credentials
-
Blog
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. The zero-day allows the threat actors to dump the credentials from memory after the user authenticated with the VPN device Volexity researchers report that they discovered this flaw earlier this summer and reported it to Fortinet, but…
Read More » -
Blog
Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. Quad7, also known as CovertNetwork-1658 or xlogin, is a botnet first discovered by security researcher Gi7w0rm that consists of compromised SOHO routers. Later reports by Sekoia and Team Cymru reported that the threat actors are targeting routers and networking devices from TP-Link,…
Read More » -
Blog
Organizations warned of the dangers of ‘long-lived’ cloud credentials
‘Long-lived’ cloud credentials are still a major risk for organizations across all cloud providers, according to new research from Datadog, and nearly half or organizations are using them. These cloud credentials never expire and are a major security risk, often leaked in source code, container images, build logs and application artifacts – indeed, they’re the most common cause of publicly…
Read More » -
Blog
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in June. Roundcube Webmail is an…
Read More » -
Blog
ADT discloses second breach in 2 months, hacked via stolen credentials
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs over 14,000 people and has an annual revenue of $4.98…
Read More » -
Blog
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products are used by over 300,000…
Read More » -
Blog
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. Attack overview The attack that Sophos researchers analyzed started with Qilin gaining access…
Read More » -
Blog
Hackers are flocking to a new SMS spam tool – ‘Xeon Sender’ exploits cloud APIs and exposed credentials to supercharge phishing campaigns
Security researchers have issued a warning over a phishing tool that threat actors can use via SaaS providers to send spam messages en-masse. The tool, dubbed ‘Xeon Sender’ by SentinelLabs, is a cloud-based attack tool that can send spam messages via nine different SaaS providers. The tool is also known by alternative names, including ‘XeonV5’ and ‘SVG Sender’. It’s built…
Read More » -
Blog
Russian who sold 300,000 stolen credentials gets 40 months in prison
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. In a Wednesday press release, the U.S. Department of Justice said that Kavzharadze (also known as TeRorPP, Torqovec, and PlutuSS) sold vast amounts…
Read More »