Security News

By hosting phishing pages at a legitimate cloud service, cybercriminals try to avoid arousing suspicion, says Check Point Research. The idea is that such phishing pages will better elude detection by security products and more easily ensnare unsuspecting victims.

Twenty percent of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies, Akamai said. Media companies are an attractive target for criminals and saw a 63% year-over-year increase in attacks against the video media sector, the report said.

The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019, according to a report from Akamai. The report found that 20% of the 88 billion total credential stuffing attacks observed during the reporting period targeted media companies.

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows. Over the past few years, Digital Shadows added to its breach repository more than 15 billion credentials shared on criminal forums, paste sites, file sharing services, and code sharing websites.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification. A new phishing campaign analyzed by the security provider Abnormal Security shows how the attackers are taking advantage of Twitter users to steal account credentials.

Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.

1Password is launching a first-of-its-kind domain breach report. Now, companies using 1Password's enterprise password manager can swiftly identify compromised accounts and take action to protect the enterprise by alerting users to create new secure passwords generated via 1Password.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

Over a period of just a few days in late May, malicious actors attempted to steal database credentials from millions of WordPress websites by exploiting known vulnerabilities in themes and plugins. According to WordPress security company Defiant, its firewall blocked more than 130 million attempts to collect database credentials from 1.3 million sites between May 29 and May 31.