#account-takeover

#account-takeover

Officials are urging people not to click on suspicious links or attachments in emails, websites, or social media posts, warning that a single click can install malware on a device. 'Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number,' the FBI said. 'Be especially wary if a company asks you to update your password or account information. 'Look up the company's phone number on your own and call the company.'

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."

"A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier