#AccountTakeover

Critical ChatGPT Plugin Vulnerabilities Expose Sensitive Data

by

March 13, 2024 at 08:07AM Security researchers at Salt Labs discovered three critical vulnerabilities in the ChatGPT extension, potentially exposing users’ accounts and services to unauthorized access. The first vulnerability occurs during plugin installation, allowing malicious code approval. The second vulnerability lacks proper user authentication, enabling account takeovers. The third vulnerability allows for OAuth redirection … Read more

Meta Patches Facebook Account Takeover Vulnerability

by

February 29, 2024 at 09:27AM Meta recently patched a critical vulnerability affecting the Facebook password reset process, as reported by cybersecurity researcher Samip Aryal. The flaw allowed an attacker to exploit a two-hour window to brute-force a unique six-digit code and gain control of an account. Meta’s bug bounty program recognized Aryal’s contribution, but the … Read more

Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel

by

February 12, 2024 at 11:21AM A cloud account takeover campaign has affected numerous Azure environments and compromised many user accounts. The campaign specifically targets senior personnel. This ongoing threat is a significant security concern within the Azure cloud environment, as reported by SecurityWeek. Based on the meeting notes, it appears that there has been a … Read more

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

by

January 25, 2024 at 11:48AM Over 5,000 unpatched GitLab servers are vulnerable to account takeover due to CVE-2023-7028. The flaw, affecting versions 16.1.0 and onwards, allows send password reset emails to unverified addresses, disclosed by a non-profit group. Patches are available in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with hundreds of vulnerable servers globally. GitLab … Read more

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

by

January 24, 2024 at 01:01PM Over 5,300 GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw enabling attackers to reset passwords and take over accounts. Despite not bypassing 2FA, it poses a significant risk to unprotected accounts. ShadowServer identifies vulnerable servers in the U.S., Germany, Russia, and other countries, urging immediate patching and … Read more

Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP

by

January 12, 2024 at 10:42PM GitLab released security updates to address two critical vulnerabilities, CVE-2023-7028 and CVE-2023-5356. CVE-2023-7028 allows account takeover without user interaction, affecting versions 16.1 to 16.7. CVE-2023-5356 enables execution of slash commands as another user through Slack/Mattermost integrations. Users are advised to upgrade instances and enable 2FA for elevated privileges. Key takeaways … Read more

Mandiant’s X (Twitter) Account Hacked to Promote Crypto Scam

by

January 4, 2024 at 12:22PM Google’s cybersecurity firm Mandiant regained control of its Twitter account after falling victim to a cryptocurrency scam hack. This incident came amidst growing concerns over security on the platform, echoing past high-profile account takeovers. The security of high-profile accounts on Twitter remains an ongoing concern as the platform is targeted … Read more

Cybercriminals Flood Dark Web With X (Twitter) Gold Accounts

by

January 3, 2024 at 05:08PM Cybercriminals are targeting verified “Gold” accounts on X (previously known as Twitter) and selling them on the Dark Web for up to $2,000. CloudSEK researchers have uncovered a surge in these accounts on underground marketplaces, leading to potential risks such as hosting phishing links, launching disinformation campaigns, and financial scams. … Read more

NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads

by

November 3, 2023 at 09:42AM Facebook business accounts have been compromised and used to run fake ads featuring revealing photos of young women as bait to trick victims into downloading malware called NodeStealer. Clicking on the ads downloads a malicious .exe file that steals browser cookies and passwords. The malware is part of a growing … Read more

‘Log in with…’ Feature Allows Full Online Account Takeover for Millions

by

October 24, 2023 at 08:05AM Flaws in the OAuth standard implementation across Grammarly, Vidio, and Bukalapak may have allowed attackers to take over user accounts and engage in fraudulent activities. The Salt Labs researchers discovered API misconfigurations, which could potentially affect other compromised sites. This issue, referred to as a “Pass-The-Token” flaw, allows attackers to … Read more