Security News

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. On August 2nd, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser.

Arkose Labs unveiled an industry-first $1 million Credential Stuffing Warranty. This vendor warranty offers a commercial guarantee against credential stuffing attacks, covering customers up to $1 million in response expenses.

How to develop a skilled cybersecurity teamWhat skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations employ to develop a well-staffed cybersecurity team? Where should they look for talent? What advice do those already working in the field have for those who want to enter it? How can secure KVM technology help eliminate security risks?John Minasyan leads Belkin's cybersecurity business unit focused on solutions to mitigate advanced threats at an operator's desk.

An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing funds from unsuspecting victims.

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

Last year saw a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. Luckily, organizations are not totally helpless when it comes to its passwords being put up for sale on the dark web.

Verifiable credentials provide a tamper-secure way for users to prove their identity online, without sacrificing their safety, privacy, or security during the process. Based on a new web standard approved by the W3C in 2019, verifiable credentials are the digital equivalents of the paper documents we carry in our wallets and use to prove who we are in the physical world.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. The malicious apps were detected as trojans called Android.

Continuing its commitment to providing these options, HID Global announced the implementation of the latest MIFARE DESFire EV3 credential. "Our credential based on NXP MIFARE DESFire EV3 delivers this technology's full range of advanced security and privacy capabilities and reinforces them with HID's powerful model for identity data protection," said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global.