#CredentialTheft

Russia’s ‘Star Blizzard’ APT Upgrades its Stealth, Only to Be Unmasked Again

by

December 7, 2023 at 05:18PM A Kremlin-linked APT group, “Star Blizzard,” known for cyberespionage and targeting NATO-associated entities since 2017, recently updated its evasion tactics. Microsoft exposed these new techniques, which include the use of password-protected PDFs, cloud file-sharing, advanced domain creation, and exploitation of email marketing platforms for phishing. Despite operations against UK officials, … Read more

Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics

by

December 7, 2023 at 10:06AM The COLDRIVER threat actor, tracked as Star Blizzard by Microsoft and linked to Russia’s FSB, has been targeting entities aligned with Russian interests using advanced credential theft and evasion techniques. They use impersonating domains, email campaigns, and server-side scripts for phishing while avoiding detection. Recently, the U.K. sanctioned two of … Read more

Hundreds of Malicious Android Apps Target Iranian Mobile Banking Users

by

November 30, 2023 at 06:06AM A mobile security firm discovered a malicious campaign using over 285 Android apps to steal bank credentials and credit card information from Iranian users. The malware, targeting at least 12 banking apps, uses phishing and evasion techniques, with plans to expand to cryptocurrency wallets. Attackers use Telegram and GitHub for … Read more

Okta: October data breach affects all customer support system users

by

November 29, 2023 at 08:32AM Okta’s customer support system was breached, affecting all support system users and exposing names, emails, and other details. Less than 1% of customers had session tokens stolen. Okta advises all users, especially unsecured admins, to implement multi-factor authentication and increase vigilance against phishing. No credentials were exposed. Previous attacks included … Read more

Okta breach: 134 customers exposed in October support system hack

by

November 3, 2023 at 10:53AM Okta recently disclosed that attackers gained unauthorized access to its customer support system from September 28 to October 17, 2023. Files belonging to 134 customers were compromised, and session hijacking attacks were carried out using stolen session tokens. The breach affected five customers, including 1Password, BeyondTrust, and Cloudflare. Okta took … Read more

Okta breach: 134 customers exposed in support system hack

by

November 3, 2023 at 10:24AM Okta recently revealed that attackers who breached their customer support system gained access to files belonging to 134 customers. Of those customers, five were targets of session hijacking attacks using stolen session tokens. Three of the affected customers, 1Password, BeyondTrust, and Cloudflare, reported the unauthorized activity after detecting login attempts … Read more

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

by

November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more

‘Log in with…’ Feature Allows Full Online Account Takeover for Millions

by

October 24, 2023 at 08:05AM Flaws in the OAuth standard implementation across Grammarly, Vidio, and Bukalapak may have allowed attackers to take over user accounts and engage in fraudulent activities. The Salt Labs researchers discovered API misconfigurations, which could potentially affect other compromised sites. This issue, referred to as a “Pass-The-Token” flaw, allows attackers to … Read more

Fighting off cyberattacks? Make sure user credentials aren’t compromised

by

October 17, 2023 at 10:04AM Threat actors are constantly finding new ways to trick end-users into giving up their credentials, leading to a rise in credential theft. Cybercriminals target credentials because people often reuse the same login information across multiple sites, giving hackers access to sensitive accounts. They use social engineering tactics like tailgating, spear … Read more

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

by

October 17, 2023 at 02:09AM Between May and September 2023, at least 11 telecommunication service providers in Ukraine were targeted by threat actors. The attacks, carried out under the name UAC-0165, caused service interruptions for customers. The attackers used reconnaissance and exploitation techniques from previously compromised servers, employing specialized programs for credential theft and remote … Read more