account hijacking
SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …
Booking.com customers targeted in hotel booking scam
Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. …
Rise in automated attacks troubles ecommerce industry
Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In addition, …
Microsoft Authenticator suppresses suspicious MFA notifications
Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers. …
Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases. “During our …
Compromised Skype accounts deliver DarkGate malware to employees
A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate …
Requests via Facebook Messenger lead to hijacked business accounts
Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing …
How Ducktail capitalizes on compromised business, ad accounts
Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We …
The removal of Qakbot from infected computers is just the first step
The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by …
LinkedIn users targeted in account hijacking campaign
LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing …
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at …
Featured news
Sponsored
Don't miss
- Researchers unearth two previously unknown Linux backdoors
- AxoSyslog: Open-source scalable security data processor
- Product showcase: Augmenting penetration testing with Plainsea
- CWE top 25 most dangerous software weaknesses
- Enhancing visibility for better security in multi-cloud and hybrid environments