Security News
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.
Elastic released the 2022 Elastic Global Threat Report, detailing the evolving nature of cybersecurity threats, as well as the increased sophistication of cloud and endpoint-related attacks. 33% of attacks in the cloud leverage credential access, indicating that users often overestimate the security of their cloud environments and consequently fail to configure and protect them adequately.
A credential stuffing attack over the weekend that affected sports betting biz DraftKings resulted in as much as $300,000 being stolen from customer accounts. The Boston-based company said that its systems were not breached but that the login information of the impacted customers was stolen elsewhere and applied to their DraftKings accounts, where the same passwords were reused.
Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000. The statement follows an early Monday morning tweet saying that DraftKings was investigating reports [1, 2, 3, 4] of customers experiencing issues with their accounts.
The defendants purchased on the dark web server credentials for the computer servers of Certified Public Accounting and tax preparation firms across the country. They used those server credentials to remotely and covertly commit computer intrusions and exfiltrate the tax returns of thousands of taxpayers who were clients of those CPA and tax preparation firms.
Australian private health insurance provider Medibank has revealed that the hack and data breach it discovered over two weeks ago has affected more customers than initially thought. According to The Guardian, Medibank is working under the assumption that all its customers have been affected, including past ones.
Credential phishing attacks continue to exploit COVID-19 to target businesses. Since early 2020, the coronavirus pandemic has given cyber criminals another area that's ripe for exploitation as they try to trick individuals and businesses into divulging sensitive information.
Facebook warns of 400 malicious apps that tried to steal your account credentials. Facebook is advising its users to beware of fake and malicious apps that attempt to hijack your credentials for the popular social network.
Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. 42.6% of the rogue apps were photo editors, followed by business utilities, phone utilities, games, VPNs, and lifestyle apps.