Security News

Logged failed logins into a company's Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found. Those credentials can then be used log in to any of the organization's platforms that use Okta single sign-on or - if the login credentials belong to an administrator - to gain privileged access to other systems or restricted network areas.

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. "One of their main strategies is to compromise legitimate websites, searching for vulnerable versions of WordPress, to turn them into their command-and-control server to spread malware from there, filtering out countries they do not wish to infect, dropping different type of malware based on the country being infected," researchers Fernando García and Dan Regalado said.

Credential security company Beyond Identity has launched the Zero Trust Authentication initiative for organizations to hack-proof user credentials, with backing from major firms. In an effort to codify just how IT should apply that in practice, companies including Zero Scaler, Optiv, Palo Alto Networks, Crowdstrike and Ping Identity are supporting an initiative led by security firm Beyond Identify to lay out a zero trust architecture to inoculate corporate accounts and credentials against phishing and ransomware, among other threats.

A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022. Prominent countries targeted include Azerbaijan, Tajikistan, Kyrgyzstan, Turkmenistan, and other Commonwealth of Independent States nations.

Morphisec, a security solution provider based in Israel, has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers' credentials. Morphisec's researcher has also seen the SYS01 malware attack critical government infrastructure employees, manufacturing companies and other industries.

Atlassian suffered a data leak after threat actors used stolen employee credentials to steal data from a third-party vendor. Atlassian confirmed to BleepingComputer that the compromised data was from third-party vendor Envoy which they use for in-office functions.

A North Korean nation-state group notorious for crypto heists has been attributed to a new wave of malicious email attacks as part of a "Sprawling" credential harvesting activity targeting a number of industry verticals, marking a significant shift in its strategy. The state-aligned threat actor is being tracked by Proofpoint under the name TA444, and by the larger cybersecurity community as APT38, BlueNoroff, Copernicium, and Stardust Chollima.

The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company's customers this week. PayPal attributed this privacy breach to "Unauthorized parties," who accessed accounts using customer login credentials.

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

If you're a programmer, whether you code for a hobby or professionally, you'll know that creating a new version of your project - an official "Release" version that you yourself, or your friends, or your customers, will actually install and use - is always a bit of a white-knuckle ride. The idea is simple: every time anyone makes a change in their part of the project, grab that person's new code, and whisk them and their new code through a full build-and-test cycle, just like you would before creating a final release version.