Security News

A new report from the FBI raises warnings about a credential theft threat targeting academic partners of identified US colleges and universities. These credential stuffing attacks are particularly concerning, because once an attacker is in possession of one login credential, he might run tools like OpenBullet to automatically check if they are valid for dozens or hundreds of other websites.

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information. "Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure," Greg Ose said, adding the attacker then managed to obtain a number of files -.

The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning different accounts, internet sites, and services.

Russian crooks are selling network credentials and virtual private network access for a "Multitude" of US universities and colleges on criminal marketplaces, according to the FBI. According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves. "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. The sensitive information consists of network credentials and virtual private network access "To a multitude" of higher education organizations in the U.S. In some cases, the seller posted a screenshot proving that the credentials provide the advertised access.

Customers of automaker General Motors and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards. Credential stuffing is a type of attack aimed at hijacking accounts.

Car manufacturer General Motors has confirmed the credential stuffing attack it suffered last month exposed customers' names, personal email addresses, and destination data, as well as usernames and phone numbers for family members tied to customer accounts. Other more personal information, including social security and credit card and bank account numbers, as well as drivers license data are not stored in customers' GM accounts and were not laid bare, GM officials said in a letter [PDF] sent to customers this month.

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards. General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers' information and allowed hackers to redeem rewards points for gift cards. Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. The URL button in the PDF takes the victim to a phishing site where they are supposed to resolve issues causing a package to be undeliverable.