Security News

One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users' credentials. Password managers are encrypted vaults employed to store credentials and other sensitive information, and they allow the use of strong, unique credentials for each of the applications and online services an individual uses.

Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly. "We talk about API attacks and the reason why criminals are using targeted methods against API because the traditional 'throw it and hope it sticks' against financial services just isn't cutting it anymore, they have to be more creative," Steve Ragan, security researcher with Akamai, told Threatpost.

According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report's findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed.

The SMS messages purport to be from local U.S. numbers and impersonate banks, warning users of locked bank accounts. The messages urge victims to click on a link, which redirects them to a domain that's known to distribute Emotet.

Just ahead of its Champion's League Round of 16 appearance next week, FC Barcelona's official Twitter account was hacked in an apparent credential-stuffing attack. "FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted," the team announced on Twitter once it regained control of its social-media presence.

Three ISACA credentials are among the IT industry's top-paying certifications, according to recently released data from the Global Knowledge 2020 IT Skills and Salary Survey. Each of the three ISACA credentials recognized-Certified Information Security Manager, Certified in Risk and Information Systems Control and Certified Information Systems Auditor-landed in the top half of Global Knowledge's 2020 list of top-paying certifications.

Almost a third of internet users affected by data breaches last year had reused a password in some form. "Our data shows that consumers are still not changing their poor password habits, yet we know they're holding organizations accountable for their security." said David Endler, chief product officer for SpyCloud.

Learn how to avoid saving your Docker login credentials in plain text by creating an encrypted credential storage.

Learn how to avoid saving your Docker login credentials in plain text by creating an encrypted credential storage. I want to walk you through the process of enabling secure credential storage in Docker.

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week. When examining these new ransomware samples, analysts found that FTCODE had recently been updated to steal credentials and passwords from popular browsers, including Microsoft Internet Explorer, Mozilla Firefox and Google Chrome, according to an analysis by Zscaler ThreatLabZ researchers Rajdeepsinh Dodia, Amandeep Kumar and Atinderpal Singh.