account hijacking Archives - Help Net Security

account hijacking

Phishers have been targeting UN, UNICEF, Red Cross officials for months – and still do

October 25, 2019

Researchers have brought to light a longstanding phishing campaign aimed at the UN and its various networks, and a variety of humanitarian organizations, NGOs, universities …

Avast breached by hackers who wanted to compromise CCleaner again

October 21, 2019

Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: …

Researchers reveal the latest lateral phishing tactics

August 16, 2019

Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics …

Business security in the age of malicious bots

July 1, 2019

As most technologies, bots can be used for good and bad purposes, and the information security industry is doing its best to minimize the adverse effects of the latter …

How effective are login challenges at preventing Google account takeovers?

May 21, 2019

Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains. …

Most adults are concerned about malware and phishing on social media

April 30, 2019

More than eighty percent of adults believe that they’re at risk when it comes to security on social media. Most American adults are using at least one social media …

Hackers used credentials of a Microsoft Support worker to access users’ webmail

April 16, 2019

On Friday, an unknown number of customers of Microsoft’s webmail services (Outlook.com, Hotmail, MSN Mail) received a notice from the company telling them that attackers …

Who are the biggest targets of credential stuffing attacks?

April 12, 2019

Media organizations, gaming companies, and the entertainment industry are among the biggest targets of credential stuffing attacks, in which malicious actors tap automated …

Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts

March 20, 2019

Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. …

OkCupid account hijackings highlight website account management issues

February 12, 2019

Users of popular dating site OkCupid have been complaining of hackers taking over their account, locking them out by changing the associated email address and password, and …

Verizon details breaches they were called in to investigate

September 10, 2018

If at all possible, organizations like to keep details of the breaches they suffered under wraps, mostly to safeguard their reputation and to minimize legal trouble. As …

The single sign-on account hijacking threat and what can we do about it?

August 22, 2018

Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …