Latest Credential Theft news

Microsoft: APT28 hackers exploit Windows flaw reported by NSA

Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
- Sergiu Gatlan
- April 22, 2024
- 01:22 PM
- 0
SIM swappers hijacking phone numbers in eSIM attacks

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
- Bill Toulas
- March 14, 2024
- 02:08 PM
- 5
Jason’s Deli says customer data exposed in credential stuffing attack

Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.
- Bill Toulas
- January 23, 2024
- 11:44 AM
- 1
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
- Sergiu Gatlan
- January 16, 2024
- 12:34 PM
- 0
Fake 401K year-end statements used to steal corporate credentials

Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
- Bill Toulas
- January 10, 2024
- 01:33 PM
- 0
AutoSpill attack steals credentials from Android password managers

Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.
- Bill Toulas
- December 09, 2023
- 10:14 AM
- 3
Hackers hijack Citrix NetScaler login pages to steal credentials

Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.
- Bill Toulas
- October 09, 2023
- 10:45 AM
- 0
Russian hackers target govt orgs in Microsoft Teams phishing attacks

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks.
- Sergiu Gatlan
- August 02, 2023
- 03:52 PM
- 2
Genesis Market infrastructure and inventory sold on hacker forum

The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "next month."
- Ionut Ilascu
- July 14, 2023
- 04:29 PM
- 0
Sponsored Content
Cyberattacks through Browser Extensions – the Importance of MFA

More and more attacks are occurring via browser extensions or user-profile installations of tools. Learn more about these attacks from Specops Software and what you can do to protect yourself.
- Sponsored by Specops Software
- July 13, 2023
- 10:02 AM
- 0
Massive phishing campaign uses 6,000 sites to impersonate 100 brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites.
- Bill Toulas
- June 13, 2023
- 09:00 AM
- 1
Exploit released for Veeam bug allowing cleartext credential theft

Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software.
- Sergiu Gatlan
- March 23, 2023
- 12:18 PM
- 2
Ukraine dismantles hacker gang that stole 30 million accounts

The cyber department of Ukraine's Security Service (SSU) has taken down a group of hackers that stole accounts of about 30 million individuals and sold them on the dark web.
- Bill Toulas
- September 23, 2022
- 09:24 AM
- 0
Death of Queen Elizabeth II exploited to steal Microsoft credentials

Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to sites that steal their Microsoft account credentials.
- Sergiu Gatlan
- September 14, 2022
- 01:52 PM
- 0
Ukraine arrests cybercrime gang operating over 400 phishing sites

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians.
- Bill Toulas
- June 29, 2022
- 11:27 AM
- 1
Zimbra bug allows stealing email logins with no user interaction

Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction.
- Bill Toulas
- June 15, 2022
- 02:01 PM
- 0
Telegram’s blogging platform abused in phishing attacks

Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials.
- Bill Toulas
- June 01, 2022
- 06:00 AM
- 0
Ukrainian imprisoned for selling access to thousands of PCs

Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Ukraine, was sentenced today to 4 years in prison for stealing thousands of login credentials per week and selling them on a dark web marketplace.
- Sergiu Gatlan
- May 12, 2022
- 05:10 PM
- 1
New BlackGuard password-stealing malware sold on hacker forums

A new information-stealing malware named BlackGuard is winning the attention of the cybercrime community, now sold on numerous darknet markets and forums for a lifetime price of $700 or a subscription of $200 per month.
- Bill Toulas
- March 31, 2022
- 03:30 PM
- 2
Sponsored Content
Consistency in password resets helps block credential theft

As important as end user training and message filtering may be, there is a third method that tip the odds in their favor. Because phishing attacks often come disguised as password reset emails, it is important to handle password resets in a way that makes it obvious that email messages are not part of the password reset process.
- Sponsored by Specops
- March 29, 2022
- 10:01 AM
- 0