Security News

VMware fixes bug exposing CF API admin credentials in audit logs
2023-07-25 15:45

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment caused by credentials being logged and exposed via system audit logs. Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don't require user interaction.

Over 400,000 corporate credentials stolen by info-stealing malware
2023-07-25 13:15

The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.

OpenAI credentials stolen by the thousands for sale on the dark web
2023-07-19 19:26

Threat actors are showing an increased interest in generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials for sale on the dark web and access to a malicious alternative for ChatGPT. Both less skilled and seasoned cybercriminals can use the tools to create more convincing phishing emails that are customized for the intended audience to grow the chances of a successful attack. Hackers tapping into GPT AI. In six months, the users of the dark web and Telegram mentioned ChatGPT, OpenAI's artificial intelligence chatbot, more than 27,000 times, shows data from Flare, a threat exposure management company, shared with BleepingComputer.

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud
2023-07-14 10:12

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform services, marking the adversary's expansion in targeting beyond Amazon Web Services. They also overlap with an ongoing TeamTNT campaign disclosed by Aqua called Silentbob that leverages misconfigured cloud services to drop malware as part of what's said to be a testing effort, while also linking SCARLETEEL attacks to the threat actor, citing infrastructure commonalities.

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
2023-06-26 10:54

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The group, which drew worldwide attention for the SolarWinds supply chain compromise in December 2020, has continued to rely on unseen tooling in its targeted attacks aimed at foreign ministries and diplomatic entities.

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces
2023-06-20 08:12

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials. The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

Google Chrome password manager gets new safeguards for your credentials
2023-06-08 16:00

Google Chrome is getting new security-enhancing features for the built-in Password Manager, making it easier for users to manage their passwords and stay safe from account hijacking attacks. The Chrome Password Manager is an integrated part of Google's services that can manage and autofill credentials on the Chrome browser and other Google software products, syncing the login information across all apps used by the same Google Account.

The Genesis Market Takedown – Keep Users Credentials Secure
2023-06-05 14:05

For years, "Dark" markets have contained stolen credentials for sale. Users often reuse the same credentials across multiple services, making them vulnerable to theft.

Phishers use encrypted file attachments to steal Microsoft 365 account credentials
2023-05-26 05:00

Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials. "The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."

‘Operation Magalenha’ targets credentials of 30 Portuguese banks
2023-05-25 11:00

A Brazilian hacking group has been targeting thirty Portuguese government and private financial institutions since 2021 in a malicious campaign called 'Operation Magalenha. The attackers use many methods to distribute their malware to targets, including phishing emails pretending to come from Energias de Portugal and the Portuguese Tax and Customs Authority, social engineering, and malicious websites that mimic these organizations.