#account-takeover

[ follow ]
#phishing #cybersecurity #social-engineering #bank-fraud #apple-two-factor-authentication
Information security
fromComputerworld
2 days ago

Apple needs to fix admin authentication in ABM

Admins must use non-federated Apple Account sign-in with Apple two-factor authentication, which often relies on SMS codes vulnerable to SIM swapping, phishing, and interception.
#phishing
fromDataBreaches.Net
4 months ago
Information security

Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud - DataBreaches.Net

fromThe Hacker News
5 months ago
Information security

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

Cybercriminals impersonate financial institutions to steal money and sensitive information, enabling account takeover fraud that caused over $262 million in losses this year.
fromSecuritymagazine
8 months ago
Information security

Account Profile Scam Targets PayPal Users

Sophisticated phishing campaign spoofs PayPal emails to prompt victims to call scam-linked numbers or click links that grant attackers secondary account access.
fromDataBreaches.Net
4 months ago
Information security

Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud - DataBreaches.Net

more#phishing
Information security
fromTechRepublic
3 weeks ago

Fake Google Antigravity Installer Can Steal Accounts in Minutes

A fake Google Antigravity download exposes user accounts to compromise by delivering malware alongside the legitimate application.
Information security
fromThe Hacker News
1 month ago

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.
Information security
fromSecurityWeek
2 months ago

SIM Swaps Expose a Critical Flaw in Identity Security

SIM swap attacks exploit structural weaknesses in mobile-based identity verification, allowing criminals to intercept authentication codes and take over accounts by transferring victims' phone numbers to attacker-controlled SIM cards.
fromhttps://www.wbrc.com
2 months ago

Woman loses Facebook business account to person posing as social media influencer

"The buttons that he's telling me to push are not there. I don't use Zoom often so I'm feeling frustrated thinking that I don't know what I'm doing. He's getting frustrated, and he says, 'OK, let's just switch the Zoom call to your phone,'" Stotts said.
Privacy professionals
Information security
fromMail Online
3 months ago

Warning to Gmail users as scammers exploit Google's email update

Scammers exploit Gmail's new address-change feature to phish users and take over Google accounts by directing victims to fake login pages.
Information security
fromTheregister
3 months ago

Phishing attacks abuse SharePoint, target energy orgs

Attackers used SharePoint-based phishing to steal credentials, compromise energy-sector email accounts, and send hundreds of phishing messages from hijacked inboxes.
fromArs Technica
3 months ago

Millions of people imperiled through sign-in links sent by SMS

The links are sent to people seeking a range of services, including those offering insurance quotes, job listings, and referrals for pet sitters and tutors. To eliminate the hassle of collecting usernames and passwords-and for users to create and enter them-many such services instead require users to provide a cell phone number when signing up for an account. The services then send authentication links or passcodes by SMS when the users want to log in.
Privacy technologies
Information security
fromTheregister
4 months ago

US shutters phisherfolk's $14.6M password-hoarding platform

Law enforcement shut down web3adspanels.org, a platform used to store stolen banking credentials from SEO-poisoning campaigns that enabled account takeovers and millions in losses.
Information security
fromThe Hacker News
4 months ago

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

UNK_AcademicFlare used device-code phishing to steal Microsoft 365 credentials and conduct account takeovers targeting government, think tanks, higher education, and transportation since September 2025.
Information security
fromThe Hacker News
5 months ago

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

Holiday shopping peaks concentrate automated credential-stuffing and account-takeover attacks that monetize stored payment tokens while third-party credentials enlarge breach impact.
Law
fromKIRO 7 News Seattle
5 months ago

Tacoma woman sentenced to prison for bank fraud scheme

A Tacoma credit union employee stole account data from 23 customers, enabling a group to steal $345,014 and was sentenced to just over two years.
fromMail Online
5 months ago

FBI issues warning to all Gmail users over email scam robbing users

Officials are urging people not to click on suspicious links or attachments in emails, websites, or social media posts, warning that a single click can install malware on a device. 'Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number,' the FBI said. 'Be especially wary if a company asks you to update your password or account information. 'Look up the company's phone number on your own and call the company.'
Information security
Information security
fromAdExchanger
5 months ago

Google Ad Buyers Are (Still) Being Duped By Sophisticated Account Takeover Scams | AdExchanger

Scammers hijack agency Google Ads and Merchant Center accounts to drain client funds, erase data, and lock admins out, using phishing and Gmail-based attacks.
fromTheregister
8 months ago

Google, Microsoft account takeover made easy via VoidProxy

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."
Information security
fromThe Hacker News
8 months ago

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

"A potential attacker could take over customer accounts in Adobe Commerce through the Commerce REST API," Adobe said in an advisory issued today. The issue impacts the following products and versions - Adobe Commerce (all deployment methods): 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier 2.4.7-p7 and earlier 2.4.6-p12 and earlier 2.4.5-p14 and earlier Adobe Commerce B2B: 1.5.3-alpha2 and earlier 1.5.2-p2 and earlier 1.4.2-p7 and earlier
E-Commerce
Information security
fromTheregister
8 months ago

Pentagon left livestream keys exposed, hijack risk included

Pentagon publicly posted streaming platform stream keys on DVIDS, exposing military social accounts to hijacking; the vulnerability has been addressed with new keys and fixes.
Information security
fromThe Hacker News
8 months ago

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors exploit Axios and Microsoft Direct Send to spoof trusted senders, bypass gateways, and drive highly successful phishing and account takeover campaigns across industries.
#cybersecurity
more#cybersecurity
fromTechzine Global
11 months ago

Chrome vulnerability allowing account takeover fixed

Google has released an emergency update for the Chrome browser to fix a serious security vulnerability that allowed an account takeover.
Privacy technologies
[ Load more ]