CIS Control 5: Account Management

Security Boulevard

It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to […]… Read More.

Hacking Grindr Accounts with Copy and Paste

Troy Hunt

The vulnerability allow an attacker to hijack any account. On a surface of it, things looked bad: complete account takeover with a very trivial attack. Full account takeover. Sexuality, relationships and online dating are all rather personal things.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Sendgrid Under Siege from Hacked Accounts

Krebs on Security

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.

Intuit Clients Warned of Hacked TurboTax Accounts

Heimadal Security

Intuit has informed TurboTax clients that some of their private and financial information was accessed by threat actors following what seems to be a sequence of account takeover attacks. The post Intuit Clients Warned of Hacked TurboTax Accounts appeared first on Heimdal Security Blog.

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked.

Nando’s Hackers Feast on Customer Accounts

Threatpost

Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders. Breach Hacks Web Security Account Credentials account takeover compromise Credential stuffing high volume orders nando's peri peri chicken

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Krebs on Security

Facebook, Instagram , TikTok , and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The now-banned Instagram account for the middleman @trusted/beam.

Why Preventing Financial Account Takeover Attacks is Important for Banks and Fintechs

Security Boulevard

Financial account takeover is a form of identity fraud where fraudsters use stolen credentials to break into digital financial accounts of genuine customers. Security Bloggers Network account takeover

Stolen Fortnite Accounts Earn Hackers Millions Per Year

Threatpost

More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone.

Gamers in Disguise: Protecting Online Gaming from Account Takeover Fraud

Security Boulevard

The post Gamers in Disguise: Protecting Online Gaming from Account Takeover Fraud appeared first on Security Boulevard. Security Bloggers Network account takeover

You can now eliminate the password for your Microsoft account

Tech Republic Security

By using an alternative means of authentication, you can now go passwordless on your Microsoft account

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Threatpost

Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.

Microsoft announces passwordless authentication for consumer accounts

Security Affairs

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. The post Microsoft announces passwordless authentication for consumer accounts appeared first on Security Affairs.

How to Permanently Delete Your Facebook Account

WIRED Threat Level

If you've finally hit your breaking point, here's how to say goodbye to Mark Zuckerberg's empire. Security Security / Security Advice

Preventing Account Takeover, Enable MFA!

Security Boulevard

The post Preventing Account Takeover, Enable MFA! Welcome to October where we celebrate National Cybersecurity Awareness Month! In a previous job, we would host a Cybersecurity Expo and learn together.

Twitter Removes Russian Disinformation Accounts

Security Boulevard

23, 2021 Twitter booted a gaggle of accounts from its platform, including those determined to be associated with the Russian government and the well-known disinformation machine Internet Research Agency (IRA). On Feb.

GoDaddy Hack Breaches Hosting Account Credentials

Threatpost

Breach Hacks Privacy Web Security Account Credentials cyberattack data breach domain name registrar GoDaddy hack hosting accounts password resetThe domain registrar giant said that the breach started in October 2019.

Fake New Account Registration Fraud Rose 70% in H1 2021

Security Boulevard

Whether it is fake new account registration – where fraudsters use stolen or synthetic credentials to create new digital accounts – or account takeover fraud, fraudsters are impersonating authentic users to abuse and monetize digital accounts.

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

Reached via phone, IDI Holdings CEO Derek Dubner acknowledged that a review of the consumer records sampled from the fraud group’s shared communications indicates “a handful” of authorized IDI customer accounts had been compromised.

Microsoft Lets Users Fully Remove Account Passwords

Dark Reading

Users can now delete passwords from their Microsoft account and instead use Windows Hello, Microsoft Authenticator, or physical security keys to log in

Several High-Profile Twitter accounts hacked in a Bitcoin scam

Security Affairs

The social media platform Twitter suffered one of the biggest cyberattacks in its history, multiple high-profile accounts were hacked. All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam.

Account Hijacking Forum OGusers Hacked

Krebs on Security

com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. Some complained they were already receiving phishing emails targeting their OGusers accounts and email addresses. . Ogusers[.]com

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

We Live Security

The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity. The man was after sexually explicit photos and videos that he would then share online or store in his own collection.

How To Secure Your Snapchat Account

SecureBlitz

If you want to learn how to secure your Snapchat account, read this post. million accounts were hacked, and their contact information was published online. The post How To Secure Your Snapchat Account appeared first on SecureBlitz Cybersecurity.

How to Prevent Account Takeovers in 2021

Threatpost

Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. InfoSec Insider Web Security

Nintendo Confirms Breach of 160,000 Accounts

Threatpost

After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. Breach Web Security data breach Fortnite Nintendo Nintendo account hack nintendo breach NNID wii U

How to Recover Your Gmail, Yahoo, Microsoft, Facebook, Twitter or Instagram Account

Heimadal Security

So you got hacked or forgot your login credentials and lost access to your email or social media account. The post How to Recover Your Gmail, Yahoo, Microsoft, Facebook, Twitter or Instagram Account appeared first on Heimdal Security Blog. Account security How to Social

Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw

Security Affairs

A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any account. According to the expert, the vulnerability only impacts consumer accounts. Microsoft Account Takeover!

Facebook and Google Account Authentication | Avast

Security Boulevard

Earlier this month, our team wrote about the latest Facebook data breach and offered suggestions on how to improve your account security. Let's now walk through the steps you can take to enable two-factor authentication on your accounts.

Google to auto-enroll 150 million user accounts into 2FA

Bleeping Computer

Google announced today that they plan on auto-enrolling 150 million accounts into two-factor authentication by the end of 2021. [.]. Google Security

FlyTrap malware hijacks thousands of Facebook accounts

Bleeping Computer

A new Android threat that researchers call FlyTrap has been hijacking Facebook accounts of users in more than 140 countries by stealing session cookies. [.].

Integrating password policies in WooCommerce account forms

Security Boulevard

The post Integrating password policies in WooCommerce account forms appeared first on WP White Security. The post Integrating password policies in WooCommerce account forms appeared first on Security Boulevard.

Containerd Bug Exposes Cloud Account Credentials

Threatpost

Cloud Security Vulnerabilities Bug cloud accounts container image-pulling containerd credential leak CVE-2020-15157 google compute platform host registry security vulnerabilityThe flaw (CVE-2020-15157) is located in the container image-pulling process.

Threat Actors Target South Korean and Aussie Users with Malicious Emails Disguised as Accounting Ledgers

Hot for Security

The subject line reads “Account Ledger for 2020-2021,” and the email body encourages recipients to verify the attachment. Alerts Industry News Accounting ledger malicious attachment malspam phishing RAT Remote Access Trojan

How to delete your Twitter account: the deactivation process

Malwarebytes

You may decide to delete your Twitter account, because social media isn’t for everyone. Perhaps you set up an account to see what the big deal is. Whatever your reason, if you’re looking to delete your account, you’ve come to the right place. Twitter account deactivation.

Spotify Users Hit with Rash of Account Takeovers

Threatpost

Breach Cloud Security Hacks Web Security account takeover Credential stuffing cyberattack elasticsearch database music streaming password reuse Spotify spotify credentials vpnMentorUsers of the music streaming service were targeted by attackers using credential-stuffing approaches.

How to check if someone else accessed your Google account

Tech Republic Security

Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account

Moodle flaw exposed users to account takeover

Security Affairs

Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. For these demonstrations, we are going to have 4 different accounts. Every Moodle website has at least one administrator account, as it is created during the setup.

OSINT: Mapping Threat Actor Social Media Accounts

Security Boulevard

A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk.

Media 105

How ghost accounts could leave your organization vulnerable to ransomware

Tech Republic Security

Active accounts for people who have left your organization are ripe for exploitation, according to Sophos

T-Mobile was breached: Here's how to protect your account

Tech Republic Security

T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts

Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

Threatpost

Cloud Security Vulnerabilities Web Security Cisco conviction Court case deleted accounts sentencing Sudhish Kasaba Ramesh WebexThe insider threat will go to jail for two years after compromising Cisco's cloud infrastructure.

Someone Hacked a US Warship Facebook Account to Stream Games

WIRED Threat Level

Plus: Twitch hack fallout, Russian phishing, and more of the week’s top security news. Security Security / Security News