-theft-and-debunking-the-ai-hype/
Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

Mar 13, 2025 2:52 PM

Tags: access, apache, credentials, cve, cyber, data, flaw, open-source, vulnerability

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data integration tool. The vulnerability, tracked as CVE-2025-27017, allows authorized users with read access to the system to view sensitive credentials used to connect to MongoDB databases. This security flaw affects multiple versions of Apache NiFi, prompting urgent action from users to…
Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key

Mar 13, 2025 1:52 PM

Tags: access, authentication, cloud, compliance, control, credentials, data, defense, encryption, fido, framework, government, healthcare, identity, infrastructure, mobile, nfc, password, phishing, regulation, service, software, strategy, technology, windows

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 – 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. The FIDO (Fast Identity Online) standard has emerged as the gold standard…
How to detect Headless Chrome bots instrumented with Puppeteer?

Mar 13, 2025 11:52 AM

Tags: api, attack, browser, chrome, credentials, tool

Headless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use, combined with the lightweight nature of Headless Chrome, makes it a preferred tool over its full-browser counterpart. It is commonly used for web scraping, credential stuffing attacks, and the First seen on securityboulevard.com Jump to article:…
Why Browser-Based Security Is Vital to Zero Trust Operations

Mar 12, 2025 7:52 PM

Tags: access, attack, credentials, framework, malware, phishing, ransomware, zero-trust

Browser Isolation Protects Access Points as Remote Work Expands Attack Surface With 92% of organizations supporting remote connectivity and phishing attacks surging to record levels, browser-based security has become essential for zero trust frameworks to protect against malware, ransomware and credential theft. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/browser-based-security-vital-to-zero-trust-operations-p-3832
Chinese cyberespionage group deploys custom backdoors on Juniper routers

Mar 12, 2025 4:52 PM

Tags: access, attack, authentication, backdoor, backup, botnet, china, control, credentials, cyberespionage, ddos, detection, encryption, endpoint, espionage, exploit, google, group, identity, infrastructure, injection, intelligence, malicious, malware, mandiant, mitigation, monitoring, network, risk, router, software, switch, tactics, threat, tool, unauthorized, update, vulnerability, zero-day

File integrity protections were bypassed: Attackers’ initial access to the Juniper MX routers analyzed by Mandiant seems to have been achieved with legitimate credentials. While UNC3886 has developed and used zero-day exploits to compromise network-edge devices in the past, the group actively performs credential collection on compromised networks for lateral movement to support its goal…
March Patch Tuesday warnings: Act fast to plug zero day holes in Windows, VMware

Mar 12, 2025 4:52 PM

Tags: access, advisory, authentication, cisco, cloud, communications, control, credentials, csf, cve, data, data-breach, exploit, flaw, incident response, infrastructure, microsoft, network, office, remote-code-execution, router, security-incident, service, software, unauthorized, update, vmware, vulnerability, windows, zero-day

Microsoft issues: Windows admins have to deal with patching six zero days, six critical vulnerabilities, plus the hole that already has a publicly available proof-of-concept.”All six of the vulnerabilities that Microsoft has labelled as ‘exploit detected’ are resolved with the monthly cumulative update,” pointed out Tyler Reguly, associate director of security R&D at Fortra. “This…
Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack

Mar 12, 2025 4:52 PM

Tags: attack, backdoor, credentials, crypto, group, lazarus, malicious

Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects. First seen on hackread.com Jump to article: hackread.com/lazarus-group-backdoor-fake-npm-packages-attack/
PowerSchool Portal Compromised Months Before Massive Data Breach

Mar 12, 2025 4:52 PM

Tags: access, breach, credentials, data, data-breach, hacker

Hackers used compromised credentials to access PowerSchool’s PowerSource portal months before the December 2024 data breach. The post PowerSchool Portal Compromised Months Before Massive Data Breach appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/powerschool-portal-compromised-months-before-massive-data-breach/
DCRat Malware Spreading via YouTube to Steal Login Credentials

Mar 12, 2025 4:52 PM

Tags: access, attack, credentials, cyber, cybersecurity, exploit, login, malicious, malware, rat, service, software

Cybersecurity researchers have identified a renewed wave of attacks involving the Dark Crystal RAT (DCRat), a dangerous remote access Trojan that has resurfaced through a Malware-as-a-Service (MaaS) model. Attackers are actively targeting gamers by distributing malicious software disguised as gaming cheats and cracks, primarily through YouTube. Malware Distribution Exploits YouTube Platform The attackers behind DCRat…
Java Axios Package Vulnerability Threatens Millions of Servers with SSRF Exploit

Mar 12, 2025 4:52 PM

Tags: credentials, cve, cyber, exploit, risk, vulnerability

A critical security issue has been identified in the Axios package for JavaScript, which poses significant risks to millions of servers due to server-side request forgery (SSRF) and credential leakage. This vulnerability occurs when absolute URLs are used in Axios requests, even when abase URLis specified. CVE-2025-27152 Overview The vulnerability associated with Axios is identified…
Polymorphic Browser Extensions Could Target Credentials, Report Finds

Mar 11, 2025 9:58 PM

Tags: credentials

First seen on scworld.com Jump to article: www.scworld.com/brief/polymorphic-browser-extensions-could-target-credentials-report-finds
AI-Generated Fake GitHub Repositories Steal Login Credentials

Mar 11, 2025 3:54 PM

Tags: ai, credentials, cyber, cybercrime, cybersecurity, exploit, github, login, malicious, malware, tactics, threat

A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate, exploit GitHub’s trusted reputation to deceive users into downloading ZIP files containing malicious code. The campaign highlights the evolving tactics cybercriminals employ to…
PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords

Mar 11, 2025 2:54 PM

Tags: android, banking, credentials, cyber, cybersecurity, google, malicious, malware, password

A sophisticated malware campaign, dubbed PlayPraetor, has been uncovered by cybersecurity firm CTM360. This operation involves creating fake Google Play Store websites that deceive users into downloading malicious Android applications. These apps, though appearing legitimate, are actually advanced banking Trojans designed to steal sensitive user information, including banking credentials and clipboard data. Operation Details The…
95% of Data Breaches Tied to Human Error in 2024

Mar 11, 2025 2:54 PM

Tags: breach, credentials, data, security-incident, threat

Mimecast found that insider threats, credential misuse and user-driven errors were involved in most security incidents last year First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/data-breaches-human-error/
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials

Mar 11, 2025 12:54 PM

Tags: attack, credentials, cyber, exploit, group, hacker, korea, lazarus, login, malicious, north-korea

North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting…
Webinar: Credential security in the age of AI: Insights for IT leaders

Mar 10, 2025 7:54 PM

Tags: ai, credentials

On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI. First seen on grahamcluley.com Jump to article: grahamcluley.com/webinar-credential-security-in-the-age-of-ai-insights-for-it-leaders/
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Mar 10, 2025 4:53 PM

Tags: attack, credentials, cybersecurity, malicious

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on.”The polymorphic extensions create a pixel perfect replica of the target’s icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to First…
Thinkware Dashcam Vulnerability Leaks Credentials to Attackers

Mar 10, 2025 8:53 AM

Tags: access, credentials, cyber, data, leak, malicious, privacy, risk, service, unauthorized, vulnerability

A series of significant security vulnerabilities have been discovered in the Thinkware Dashcam, specifically the F800 Pro model, which could pose serious risks to users’ privacy and security. These issues include unauthorized access to sensitive data, denial of service, and the ability to write malicious files. Below is a detailed overview of these vulnerabilities and…
Strela Stealer Malware Attack Microsoft Outlook Users for Credential Theft

Mar 8, 2025 5:53 AM

Tags: attack, credentials, cyber, cybersecurity, email, malware, microsoft, phishing, theft

The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been active since late 2022 and has been primarily used in large-scale phishing campaigns targeting users in several European countries, including Spain,…
Nearly 1 million Windows devices targeted in advanced “malvertising” spree

Mar 7, 2025 9:54 PM

Tags: credentials, crypto, login, malware, windows

Malware stole login credentials, cryptocurrency, and more from infected machines. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/03/nearly-1-million-windows-devices-targeted-in-advanced-malvertising-spree/
Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft

Mar 7, 2025 6:53 PM

Tags: credentials, cyber, cybersecurity, email, malware, microsoft, phishing, theft

The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware, a sophisticated infostealer designed to target specific email clients, notably Microsoft Outlook and Mozilla Thunderbird. This malware has been active since late 2022 and has been primarily used in large-scale phishing campaigns targeting users in several European countries, including Spain,…
Ransomware Groups Favor Repeatable Access Over Mass Vulnerability Exploits

Mar 7, 2025 3:53 PM

Tags: access, credentials, exploit, group, ransomware, vpn, vulnerability

Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-repeatable-access/
YouTube Alerts Creators About Phishing Emails Targeting Login Credentials

Mar 7, 2025 2:53 PM

Tags: advisory, ai, attack, ceo, credentials, cyber, deep-fake, email, exploit, login, malicious, phishing, social-engineering, tactics, tool

YouTube has issued a critical security advisory following a widespread phishing campaign exploiting private video sharing to distribute AI-generated deepfakes of CEO Neal Mohan. The fraudulent videos falsely claim changes to the platform’s monetization policies, urging creators to click malicious links. This sophisticated attack vector combines social engineering tactics with advanced generative AI tools, targeting…
Peaklight Malware Targets Users to Steal Credentials, Browser History, and Financial Data

Mar 7, 2025 11:53 AM

Tags: credentials, cyber, data, finance, malware, service, threat

Peaklight malware has emerged as a significant threat, designed to steal sensitive information from compromised endpoints. This information stealer is often distributed through underground channels and is sometimes offered as a Malware-as-a-Service (MaaS), making it a continuously evolving and potent threat capable of bypassing conventional security measures. Peaklight’s primary goal is to exfiltrate sensitive data,…
What Is an Identity Provider (IdP) and How Does It Work?

Mar 7, 2025 1:53 AM

Tags: credentials, identity
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access

Mar 6, 2025 11:53 PM

Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-day

Two-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…