credentials
-
Blog
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products are used by over 300,000…
Read More » -
Blog
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. Attack overview The attack that Sophos researchers analyzed started with Qilin gaining access…
Read More » -
Blog
Hackers are flocking to a new SMS spam tool – ‘Xeon Sender’ exploits cloud APIs and exposed credentials to supercharge phishing campaigns
Security researchers have issued a warning over a phishing tool that threat actors can use via SaaS providers to send spam messages en-masse. The tool, dubbed ‘Xeon Sender’ by SentinelLabs, is a cloud-based attack tool that can send spam messages via nine different SaaS providers. The tool is also known by alternative names, including ‘XeonV5’ and ‘SVG Sender’. It’s built…
Read More » -
Blog
Russian who sold 300,000 stolen credentials gets 40 months in prison
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. In a Wednesday press release, the U.S. Department of Justice said that Kavzharadze (also known as TeRorPP, Torqovec, and PlutuSS) sold vast amounts…
Read More »