Security News

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

The issue at hand is when the password needs to be reestablished on the Active Directory side of the equation, how do you update the locally cached credentials? The affected user needs to be connected to the corporate network via VPN, and will need to press Ctrl-Alt-Del and choose Change a Password. Known, Expired Password, Unable to Connect - without third-party password reset solutions, the VPN is a requirement here.

One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19. Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.

"Hack-for-hire" organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims' Google credentials. Researchers with Google's Threat Analysis Group warned that they've spotted a spike in activity from several India-based firms that have been creating Gmail accounts that spoof the World Health Organization to send coronavirus-themed phishing emails.

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security. A blog post published Wednesday by security provider Abnormal Security describes how phishing attacks are taking advantage of Amazon Web Services to steal user credentials.

Hackers are trying to sell 26 million LiveJournal account credentials following a reported data breach that happened years ago. Following the theft of LiveJournal's user database, multiple ads were posted by Dark Web data brokers, according to ZDNet.

A data dump containing account information of over 26 million LiveJournal users has been offered for sale on dark web marketplaces and is now being shared for free on underground hacker forums. The data dump, supposedly originating from a 2014 LiveJournal breach, contains email addresses, usernames, profile URLs and plain text passwords of 33+ million users.

The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link. "The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security. As more people work from home due to the coronavirus, a new phishing campaign is impersonating the remote access tool LogMeIn to obtain the account credentials of unsuspecting victims.

A new phishing campaign can bypass multi-factor authentication on Office 365 to access victims' data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. The attack is different than a typical credential harvester in that it attempts to trick users into granting permissions to the application, which can bypass MFA, he said.