Security News

Microsoft on Thursday disclosed an "Extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that enable a threat actor to set up phishing emails and pages, using them as lures to harvest and transmit credentials to an attacker-controlled server.

On Wednesday, Verizon's Visible - an all-digital, uber-cheap wireless carrier - confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey new iPhones. Visible is aware of an issue in which some member accounts were accessed and/or charged without their authorization.

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services, Binance, Google Cloud Platform, PayPal, Slack, and Stripe. "These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity, and transportation industries," Intezer said in a report shared with The Hacker News.

Twitch says that no login credentials and credit card numbers belonging to users or streamers were exposed following yesterday's massive data leak. The company added that the attackers could gain access to the stolen data due to a faulty Twitch server configuration change.

While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks.

The banking and investing platform MoneyLion had to lock customer accounts that were breached in credential stuffing attacks over the summer, in June and July. In credential stuffing attacks, threat actors use large collections of username/password combinations leaked following security breaches of various online services to log into the victims' user accounts on other online platforms.

A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe, finding that more than half of them have issues that can be exploited by threat actors. It assigns students, researchers and faculty members log-in credentials that allow them to obtain internet connectivity across different institutions by using credentials from their own university.

A new phishing campaign spotted by Armorblox tried to steal user credentials by spoofing a message notification from a company that provides email encryption. A successful phishing email that obtains the right username and password can gain access to an entire network.

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

At the heart of all this, credential compromise is the leading cause of ransomware attacks, because credentials give hackers the access they need to hold your systems hostage. To understand the issue of credentials in ransomware attacks, one must understand what credentials really are.