Using Fake Student Accounts to Shill Brands

Schneier on Security

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account.

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack. Full account takeover. Sexuality, relationships and online dating are all rather personal things.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Security Boulevard

The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on The Shared Security Show. The post Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation appeared first on Security Boulevard.

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts.

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

The researchers identified around 15,000 actor accounts, most of which were created for this campaign. The post YouTube creators’ accounts hijacked with cookie-stealing malware appeared first on Security Affairs.

CIS Control 5: Account Management

Security Boulevard

It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to […]… Read More.

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.

Stolen Fortnite Accounts Earn Hackers Millions Per Year

Threatpost

More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone.

Nando’s Hackers Feast on Customer Accounts

Threatpost

Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders. Breach Hacks Web Security Account Credentials account takeover compromise Credential stuffing high volume orders nando's peri peri chicken

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The now-banned Instagram account for the middleman @trusted/beam.

Compromised cloud accounts leading to Cryptocurrency mining

CyberSecurity Insiders

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers.

Intuit Clients Warned of Hacked TurboTax Accounts

Heimadal Security

Intuit has informed TurboTax clients that some of their private and financial information was accessed by threat actors following what seems to be a sequence of account takeover attacks. The post Intuit Clients Warned of Hacked TurboTax Accounts appeared first on Heimdal Security Blog.

Planning to Prevent Account Takeover

Security Boulevard

One such area of planning is the issue of password hygiene and account. The post Planning to Prevent Account Takeover appeared first on Enzoic. The post Planning to Prevent Account Takeover appeared first on Security Boulevard.

Gamers in Disguise: Protecting Online Gaming from Account Takeover Fraud

Security Boulevard

The post Gamers in Disguise: Protecting Online Gaming from Account Takeover Fraud appeared first on Security Boulevard. Security Bloggers Network account takeover

GoDaddy Hack Breaches Hosting Account Credentials

Threatpost

Breach Hacks Privacy Web Security Account Credentials cyberattack data breach domain name registrar GoDaddy hack hosting accounts password resetThe domain registrar giant said that the breach started in October 2019.

The Best Twitter Cybersecurity Accounts You Should Follow [Updated 2021]

Heimadal Security

If you’re using Twitter and want to stay on top of the biggest cybersecurity news out there, you may be asking which are the best accounts you […]. The post The Best Twitter Cybersecurity Accounts You Should Follow [Updated 2021] appeared first on Heimdal Security Blog.

Box flaw allowed to bypass MFA and takeover accounts

Security Affairs

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. This made it possible to access the victim’s Box account without the victim’s phone and without notifying the user via SMS.”

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group.

YouTube Accounts Hijacked by Cookie Theft Malware

Hacker Combat

Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker’s intent was to use those accounts to promote different crypto-currency scams. .

Twitter Removes Russian Disinformation Accounts

Security Boulevard

23, 2021 Twitter booted a gaggle of accounts from its platform, including those determined to be associated with the Russian government and the well-known disinformation machine Internet Research Agency (IRA). On Feb.

Phishing campaign targets Tiktok influencer accounts

Security Affairs

Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’ accounts.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

Reached via phone, IDI Holdings CEO Derek Dubner acknowledged that a review of the consumer records sampled from the fraud group’s shared communications indicates “a handful” of authorized IDI customer accounts had been compromised.

An Insider's Account of Disclosing Vulnerabilities

Dark Reading

Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes

Why Preventing Financial Account Takeover Attacks is Important for Banks and Fintechs

Security Boulevard

Financial account takeover is a form of identity fraud where fraudsters use stolen credentials to break into digital financial accounts of genuine customers. Security Bloggers Network account takeover

NY AG Warns Credential Stuff Compromised 1.1M Accounts

Security Boulevard

million online accounts have been compromised by cyberattacks involving credential stuffing. Accounts appeared first on Security Boulevard. New York Attorney General Letitia James has put 17 companies on notice that 1.1

Account Hijacking Forum OGusers Hacked

Krebs on Security

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. Some complained they were already receiving phishing emails targeting their OGusers accounts and email addresses. . Ogusers[.]com

How To Hack into a Digital Account in a Few Easy Steps

Security Boulevard

Account security should be one of the biggest priorities for digital businesses today. Ensuring that user accounts are protected is paramount. The post How To Hack into a Digital Account in a Few Easy Steps appeared first on Security Boulevard.

New Twitter phishing campaign targets verified accounts

Bleeping Computer

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error. [.].

Nintendo Confirms Breach of 160,000 Accounts

Threatpost

After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. Breach Web Security data breach Fortnite Nintendo Nintendo account hack nintendo breach NNID wii U

TikTok phishing threatens to delete influencers’ accounts

Bleeping Computer

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers. [.].

483 Crypto.com accounts compromised in $34 million hack

Bleeping Computer

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of 400 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform. [.].

Fake New Account Registration Fraud Rose 70% in H1 2021

Security Boulevard

Whether it is fake new account registration – where fraudsters use stolen or synthetic credentials to create new digital accounts – or account takeover fraud, fraudsters are impersonating authentic users to abuse and monetize digital accounts.

Crypto.com confirms 483 accounts hacked, $34 million withdrawn

Bleeping Computer

Crypto.com has confirmed that a multi-million dollar cyberattack led to the compromise of 483 of its customer accounts. Although, the company's CEO stresses that customer funds are not at risk. Crypto.com is reportedly the world's third-largest cryptocurrency trading platform. [.].

Microsoft announces passwordless authentication for consumer accounts

Security Affairs

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

Stories from the SOC – Inactive Account Exploitation

CyberSecurity Insiders

Because of this, maintenance and auditing of user accounts is an integral part of maintaining a good security posture. When an employee leaves a company or organization, it is important that all associated accounts be removed and permissions revoked.

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

Tech Republic Security

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope

Containerd Bug Exposes Cloud Account Credentials

Threatpost

Cloud Security Vulnerabilities Bug cloud accounts container image-pulling containerd credential leak CVE-2020-15157 google compute platform host registry security vulnerabilityThe flaw (CVE-2020-15157) is located in the container image-pulling process.

Microsoft Lets Users Fully Remove Account Passwords

Dark Reading

Users can now delete passwords from their Microsoft account and instead use Windows Hello, Microsoft Authenticator, or physical security keys to log in

Several High-Profile Twitter accounts hacked in a Bitcoin scam

Security Affairs

The social media platform Twitter suffered one of the biggest cyberattacks in its history, multiple high-profile accounts were hacked. All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam.

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Security Affairs

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. According to the expert, the vulnerability only impacts consumer accounts. Microsoft Account Takeover!

Facebook and Google Account Authentication | Avast

Security Boulevard

Earlier this month, our team wrote about the latest Facebook data breach and offered suggestions on how to improve your account security. Let's now walk through the steps you can take to enable two-factor authentication on your accounts.

How I hacked my friend’s PayPal account

We Live Security

Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here's how to stay safe from a simple but effective attack. The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity.