Security News

A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies.

The credentials of 3.5 million users of MobiFriends, a popular dating app, have surfaced on a prominent deep web hacking forum, according to researchers. The compromised credentials were originally posted for sale on an underground forum on Jan. 12 by a threat actor named "DonJuji," according to a RBS post on Thursday.

A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies. A new report from cybersecurity firm BlackCloak details widespread vulnerabilities among the executive suite at some of the largest pharmaceutical companies on planet Earth.

The InfinityBlack hacking group, which is responsible for selling millions of stolen credentials, has been dismantled. "A number of investigation measures by specialists from the Cyber Investigation Division of the Vaud Cantonal Police made it possible to dismantle the InfinityBlack hackers' network, set up to exploit this data to the detriment of businesses," according to Europol's Tuesday announcement.

A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization. The "Widespread, ongoing phishing campaign" is using emails that claim to be from specific officers at the Financial Industry Regulatory Authority, in an attempt to direct investment brokers to give up their Microsoft Office or SharePoint passwords, according to a post on the organization's website.

UPDATE. GoDaddy, the world's largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. The company said that the breach only affected hosting accounts, not general GoDaddy.com customer accounts, and that no customer data in the main accounts was accessed.

Phishers are trying to trick investment brokers into sharing their Microsoft Office or SharePoint login credentials by impersonating FINRA, a non-governmental organization that regulates member brokerage firms and exchange markets. Phishers target investment brokers with malicious emails.

A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.

NextgenID, a technology leader in trusted identity assurance and credentialing solutions, announced its frictionless procurement model offering to provide federal agencies with additional payment options for the ID*Capture Kiosk and Supervised Remote In-person Proofing. With the Identity-as-a-Service pay-as-you-go business model, agencies are able to immediately deploy and exercise state-of-the-art equipment and software on-site without the need for a capital expenditure.

Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud. The recent data breach that hit Nintendo affected 160,000 people, resulting in account takeovers and financial losses for a host of users.