Security News

More than half of the 24.6 billion stolen credential pairs available for sale on the dark web were exposed in the past year, the Digital Shadows Research Team has found. Of the 24.6 billion credentials for sale, 6.7 billion of the pairs are unique, an increase of 1.7 billion over two years.

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource said in a report shared with The Hacker News.

New features in Metasploit 6.2.0. Capture plugin - While Metasploit has always included modules to steal credentials on a network, a new 'Capture' plugin has been introduced that offers a more streamlined approach.

The "New and improved" version of Emotet is exhibiting a "Troubling" behavior of effectively collecting and using stolen credentials, "Which are then being weaponized to further distribute the Emotet binaries," Charles Everette from Deep Instinct revealed in a blog post this week. In April, Emotet malware attacks returned after a 10-month "Spring break" with targeted phishing attacks linked to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a report by Proofpoint.

A cybercriminal stole 1 million Facebook account credentials over 4 months. As phishing attacks continue to be a go-to for threat actors, one scam found that a user had stolen a million Facebook account credentials over a span of just four months.

An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan to reroute financial transactions and steal corporate credentials. Interpol linked the suspects to a syndicate of Nigerian fraudsters using a RAT known as Agent Tesla to access business computers and divert monetary transactions to their own accounts.

A new report from the FBI raises warnings about a credential theft threat targeting academic partners of identified US colleges and universities. These credential stuffing attacks are particularly concerning, because once an attacker is in possession of one login credential, he might run tools like OpenBullet to automatically check if they are valid for dozens or hundreds of other websites.

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said, adding the attacker then managed to obtain a number of files -.

The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning different accounts, internet sites, and services.

Russian crooks are selling network credentials and virtual private network access for a "Multitude" of US universities and colleges on criminal marketplaces, according to the FBI. According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves. "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.