#account-compromise

[ follow ]
#data-breach #oauth-20 #device-code-phishing #mfa-bypass #microsoft-365 #jeffrey-epstein
Information security
fromComputerworld
5 days ago

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Attackers trick employees into registering a hacker-controlled device via OAuth device authorization, granting persistent access to Microsoft accounts and bypassing MFA.
Privacy professionals
fromSecuritymagazine
3 weeks ago

Epstein Files Leak Sensitive Data, Victim Information, and Credentials

Government-retracted Epstein records exposed PII of about 100 victims, leaked financial data, passwords, and account credentials, leading to threats and alleged account compromises.
Information security
fromTheregister
4 months ago

Google and Check Point nuke massive YouTube malware network

Malicious YouTube videos posing as cracked software and game cheats distributed infostealers by using fake or compromised accounts and manipulated engagement to deceive users.
Information security
fromSecurityWeek
4 months ago

DraftKings Warns Users of Credential Stuffing Attacks

DraftKings detected a credential stuffing attack using externally harvested credentials that may have exposed user account data and is enforcing password resets and MFA.
fromZDNET
5 months ago

Battered by cyberattacks, is Salesforce facing a trust problem?

ZDNET's key takeaways The FBI warned about the alarming trend of compromised accounts. The success rate of threat actors could tarnish Salesforce's reputation. The most recent wave of attacks was likely preventable.
Information security
fromWIRED
5 months ago

Scammers Will Try to Trick You Into Filling Out Google Forms. Don't Fall for It

These forms can be created in minutes, with clean and clear formatting, official-looking images and video, and-most importantly of all-a genuine Google Docs URL that your web browser will see no problem with. Scammers can then use these authentic-looking forms to ask for payment details or login information. It's a type of scam that continues to spread, with Google itself issuing a warning about the issue in February.
Information security
[ Load more ]