Credentials News, Articles and Updates

Credential stealer masquerades as security product

Malware impersonates Kaspersky antivirus. Security researchers have found malware that steals credentials while pretending to be anti-virus software from Kaspersky.

Same but different: Ensuring fraud and infosec teams speak one language

Even once there's buy-in from fraud and infosec teams, there are often fundamental disconnects in perceptions and points of view that can get in the way of working together.

Indicted Iranian hackers phished targets using library account lures

The nine US-indicted Iranians who stand accused of exfiltrating 31 terabytes of research and data from educational institutions, companies and government agencies, allegedly used phishing schemes to steal university credentials.

Orbitz hit with data breach, info on 880,000 payment cards at risk

The online travel company Orbitz has suffered a major data breach possibly exposing the personal information associated with the owners of up to 880,000 payment cards.

Millions of Fortune 500 email credentials found on the dark web

About 10 percent of the email credentials of all those employed at Fortune 500 companies have been leaked on the dark web, according to a new study.

Lenovo addresses insecure credential storage bug in Fingerprint Manager Pro

Hardware and electronics manufacturer Lenovo disclosed an insecure credential storage vulnerability in its Fingerprint Manager Pro utility software, which can be exploited for local privilege escalation on a variety of systems.

Mobile credential-stealer uses deep link to mimic Uber app

A credentials-stealing malware program disguised as an Android app was recently found spoofing an Uber user interface, and even leveraging a deep link uniform resource identifier from the ride-sharing app to appear legitimate.

Database aggregating 1.4B credentials found on dark web

A single file on the dark web with a database of 1.4 billion clear text credentials not only is the largest aggregate found there but it opens a trove of credentials to even the least sophisticated hackers.

Credential stuffing: People reuse passwords all the time. Shocker, I know.

A new BeyondTrust survey has revealed that nearly half of all organisations (49 percent) reuse passwords across multiple systems, despite knowing better, reports Brian Chappell.

Russian underground shop selling RDP servers for £11 or less

Russian dark web marketplace Ultimate Anonymity Services (UAS) is selling 35,000 compromised Remote Desktop Protocol servers, which criminals can use to anonymise themselves or access victims' networks.

17-year-old auth protocol riddled with vulnerabilities, needs patching

Two new flaws have been discovered in Windows NTLM security protocols which could result in unauthorised credential use, password cracking and domain compromise.

One million Yahoo and Gmail account passwords for sale on the dark web

More than one million Yahoo and Gmail accounts - including usernames, email addresses and plain text passwords - are reportedly for sale on the dark web

Roundtable: Why the Tesco Bank attack means we are all vulnerable

SC Media UK's latest Roundtable - The Tesco Hack: could it happen to you?, sponsored by SC Jobs - concluded with a resounding 'yes', so although the details are still not clear, it's clear that we need to prepare.

Password thefts and account hijacking - why every data dump should be on your mind

The theft of millions of password credentials can lead to automated attacks on other companies' sites. But Stephen Singam asks how can they be prepared to spot this risk?

Porn site users urged to protect themselves by using 'safe words'

Nearly 800,000 users' details have been stolen from porn chat site Brazzers, leading some pundits to advise users to be more creative with their passwords.

How to protect against compromised credentials — without affecting employee productivity

François Amigorena explains why compromised credentials are a major cyber-threat to organisations and how cumbersome security wastes time, whereas contextual awareness allows greater security automatically.

Order of Malta breach contains unhashed government credentials

A white hat researcher discovered a pair of data breaches in which email and password credentials of government employees was dumped on Pastebin.

Chinese hackers rob over 18M user credentials via Japanese server

Over 18 million user credentials have been found on a server of a Japanese company who let Chinese hackers use it in their attacks.

Steam Stealer malware steamrollering gamers to steal credentials

A new security report from Kaspersky Lab is shedding light on Steam Stealer, a growing family of malware that hackers are using to steal credentials for Valve Corporation's Steam online gaming platform.

ICYMI: NatWest gets 'smished', Locky runs rampant and more

In this week's In Case You Missed It, we look back at NatWest 'smishing' scams, Locky runs rampant, companies taking cyber-security more seriously and other stories.

Free honeypot tool launched at RSA 2016 to help network admins

A free honeypot chock full of fake domain credentials has been created to educate administrators on trapping and blocking attackers.

Netflix and Uber customers target for hackers

Cyber-security company Trend Micro have spotted a large uptick in Netflix and Uber credentials being sold by illicit deep web vendors

Mighty morphin malware dangers

The modular CoreBot Trojan login credential stealer has started morphing and now it has turned into a fully fledged bank robber instead.

Ashley Madison's source code reveals poor security practices

Security credentials hard coded into repositories could have helped hackers, according to research by security consultant Gabor Szathmari.

System admins targeted in jQuery hack

Users of the JQuery website development tool - who are mainly 'privileged' users like system admins and developers - are being warned they could have been served with the RIG credentials-stealing malware in a hack that was launched more than a week ago.

Context is king

Context-aware security can make intelligent decisions while allowing mobile users to get the job done.

Cyber Monday a fraud bonanza day

Fraud and disruption attacks are set to result in losses of £2.1 million per hour on Monday December 2, the busiest day of the year for daily online and mobile retail sales to consumers taking advantage of Cyber Monday discounts.