Security News

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family accounts had strangers added from other countries.

The collaboration will see Enzoic's credentials screening service integrated into OneLogin's SmartFactor Authentication product, ensuring that credentials exposed in a prior breach can't be used. Verizon's 2020 Data Breach Investigations Report identified that stolen credentials are involved in 29 percent of data breaches and that 80 percent of hacking-related breaches involve compromised and weak credentials.

The North Face has reset its customers' passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter's website. There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its "VIPeak Rewards Program." After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from Oct. 8 to Oct. 9.

Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. Credential stuffing is a type of attack where threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms. Immediately after detecting the attack after noticing suspicious activity involving the thenorthface.com website, the company implemented security measures to limit the account login rate from suspicious sources or showing a suspicious pattern.

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials. Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website. According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.

A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host's registry or users' cloud-account credentials. Containerd bills itself as a runtime tool that "Manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond." As such, it offers deep visibility into a user's cloud environment, across multiple vendors.

Akamai published a report detailing criminal activity targeting the retail, travel, and hospitality industries with attacks of all types and sizes between July 2018 and June 2020. Between July 2018 and June 2020, more than 100 billion credential stuffing attacks ere observed in total.

Attivo Networks announced innovative enhancements to its ThreatPath solution, part of the modular ThreatDefend Endpoint Detection Net family of products. ThreatPath, which continuously observes and shows credential exposures, now also provides organizations with the ability to identify and automatically remediate high-risk exposures based on identities with excess privileges, application data sources, at-risk practices such as local admin credentials stored on the endpoint, and shadow admin accounts.

Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. Canva is a graphic design platform that lets users create posters, letterheads, holiday cards, and other digital media that can then be downloaded as an image, shared as HTML with clickable links, or printed.