Security News

SolarWinds left critical hardcoded credentials in its Web Help Desk product
2024-08-22 22:36

Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote,...

Qilin ransomware now steals credentials from Chrome browsers
2024-08-22 21:40

The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. [...]

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
2024-08-22 16:35

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances....

SolarWinds fixes hardcoded credentials flaw in Web Help Desk
2024-08-22 15:01

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. [...]

Czech Mobile Users Targeted in New Banking Credential Theft Scheme
2024-08-20 19:59

Mobile users in the Czech Republic are the target of a novel phishing campaign that leverages a Progressive Web Application (PWA) in an attempt to steal their banking account credentials. The...

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
2024-08-16 14:25

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a...

Russian who sold 300,000 stolen credentials gets 40 months in prison
2024-08-14 23:11

​Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of...

Russian cyber snoops linked to massive credential-stealing campaign
2024-08-14 18:45

Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish Russia's Federal Security Service (FSB) cyberspies, joined by a new digital snooping crew, have been conducting a massive...

Point of entry: Why hackers target stolen credentials for initial access
2024-08-06 14:01

Criminals increasingly deploy stolen credentials to gain initial access to user accounts, bringing new demands for security. Credentials can also be guessed through approaches like brute force attacks, where cybercriminals deploy tools that test password combinations continuously until they discover the right one.

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
2024-07-27 05:47

Cybersecurity researchers have discovered a malicious package on the Python Package Index repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "Lr-utils-lib," attracted a total of 59 downloads before it was taken down.