Tag: login

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Dec 3, 2024 2:48 PM

Tags: access, antivirus, attack, browser, credentials, cve, cvss, data, email, exploit, flaw, fortinet, framework, healthcare, login, malicious, malware, microsoft, office, phishing, remote-code-execution, risk, software, threat, vulnerability, windows

Threat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
Hundreds of UK Ministry of Defence passwords found circulating on the dark web

Dec 2, 2024 11:48 PM

Tags: 2fa, access, attack, authentication, banking, breach, credentials, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, email, government, hacker, intelligence, iraq, login, malware, mfa, password, phishing, risk, russia, theft, warfare

The login credentials of nearly 600 employees accessing a key British Ministry of Defence (MOD) employee portal have been discovered circulating on the dark web in the last four years, it has been reported.According to the i news site, the stolen credentials were for the MOD’s Defence Gateway website, a non-classified portal used by employees…
Phishing mit Word-Dokumenten und QR-Code

Dec 2, 2024 4:48 PM

Tags: login, mail, malware, microsoft, phishing, qr, social-engineering
Ein Login für alle: Sollten Sie sich auf anderen Websites mit Google oder Facebook anmelden?

Dec 1, 2024 2:27 PM

Tags: google, login

lten Sie eine Zillion einzelner Konten verwenden und im Auge behalten, wenn Sie sich bei so vielen Anwendungen und Websites mit Ihren Facebook- oder G… First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/ein-login-fuer-alle-sollten-sie-sich-auf-anderen-websites-mit-google-oder-facebook-anmelden/
Design flaw in Fortinet VPN server lets attackers hide logins

Nov 27, 2024 10:01 PM

Tags: flaw, fortinet, login, vpn

First seen on scworld.com Jump to article: www.scworld.com/brief/design-flaw-in-fortinet-vpn-server-lets-attackers-hide-logins
9 VPN alternatives for securing remote network access

Nov 26, 2024 9:11 AM

Tags: access, ai, api, attack, authentication, automation, best-practice, business, cloud, compliance, computer, computing, control, corporate, credentials, cve, cybercrime, cybersecurity, data, defense, detection, dns, encryption, endpoint, exploit, firewall, fortinet, group, guide, Hardware, iam, identity, infrastructure, Internet, iot, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, office, password, ransomware, risk, router, saas, service, software, strategy, switch, threat, tool, update, vpn, vulnerability, vulnerability-management, waf, zero-trust

Once the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, large numbers…
Job termination scam warns staff of phony Employment Tribunal decision

Nov 25, 2024 6:51 PM

Tags: access, awareness, ciso, computer, country, cybersecurity, data, defense, detection, email, intelligence, jobs, login, malicious, malware, microsoft, phishing, scam, service, social-engineering, software, threat, training, zero-trust

Creators of phishing messages usually want to create anxiety in their targets so they’ll unwittingly download malware. And nothing gets stomachs churning more than the possibility of losing your job.One of the latest examples of this was detected by Cloudflare, which issued a report Thursday on a recent job termination phishing scam that included some…
Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Nov 25, 2024 6:08 PM

Tags: attack, cyber, exploit, finance, google, login, malicious, malware, phishing, service, threat

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims to fake login pages hosted on Weebly, targeting telecommunications and financial sectors in late October 2024. Financially motivated threat actors exploit Weebly’s ease of use and reputation to host phishing pages, bypassing security measures and leveraging the platform’s legitimacy to…
Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

Nov 25, 2024 6:08 PM

Tags: business, credentials, credit-card, cyber, login, malicious, malware, windows

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced techniques, whereas recent variants focus on stealing Facebook Ads Manager budget details, potentially enabling malicious ad campaigns. Now they pilfer credit card information alongside browser credentials, and to bypass security measures, the malware utilizes Windows Restart Manager to unlock browser…
Google’s New Restore Credentials Tool Simplifies App Login After Android Migration

Nov 25, 2024 6:08 PM

Tags: access, android, api, credentials, google, login, tool

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device.Part of Android’s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement.”With Restore Credentials, apps can…
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics

Nov 21, 2024 9:53 PM

Tags: access, attack, authentication, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, detection, exploit, framework, iam, identity, infrastructure, intelligence, least-privilege, login, mfa, microsoft, monitoring, password, risk, service, software, strategy, tactics, threat, tool, update, vulnerability

A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises, released in September by cybersecurity agencies…
Disorder in the Court: Unintended Consequences of ATO

Nov 20, 2024 11:53 AM

Tags: credentials, login, threat

The most common ATO threat that individuals and businesses imagine affecting them is their accounts getting hijacked- e.g. a threat actor uses credential stuffing to login to your netflix account, and enjoys some free entertainment on your dime (or sells the account for a few dollars)”¦or in a more serious scenario, accesses an employee’s corporate……
Security Alert: Fake Accounts Threaten Black Friday Gaming Sales

Nov 18, 2024 4:53 PM

Tags: access, attack, authentication, breach, captcha, control, credentials, data, detection, email, exploit, finance, framework, fraud, login, mfa, mitigation, open-source, password, phone, risk, service, switch, tactics, threat, tool, unauthorized

As Black Friday 2024 nears, online retailers are preparing for a surge in demand, particularly for deals, discounts, and bundles on popular gaming consoles like the PS5, Xbox, and Nintendo Switch, along with their accessories. However, this excitement also attracts sophisticated fraudsters who use bots to capitalize on the limited availability of these consoles and…
Login-Daten und Datensatz: Angebliches Datenleck beim Statistischen Bundesamt

Nov 17, 2024 11:53 AM

Tags: data-breach, login

Beim Statistischen Bundesamt hat es einen Cybervorfall gegeben. Das soll jedoch keine Auswirkungen auf die Systeme der Bundeswahlleiterin haben. First seen on golem.de Jump to article: www.golem.de/news/login-daten-und-datensatz-angebliches-datenleck-beim-statistischen-bundesamt-2411-190853.html
CISO Forum Virtual Summit: Sessions On Demand

Nov 14, 2024 12:53 PM

Tags: ciso, cybersecurity, login, risk, risk-management

Login today for the CISO Forum Virtual Summit as we discuss innovative cybersecurity and risk management strategies. The post CISO Forum Virtual Summit: Sessions On Demand appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-forum-virtual-summit-is-today/
Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password

Nov 11, 2024 9:04 AM

Tags: cybersecurity, election, hacker, login, okta, password, vulnerability

In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without……
ToxicPanda Banking Malware Attacking Banking Users To Steal Logins

Nov 11, 2024 8:01 AM

Tags: android, banking, login, malware

Recent research has uncovered a new strain of malware developed for Android devices, initially misidentified as TgToxic. Despite sharing some bot com… First seen on gbhackers.com Jump to article: gbhackers.com/toxicpanda-banking-malware-attack/
Okta schließt Login-Schwachstelle, die ein beliebiges Passwort erlaubte

Nov 7, 2024 3:00 PM

Tags: login, okta, password, vulnerability

Nutzt jemand den Authentifizierungsdienst Okta aus der Leserschaft? Es gibt zu diesem Anbieter mal wieder eine Sicherheitsmeldung. Okta hat gerade ein… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/02/okta-schliesst-login-schwachstelle-die-ein-beliebiges-passwort-erlaubte/
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Nov 7, 2024 12:03 PM

Tags: credentials, cybercrime, cybersecurity, login, phishing, threat, tool

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to a… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

Oct 31, 2024 11:56 AM

Tags: credentials, exploit, flaw, hacker, login, open-source, software, threat, vulnerability, xss

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a … First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html
DDoS-Angriffe auf Rockstar-Server: Spieler berichten von Login-Problemen

Oct 29, 2024 12:52 PM

Tags: cyberattack, ddos, login

First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/ddos-angriffe-auf-rockstar-server-spieler-berichten-von-login-problemen-301779.html
Beware Of Callback Phishing Attacks Google Groups That Steal Login Details

Oct 23, 2024 9:25 PM

Tags: attack, email, google, group, login, phishing, phone

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where at… First seen on gbhackers.com Jump to article: gbhackers.com/callback-phishing-google-login-theft/
(g+) 2FA: Zweifaktor-TOTP-Token aus Aegis Authenticator sichern

Oct 20, 2024 11:01 AM

Tags: 2fa, login

Im Büro ist kein Login möglich, weil das Handy mit den TOTP-Token zuhause liegt? Mit etwas Vorausplanung können TOTPs aus der Single-Point-of-Failure-… First seen on golem.de Jump to article: www.golem.de/news/2fa-zweifaktor-totp-token-aus-aegis-authenticator-sichern-2410-189619.html
Mamba 2FA Cybercrime Kit Targets Microsoft 365 Users

Oct 17, 2024 12:36 PM

Tags: 2fa, cybercrime, login, microsoft

A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up Microsoft login pages of var… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mamba-2fa-cybercrime-kit-microsoft-365-users
OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Oct 17, 2024 7:36 AM

Tags: attack, cyber, espionage, exploit, group, hacker, infrastructure, iran, login, microsoft

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider… First seen on gbhackers.com Jump to article: gbhackers.com/oilrig-hackers-microsoft-exchange-attack/
Microsoft Outlook bug blocks email logins, causes app crashes

Oct 13, 2024 4:54 PM

Tags: email, login, microsoft

Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accoun… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-outlook-bug-blocks-email-logins-causes-app-crashes/
Storm-1575 Threat Actor Deploys New Login Panels for Phishing Infrastructure

Oct 10, 2024 2:56 PM

Tags: infrastructure, login, phishing, threat

First seen on hackread.com Jump to article: hackread.com/storm-1575-threat-actor-new-login-panels-phishing-infrastructure/
Apple’s New Passwords App May Solve Your Login Nightmares

Oct 8, 2024 5:06 PM

Tags: apple, login, password

First seen on wired.com Jump to article: www.wired.com/story/apple-password-app-ios-18/
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Sep 25, 2024 12:11 PM

Tags: attack, credentials, cybercrime, cybersecurity, email, exploit, login, phishing, theft

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages th… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html
Threat Actors Forcing victims Into Entering Login Credentials For Stealing

Sep 24, 2024 8:12 AM

Tags: credentials, intelligence, login

Recent intelligence indicates a new technique employed by stealers to trick victims into entering credentials directly into a browser, enabling subseq… First seen on gbhackers.com Jump to article: gbhackers.com/threat-actors-credential-theft/