Security News

A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.

NextgenID, a technology leader in trusted identity assurance and credentialing solutions, announced its frictionless procurement model offering to provide federal agencies with additional payment options for the ID*Capture Kiosk and Supervised Remote In-person Proofing. With the Identity-as-a-Service pay-as-you-go business model, agencies are able to immediately deploy and exercise state-of-the-art equipment and software on-site without the need for a capital expenditure.

Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud. The recent data breach that hit Nintendo affected 160,000 people, resulting in account takeovers and financial losses for a host of users.

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.

Learn more about what Maor's investigations into underground forums have revealed about how credentials are being uncovered, shared and leveraged to attack remote workers, in this week's Threatpost podcast. Now, a few weeks back, you had found that there were more than 2,000 compromised Zoom credentials that were missing being shared on underground forums.

These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials. A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.

Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations. Hackers have been using information belonging to groups such as World Health Organization, the U.S. Centers for Disease Control and Prevention, the World Bank, the U.S. National Institutes of Health, the Bill and Melinda Gates Foundation and the Wuhan Institute of Virology online in various ways, according to a report by the Washington Post, citing research by the SITE Intelligence Group.

"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware." "Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.

A data set containing 3,954,416 Quidd user credentials was found on a prominent dark web hacking forum, Risk Based Security reports. The data discovered on the dark web, RBS security researchers say, is not up for sale, but access to it is not restricted.

Researchers have found a database of Zoom video conferencing credentials ranging from just an email and password to also include meeting IDs, names and host keys. The latter is possible because Zoom users are remarkably lax about protecting the details - and of course it could be just a small subset of a larger collection of credentials not made available to others.