steal
-
Blog
Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat actors behind the device code…
Read More » -
Blog
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFA
Hackers are targeting organizations around the world that rely on Microsoft’s Active Directory Federation Services (ADFS) secure access system in an ongoing phishing campaign, according to new research. Analysis from Abnormal Security describes how Microsoft’s ADfS, a legacy single-sign-on (SSO) solution that allows employees to use one set of credentials to authenticate across multiple applications and environments, is being mimicked…
Read More » -
Blog
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed ‘iLeakage’ in October 2023, presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws and ways to exploit them.…
Read More » -
Blog
North Korean IT workers steal source code to extort employers
The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. The security service alerted public and private sector organizations in the United States and worldwide that North Korea’s IT army will facilitate cyber-criminal activities and demand ransoms not to leak online exfiltrated…
Read More » -
Blog
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. The company has told BleepingComputer that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims. “HPE became aware on January 16 of claims being made by a group…
Read More » -
Blog
New macOS malware uses Apple’s own code to quietly steal credentials and personal data — how to stay safe
While Apple’s Macs aren’t targeted by hackers as often as Windows PCs, they’re far from impenetrable. Security researchers at Check Point Research recently pushed out an alert warning 100 million Apple users that a new variant of the infamous Banshee malware has been detected, capable of stealing browser credentials, cryptocurrency wallets, and other personal data. Check Point first uncovered the…
Read More » -
Blog
New Web3 attack exploits transaction simulations to steal crypto
Threat actors are employing a new tactic called “transaction simulation spoofing” to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions. How the attack works Transaction simulation is a feature that allows…
Read More » -
Blog
21 IVR Scripts You Can Steal (And How to Use Them)
Interactive Voice Response (IVR) systems are often the first point of contact between a business and its customers. A well-crafted IVR script sets the tone for the interaction, helping callers navigate quickly and efficiently to the support they need. Clear, intuitive scripts not only save time for both customers and agents but also reduce frustration, leaving a positive impression of…
Read More » -
Blog
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
While you always want to be careful where you click online, a new variation on the classic clickjacking attack should give you pause when a site asks you to double-click on something. As reported by Cybernews, Amazon security engineer Paulos Yibelo has shed light on a new version of this attack that can be used to disable security settings, delete…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/23249791/VRG_ILLO_STK001_carlo_cadenas_cybersecurity_virus.jpg)
Hackers hijacked legitimate Chrome extensions to try to steal data
A cyberattack campaign inserted malicious code into multiple Chrome browser extensions as far back as mid-December, Reuters reported yesterday. The code appeared designed to steal browser cookies and authentication sessions, targeting “specific social media advertising and AI platforms,” according to a blog post from Cyberhaven, one of the companies that was targeted. Cyberhaven blames a phishing email for the attack,…
Read More »