#account-takeover

[ follow ]
#cybersecurity

Ongoing campaign compromises senior execs' Azure accounts, locks them using MFA

Unknown attackers are targeting Microsoft Azure accounts in an ongoing campaign to steal sensitive data and financial assets.
The attackers use phishing techniques and account takeovers to compromise the targeted accounts and enroll them in multifactor authentication to secure them.

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Unauthorized JavaScript execution in AI chatbots risks account takeovers via prompt injection attacks.

Detecting and preventing account takeover (ATO) attacks

Account takeover (ATO) attacks have surged significantly, necessitating robust prevention strategies for businesses and individuals.

Ongoing campaign compromises senior execs' Azure accounts, locks them using MFA

Unknown attackers are targeting Microsoft Azure accounts in an ongoing campaign to steal sensitive data and financial assets.
The attackers use phishing techniques and account takeovers to compromise the targeted accounts and enroll them in multifactor authentication to secure them.

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Unauthorized JavaScript execution in AI chatbots risks account takeovers via prompt injection attacks.

Detecting and preventing account takeover (ATO) attacks

Account takeover (ATO) attacks have surged significantly, necessitating robust prevention strategies for businesses and individuals.
morecybersecurity

AWS Cloud Development Kit Vulnerability Enables Full AWS Account Takeover

A newly discovered vulnerability in AWS CDK could allow attackers to take over AWS accounts due to predictable S3 bucket names.

An official OpenAI X account was taken over to peddle a crypto scam

An official OpenAI account was hacked to promote a cryptocurrency scam involving a fake $OPENAI token.

The New Effective Way to Prevent Account Takeovers

Account takeover attacks threaten cloud-based SaaS environments, and strengthening browser security is essential for prevention.

AWS 'Bucket Monopoly' attacks could allow account takeover

Critical flaws in AWS services allowed remote code execution and account takeover, fixed by AWS after Aqua Security's research.

New Android Banking Trojan BingoMod Steals Money, Wipes Devices

BingoMod RAT wipes devices after money transfers to evade detection and is linked to Romanian-speaking threat actors.
The malware employs Account Takeover (ATO) tactics and can self-destruct to prevent forensic analysis, reminiscent of other Android banking trojans.

Meet clickjacking's slicker cousin, gesture jacking

Web browsers struggle to prevent clickjacking despite ongoing efforts by developers.
New variation named 'cross window forgery' requires victims to press Enter or Space on attacker site.

Hundreds of enterprises are being targeted in a Microsoft Azure cloud account takeover campaign - here's what you need to know

Executives and directors are popular targets in a cloud account takeover campaign.
The campaign is specifically targeting Microsoft Azure environments.

Meta brushes off risk of account theft via number recycling

Telecom companies recycling phone numbers can lead to malicious account takeovers.
Meta (formerly Facebook) sees phone number reuse as a concern but doesn't consider it eligible for its bug bounty program.
[ Load more ]