#credential-theft

[ follow ]
fromThe Hacker News
1 week ago

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting sensitive data on these browsers.
Information security
Information security
fromInfoWorld
2 weeks ago

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

A supply-chain attack on Nx and multiple malicious npm React packages used AI-powered post-install malware to steal developer credentials and enterprise secrets.
fromIT Pro
2 weeks ago

Watch out for fake Zoom invites - hackers are abusing ConnectWise ScreenConnect to take over devices

To manipulate targets into engaging and downloading ScreenConnect, the attackers employ advanced deception techniques built around impressive impersonations and familiar business contexts, effectively creating workflows that align with end-user expectations,
Information security
Information security
fromTheregister
2 weeks ago

Nx NPM packages poisoned in AI-assisted supply chain attack

Compromised Nx NPM packages contained malware that stole developer credentials and exposed them via public GitHub repositories.
#identity-security
fromIT Pro
3 weeks ago
Information security

Cyber teams are struggling to keep up with a torrent of security alerts

fromIT Pro
3 weeks ago
Information security

Cyber teams are struggling to keep up with a torrent of security alerts

#phishing
fromIT Pro
2 months ago
Privacy professionals

Hackers are using Microsoft 365 features to bombard enterprises with phishing emails - and they've already hit more than 70 organizations

fromIT Pro
2 months ago
Privacy professionals

Hackers are using Microsoft 365 features to bombard enterprises with phishing emails - and they've already hit more than 70 organizations

Information security
fromThe Hacker News
2 weeks ago

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

ShadowCaptcha uses compromised WordPress sites and fake CAPTCHA pages with ClickFix social engineering to deliver stealers, ransomware, and cryptocurrency miners.
Information security
fromThe Hacker News
2 weeks ago

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

HOOK Android banking trojan variant adds ransomware-style full-screen overlays, expanded remote commands, and enhanced data theft and device takeover capabilities.
fromThe Hacker News
3 weeks ago

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model ( DOM)-based extension clickjacking by independent security researcher Marek Tóth, who presented the findings at the DEF CON 33 security conference earlier this month.
Information security
fromArs Technica
1 month ago

Phishers have found a way to downgrade-not bypass-FIDO MFA

The phishing attack bypasses a multifactor authentication scheme based on FIDO, the standard considered immune to credential phishing attacks, leading to unauthorized access.
Privacy technologies
#cybersecurity
fromHackernoon
2 years ago
Mobile UX

Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials | HackerNoon

fromHackernoon
2 years ago
Mobile UX

Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials | HackerNoon

Privacy professionals
fromSecuritymagazine
4 months ago

Research reveals mass scanning and exploitation campaigns

Organizations must adopt layered cybersecurity defenses to combat rising threats.
Proactive measures, like regular software updates and MFA, are essential for defense.
fromThe Hacker News
2 months ago

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

"The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server," Ganachari said.
Growth hacking
Remote teams
fromThe Hacker News
4 months ago

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

North Korean threat actors have upgraded their malware, OtterCookie, to enhance capabilities in stealing credentials and data.
[ Load more ]