Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts
Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. …
account hijacking
OkCupid account hijackings highlight website account management issues
Users of popular dating site OkCupid have been complaining of hackers taking over their account, locking them out by changing the associated email address and password, and …
Verizon details breaches they were called in to investigate
If at all possible, organizations like to keep details of the breaches they suffered under wraps, mostly to safeguard their reputation and to minimize legal trouble. As …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
AT&T sued for enabling SIM swap fraud
A cryptocurrency investor is suing AT&T because criminals were able to empty his accounts through SIM swap fraud (aka account port out fraud), even though he had already …
Theft of user accounts on cryptocurrency exchanges is soaring
Within a year, the number of data leaks from cryptocurrency exchanges soared by 369%, Group-IB researchers have found, and the US, Russia and China are the countries where …
Telegrab: Russian malware hijacks Telegram sessions
Researchers have discovered and analyzed an unusual piece of malware that, among other things, seeks to collect cache and key files from end-to-end encrypted instant messaging …
Malware leverages web injects to empty users’ cryptocurrency accounts
Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with …
BEC scammers actively targeting Fortune 500 companies
Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found. Their strategy is …
1.4 billion unencrypted credentials found in interactive database on the dark web
A data dump containing over 1.4 billion email addresses and clear text credentials is offered for download in an underground community forum. What’s so special about …
