Security News

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines - as well as recent reports that manufacturers like Pfizer may not be able to supply additional doses of its vaccine to the U.S. large volumes until sometime in Q2. These lures continue to play into the high emotions of victims during a pandemic - something seen in various phishing and malware campaigns throughout the last year.

The Better Business Bureau warned last week that the attack uses Zoom's logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule. Another recent variant of the attack has been a message welcoming some recipients to the platform and requesting they click on a link to activate the account, said the BBB. In all cases, victims are taken to a phishing landing page, where they are asked to input their Zoom credentials.

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources. For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family accounts had strangers added from other countries.

The collaboration will see Enzoic's credentials screening service integrated into OneLogin's SmartFactor Authentication product, ensuring that credentials exposed in a prior breach can't be used. Verizon's 2020 Data Breach Investigations Report identified that stolen credentials are involved in 29 percent of data breaches and that 80 percent of hacking-related breaches involve compromised and weak credentials.

The North Face has reset its customers' passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter's website. There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its "VIPeak Rewards Program." After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from Oct. 8 to Oct. 9.

Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. Credential stuffing is a type of attack where threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms. Immediately after detecting the attack after noticing suspicious activity involving the thenorthface.com website, the company implemented security measures to limit the account login rate from suspicious sources or showing a suspicious pattern.

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials. Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website. According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.