Security News
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service. Regional internet registry RIPE NCC is warning of a credential-stuffing attack against its single sign-on service, RIPE NCC Access, and is encouraging users to implement two-factor authentication.
A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger - a.NET-based malware with capabilities to hinder static analysis - building on similar campaigns undertaken by the same actor against users in Bulgaria, Lithuania, Hungary, Estonia, Romania, and Spain in September, October, and November 2020.
RIPE NCC is warning members that they suffered a credential stuffing attack attempting to gain access to single sign-on accounts. RIPE NCC is a not-for-profit regional Internet registry for Europe, the Middle East, and parts of Central Asia.
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims' credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML files.
Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials.
The product is the only Active Directory plugin to check credentials at installation and password creation, and continuously monitor for and detect compromised credentials. The automated tool screens passwords against the dynamic Enzoic database containing billions of exposed credentials.
The number of annual credential spill incidents nearly doubled from 2016 to 2020, according to F5 research. "Attackers have been collecting billions of credentials for years. Credential spills are like an oil spill, once leaked, they are very hard to clean up because credentials do not get changed by unassuming consumers, and credential stuffing solutions are yet to be widely adopted by enterprises."
Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. Back in November, cybercriminals attacked hundreds of thousands of Spotify users utilizing this approach, prompting the streaming music service to issue password-reset notices.
Security researchers at cybersecurity company ESET discovered the malware and named it Kobalos, after the misbehaving creature in Greek mythology. "On compromised machines whose system administrators were able to investigate further, we discovered that an SSH credential stealer was present in the form of a trojanized OpenSSH client. The /usr/bin/sshfile was replaced with a modified executable that recorded username, password and target hostname, and wrote them to an encrypted file" - ESET. The researchers believe that credential theft could explain how the malware spreads to other systems on the same network or other networks in the academic sector since students and researchers from multiple universities may have SSH access to supercomputer clusters.
Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. The malware repeatedly reopens the Settings screen every eight seconds until the user turns on permissions for accessibility and device usage statistics, thus pressurizing the user into granting the extra privileges.