YouTube ‘influencers’ get 2FA tokens phished
100K or so creators in the YouTube car community were targeted by a phishing campaign that captured 2FA codes. Continue reading YouTube ‘influencers’ get 2FA tokens phished
Category Archives: account hijacking
Twitter turns off SMS texting after @Jack hijacking
Two problems, Twitter says: vulnerabilities that mobile carriers need to fix & its reliance on linked numbers for 2FA. Continue reading Twitter turns off SMS texting after @Jack hijacking
Report: 53% of social media logins are fraudulent
Most attacks are from botnets. The goals: spreading spam, stealing data, spreading propaganda, and social-engineering consumers for profit. Continue reading Report: 53% of social media logins are fraudulent
Researchers reveal the latest lateral phishing tactics
Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 late… Continue reading Researchers reveal the latest lateral phishing tactics
Business security in the age of malicious bots
As most technologies, bots can be used for good and bad purposes, and the information security industry is doing its best to minimize the adverse effects of the latter activities. Bots everywhere “At its core, automation enables a bad actor to sc… Continue reading Business security in the age of malicious bots
How effective are login challenges at preventing Google account takeovers?
Despite implementation bugs that might affect the security of physical security keys, they are the strongest protection against phishing currently available, Google maintains. On-device prompts and SMS codes are also extremely successful at blocking ac… Continue reading How effective are login challenges at preventing Google account takeovers?
Most adults are concerned about malware and phishing on social media
More than eighty percent of adults believe that they’re at risk when it comes to security on social media. Most American adults are using at least one social media platform daily, and three-quarters are interested in protecting themselves and the… Continue reading Most adults are concerned about malware and phishing on social media
Hackers used credentials of a Microsoft Support worker to access users’ webmail
On Friday, an unknown number of customers of Microsoft’s webmail services (Outlook.com, Hotmail, MSN Mail) received a notice from the company telling them that attackers had access to their email account for three months. “We have identifie… Continue reading Hackers used credentials of a Microsoft Support worker to access users’ webmail
Who are the biggest targets of credential stuffing attacks?
Media organizations, gaming companies, and the entertainment industry are among the biggest targets of credential stuffing attacks, in which malicious actors tap automated tools to use stolen login information to attempt to gain access to user accounts… Continue reading Who are the biggest targets of credential stuffing attacks?
Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts
Where possible, and especially for important accounts such as Office 365 and G Suite accounts, the prevailing advice for users is to enable two-factor authentication. Unfortunately, that security measure does not stop some attackers that engage in pass… Continue reading Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts