Security News

Researchers have uncovered a database shared on an underground forum containing more than 2,300 compromised Zoom credentials. Etay Maor, chief security officer at IntSights, told Threatpost that the source of the credentials is unknown, but the smaller number of them suggests they didn't come from a Zoom database breach.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

After re-Chroming its Edge browser last summer, Microsoft this week announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals. The third is called Password Monitor, a feature that will tell Edge users when usernames and passwords they've entered on a website have been found on the dark web.

One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users' credentials. Password managers are encrypted vaults employed to store credentials and other sensitive information, and they allow the use of strong, unique credentials for each of the applications and online services an individual uses.

Research from Akamai recently found that up to 75 percent of all credential abuse attacks against the financial services industry in 2019 targeted APIs directly. "We talk about API attacks and the reason why criminals are using targeted methods against API because the traditional 'throw it and hope it sticks' against financial services just isn't cutting it anymore, they have to be more creative," Steve Ragan, security researcher with Akamai, told Threatpost.

According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report's findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed.

The SMS messages purport to be from local U.S. numbers and impersonate banks, warning users of locked bank accounts. The messages urge victims to click on a link, which redirects them to a domain that's known to distribute Emotet.

Just ahead of its Champion's League Round of 16 appearance next week, FC Barcelona's official Twitter account was hacked in an apparent credential-stuffing attack. "FC Barcelona's Twitter accounts have been hacked, which is why messages from outside our club have appeared, and which have been reported and deleted," the team announced on Twitter once it regained control of its social-media presence.

Three ISACA credentials are among the IT industry's top-paying certifications, according to recently released data from the Global Knowledge 2020 IT Skills and Salary Survey. Each of the three ISACA credentials recognized-Certified Information Security Manager, Certified in Risk and Information Systems Control and Certified Information Systems Auditor-landed in the top half of Global Knowledge's 2020 list of top-paying certifications.

Almost a third of internet users affected by data breaches last year had reused a password in some form. "Our data shows that consumers are still not changing their poor password habits, yet we know they're holding organizations accountable for their security." said David Endler, chief product officer for SpyCloud.