Security News

Microsoft rushes to register Autodiscover domains leaking credentials
2021-09-24 17:03

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. Many mail clients, including some versions of Microsoft Outlook and Office 365, incorrectly implement the Autodiscover protocol causing them to try and authenticate to third-party autodiscover.

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
2021-09-23 21:53

An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text that are being transferred over the wire," Guardicore's Amit Serper said in a technical report.

Breached passwords: Popular TV shows don't make for the best security credentials
2021-09-23 15:56

Specops recently released a roundup of the top 20 TV shows found on breached password lists. On Monday, Specops Software, a password management and authentication company, released a roundup of the popular TV shows found on breached password lists.

Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials
2021-09-22 13:00

A flaw in Microsoft's Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances. If the client doesn't receive any response from these URLs - which would happen if Exchange was improperly configured or was somehow prevented from accessing the designated resources - the Autodiscover protocol tries a "Back-off" algorithm that uses Autodiscover with a TLD as a hostname.

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
2021-09-22 13:00

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.In a new report by Amit Serper, Guardicore's AVP of Security Research, the researcher reveals how the incorrect implementation of the Autodiscover protocol, rather than a bug in Microsoft Exchange, is causing Windows credentials to be sent to third-party untrusted websites.

Airline Credential-Theft Takes Off in Widening Campaign
2021-09-16 18:26

A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans helping those efforts take flight. The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or follow-on attacks, researchers said, who have uncovered new details about the perpetrators.

Stolen Credentials Led to Data Theft at United Nations
2021-09-10 10:46

A threat actor used stolen credentials from a United Nations employee to breach parts of the UN's network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. "We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021," Dujarric said, according to the report.

Thousands of Fortinet VPN Account Credentials Leaked
2021-09-09 22:49

On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.

Cybercriminals buy up admin credentials to sharpen attacks on cloud deployments
2021-08-31 12:01

Companies should now consider cybercriminals as business competitors, according to Lacework's 2021 Cloud Threat Report Volume 2. The Lacework Lab analyzed telemetry from its customers and other data to identify rising and increasing security threats to cloud deployments.

Increase in credential phishing and brute force attacks causing financial and reputational damage
2021-08-31 04:30

Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.