Security News

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.

Learn more about what Maor's investigations into underground forums have revealed about how credentials are being uncovered, shared and leveraged to attack remote workers, in this week's Threatpost podcast. Now, a few weeks back, you had found that there were more than 2,000 compromised Zoom credentials that were missing being shared on underground forums.

These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials. A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.

Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations. Hackers have been using information belonging to groups such as World Health Organization, the U.S. Centers for Disease Control and Prevention, the World Bank, the U.S. National Institutes of Health, the Bill and Melinda Gates Foundation and the Wuhan Institute of Virology online in various ways, according to a report by the Washington Post, citing research by the SITE Intelligence Group.

"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware." "Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.

A data set containing 3,954,416 Quidd user credentials was found on a prominent dark web hacking forum, Risk Based Security reports. The data discovered on the dark web, RBS security researchers say, is not up for sale, but access to it is not restricted.

Researchers have found a database of Zoom video conferencing credentials ranging from just an email and password to also include meeting IDs, names and host keys. The latter is possible because Zoom users are remarkably lax about protecting the details - and of course it could be just a small subset of a larger collection of credentials not made available to others.

Researchers have uncovered a database shared on an underground forum containing more than 2,300 compromised Zoom credentials. Etay Maor, chief security officer at IntSights, told Threatpost that the source of the credentials is unknown, but the smaller number of them suggests they didn't come from a Zoom database breach.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

After re-Chroming its Edge browser last summer, Microsoft this week announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals. The third is called Password Monitor, a feature that will tell Edge users when usernames and passwords they've entered on a website have been found on the dark web.