account hijacking
Another popular Chrome extension hijacked through phishing
Chris Pederick, the creator and maintainer of the Web Developer for Chrome extension, is the latest victim of attackers who hijack popular Chrome add-ons in order to push ads …
Phishers steal Chrome extension from developer
An attacker has compromised the Chrome Web Store account of German developer team a9t9 software, and has equipped their Copyfish Chrome extension with ad/spam injection …
Phishers’ techniques and behaviours, and what to do if you’ve been phished
Once a user has been phished, how long does it takes for the phishers to misuse the stolen credentials? To discover the answer to that question and many others, Imperva …
751 domains hijacked to redirect visitors to exploit kit
An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting …
Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites …
Offer of nude celeb photos turns Twitter users into spammers
If not careful, Twitter users who are dead set on seeing nude photos of WWE star Paige will end up on marketers’ spam lists and with their own Twitter account pushing …
Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in …
Yahoo notifies more users of malicious account activity
Yahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords. …
Egyptian civil society NGOs targeted with sophisticated phishing
In the last few months, a number of Egyptian civil society organizations, lawyers, journalists, and independent activists have been targeted with personalized and generic …
Clinton campaign chief’s Twitter, iCloud accounts hijacked
Some 12 hours after WikiLeaks published emails stolen from the email account of Hillary Clinton campaign Chairman John Podesta, someone has hijacked the man’s Twitter …
Hackers compromised Telegram accounts, identified 15 million users’ phone numbers
Hackers have managed to compromise over a dozen Telegram accounts belonging to Iranian political activists and identify phone numbers tied to 15 million Iranian Telegram …
Botnet-powered account takeover campaign hit unnamed bank
A single attacker has mounted two massive account takeover (ATO) campaigns against a financial institution and an entertainment company earlier this year, and used a gigantic …