Security News

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.

A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans which allows attackers to take control of victims' machines through a new phishing email scheme, Cybereason discovered. The new infection process is designed to evade antivirus tools and tricks targets into installing the malware via a tax-themed Word Document containing a malicious macro that downloads an OpenVPN client on the targeted machine.

When a user account becomes locked out, the cause is often attributed to a user who has simply entered an old or incorrect password too many times. Perhaps the most easily overlooked cause of account lockouts is the use of cached credentials.

For users with more than one password collected last year, researchers found that 60% of the credentials were reused across multiple accounts, making them ripe for account takeovers and password spraying attacks. This password reuse rate, which is unchanged from last year, reflects how easy it is for an attacker to use one stolen password to compromise more than one account.

According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent were phishing emails aiming to steal victim usernames and passwords. The remainder of malicious emails were utilized in business email compromise attacks or for malware delivery.

HID Global announced it has expanded its Seos credential family with two new products. The Seos 16K is the industry's first credential certified to the highest IT security level established by the independent testing service provider TÜV Informationstechnik GmbH, and it features the highest memory in the series to support multi-application deployments.

RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service. Regional internet registry RIPE NCC is warning of a credential-stuffing attack against its single sign-on service, RIPE NCC Access, and is encouraging users to implement two-factor authentication.

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a.NET-based malware with capabilities to hinder static analysis - building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020.

RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on accounts. RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia.

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims' credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML files.