Security News

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to Open Email Survey. "The vulnerability allows a MITM attacker between a mail client and Dovecot to inject unencrypted commands into the encrypted TLS context, redirecting user credentials and mails to the attacker," according to research linked to from a bug bounty page and dated August 2020.

Entrust announced a partnership with Yubico allowing U.S. federal agencies to issue YubiKey 5 Series and YubiKey 5 FIPS Series with Entrust derived PIV credentials to employees instantly, remotely and at scale. "The ability to issue derived PIV credentials from a credential management system directly to an alternative hardware token is a real game changer, providing strong security without the logistical challenges presented by physical PIV card issuance," said Suresh Kewalramani, Security Engineer, Department of Justice, Identity, Credential, and Access Management Services.

Law enforcement agencies in the United States, Germany, the Netherlands, and Romania have taken down the stolen login credentials marketplace Slilpp, the U.S. Department of Justice announced on Thursday. Active since 2012, the crime shop has been selling stolen credentials associated with a variety of online accounts, including banking, payment, and retail accounts, among others.

GitHub this week announced that it has started scanning code hosted on its platform for package registry credentials, including RubyGems and PyPI secrets. The scanning is performed via GitHub secret scanning, a service meant to identify exposed secrets in pushes to repositories.

Agari researchers entered unique credentials belonging to fake personas into phishing sites posing as widely used enterprise applications, and waited to see what the phishers would do next with the compromised accounts. They found that 23% of all accounts were accessed almost immediately, 50% of the accounts were accessed manually withing 12 hours after compromise, and that 91% of the compromised accounts were accessed manually within the first week.

If a sloppy internet service stores your password in plaintext and then gets breached, the crooks acquire your actual password directly, regardless of how complex it is. Keylogging malware on your computer can capture your passwords as you type, thus obtaining them "At source", no matter how long or weird they might be.

To help organizations protect against ransomware attacks and recover from them if they happen, NIST has published an infographic offering a series of simple tips and tactics. Collaboration between network access brokers and ransomware actors deepensIn this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers and ransomware operators, and how they funcion it today's threat landscape.

Akamai published a report that provides an analysis of both global and financial services-specific web application and credential stuffing attack traffic, revealing significant increases across the attack surfaces year over year from 2019 to 2020. In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion hitting financial services organizations specifically - an increase of more than 45% year-over-year in the sector.

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool. Only internal credentials and tooling source code accessed.

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot", the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks.