#credential-theft

[ follow ]
Information security
fromIT Pro
2 days ago

Cyber teams are struggling to keep up with a torrent of security alerts

Identity-related alerts require 11 person-hours to investigate on average, while fragmented identity systems and AI-driven credential theft sharply increase breach risk.
fromThe Hacker News
2 days ago

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model ( DOM)-based extension clickjacking by independent security researcher Marek Tóth, who presented the findings at the DEF CON 33 security conference earlier this month.
Information security
fromArs Technica
1 month ago

Phishers have found a way to downgrade-not bypass-FIDO MFA

The phishing attack bypasses a multifactor authentication scheme based on FIDO, the standard considered immune to credential phishing attacks, leading to unauthorized access.
Privacy technologies
#cybersecurity
fromHackernoon
2 years ago
Mobile UX

Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials | HackerNoon

fromHackernoon
2 years ago
Mobile UX

Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials | HackerNoon

Privacy professionals
fromSecuritymagazine
4 months ago

Research reveals mass scanning and exploitation campaigns

Organizations must adopt layered cybersecurity defenses to combat rising threats.
Proactive measures, like regular software updates and MFA, are essential for defense.
more#cybersecurity
Privacy professionals
fromIT Pro
1 month ago

Hackers are using Microsoft 365 features to bombard enterprises with phishing emails - and they've already hit more than 70 organizations

A new phishing campaign exploits Microsoft's 365 Direct Send feature, targeting organizations without needing user credentials, leading to successful credential theft.
fromThe Hacker News
1 month ago

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

"The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server," Ganachari said.
Growth hacking
Remote teams
fromThe Hacker News
3 months ago

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

North Korean threat actors have upgraded their malware, OtterCookie, to enhance capabilities in stealing credentials and data.
[ Load more ]