Cisco confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser.“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account” “The user had enabled password […]
A stolen password gave criminals access to 140,000 payment terminals used worldwide to process credit card payments. The payment terminals are from the company Wiseasy and are used by restaurants, hotels, shops and schools, especially in Asia. Through the Wisecloud cloud service, customers’ devices can be managed, configured and updated remotely by Wiseasy. The passwords […]
Microsoft phishing attacks have targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.In […]
Microsoft phishing attacks have targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.In […]
An engineer changed his Expersian account at Experian with a strong password in 2020 to place a security freeze on a credit file. Two years later he received an email from Experian saying the email address on his account had been changed. Experian’s password reset process was useless at that point because any password reset […]
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected of 140 million users to enable two-factor authentication for targeted advertising.
‘MFA Bombing’ examples include:– Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.– Sending one or two prompts per day. This method often attracts less attention, but “there is still a good chance the target will accept the MFA request.”– Calling the target, pretending to be […]
A group of attackers calling themselves Lapsus$, and previously responsible for attacks on chip giant NVIDIA, Portuguese media giant Impresa and the Brazilian Ministry of Health, posted screenshots on their Telegram channel showing that they have access to Okta systems. Okta offers solutions for identity and access management. “More than 15,000 global brands entrust Okta […]
Escobar malware steals Google Authenticator multi-factor authentication codes, and this malware is the remake of the Aberebot Android banking trojan. This new version of Aberebot Android banking trojan has been detected with a name and icon similar to the legitimate anti-virus app McAfee, and it enables its operators to perform the following tasks:– Using VNC take […]
Cyber attacks against European companies and public authorities are on the rise, according to the European Cybersecurity Agency (ENISA) and the Computer Emergency Response Team for EU Agencies (CERT-EU). According to both parties, the increase can be explained by the threat of ransomware, cybercriminals are increasingly financially motivated and there is an exponential increase in […]