Security News
Json from CRED FILE NAMES file name array to GCLOUD CREDS FILES file name array[+] added netrc, kubeconfig, adc. Db from CRED FILE NAMES file name array[-] removed dload function[+] added commented dload function invocation for posting final results[+] added commented wget command to download and execute https://everlost.
A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. "Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.
At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The 2023 Verizon Data Breach Investigations Report revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated.
Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. What if you could outsmart these criminals and protect your organization?
Read about a new tool advertised on the Dark Web called WormGPT. As artificial intelligence technology such as ChatGPT continues to improve, so does its potential for misuse by cybercriminals. ChatGPT credentials and jailbreak prompts on the Dark Web ChatGPT stolen credentials on the Dark Web.
American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers. Hot Topic is a retail chain specialized in counter-culture clothing and accessories, and licensed music, that has 675 stores across the U.S. It also operates an online shop with nearly 10 million visitors every month, according to data from SimilarWeb.
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. The malicious apps use various distribution channels, including social media, phishing sites, and deceitful shopping apps on Google Play, Android's official app store.
VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment caused by credentials being logged and exposed via system audit logs. Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don't require user interaction.
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.
Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. Both less skilled and seasoned cybercriminals can use the tools to create more convincing phishing emails that are customized for the intended audience to grow the chances of a successful attack. Hackers tapping into GPT AI. In six months, the users of the dark web and Telegram mentioned ChatGPT, OpenAI's artificial intelligence chatbot, more than 27,000 times, shows data from Flare, a threat exposure management company, shared with BleepingComputer.