Researchers reveal the latest lateral phishing tactics
Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics …
account hijacking
Business security in the age of malicious bots
As most technologies, bots can be used for good and bad purposes, and the information security industry is doing its best to minimize the adverse effects of the latter …
How effective are login challenges at preventing Google account takeovers?
Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains. …
Most adults are concerned about malware and phishing on social media
More than eighty percent of adults believe that they’re at risk when it comes to security on social media. Most American adults are using at least one social media …
Hackers used credentials of a Microsoft Support worker to access users’ webmail
On Friday, an unknown number of customers of Microsoft’s webmail services (Outlook.com, Hotmail, MSN Mail) received a notice from the company telling them that attackers …
Who are the biggest targets of credential stuffing attacks?
Media organizations, gaming companies, and the entertainment industry are among the biggest targets of credential stuffing attacks, in which malicious actors tap automated …
Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts
Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. …
OkCupid account hijackings highlight website account management issues
Users of popular dating site OkCupid have been complaining of hackers taking over their account, locking them out by changing the associated email address and password, and …
Verizon details breaches they were called in to investigate
If at all possible, organizations like to keep details of the breaches they suffered under wraps, mostly to safeguard their reputation and to minimize legal trouble. As …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
AT&T sued for enabling SIM swap fraud
A cryptocurrency investor is suing AT&T because criminals were able to empty his accounts through SIM swap fraud (aka account port out fraud), even though he had already …
Theft of user accounts on cryptocurrency exchanges is soaring
Within a year, the number of data leaks from cryptocurrency exchanges soared by 369%, Group-IB researchers have found, and the US, Russia and China are the countries where …