account hijacking
Phishing kits that bypass MFA protection are growing in popularity
The increased use of multi-factor authentication (MFA) has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. A current …
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Why are we still asking KBA questions to authenticate identity?
Do you remember the name of your second-grade teacher? How about your maternal grandfather’s middle name? If you’ve ever forgotten a password, you’ve no doubt experienced the …
Retail industry security incidents soaring, worsened by the supply chain crisis
Imperva’s 12-month analysis on cybersecurity risks in the retail industry suggests that the 2021 holiday shopping season will be further disrupted by cybercriminals …
Popular npm package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …
ATO attacks increased 307% between 2019 and 2021
Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a …
Fraudsters increasingly focusing on digital accounts, whether existing or fake ones
Fraudsters are increasingly focusing on digital accounts, whether that is by compromising existing user accounts or creating fake new accounts to commit fraud, an Arkose Labs …
Turning the tide on surging account takeovers in the media industry
Account takeovers (ATOs) are on the rise, fueled by the widespread use of automated bots. The media industry, which includes social networks, content streaming, gambling, …
Cyber criminals are targeting digital artists
Cyber criminals looking for a quick payout and valuables are targeting digital artists using NFTs (non-fungible tokens), warns security researcher Bart Blaze. The attackers …
What happens to email accounts once credentials are compromised?
Agari researchers entered unique credentials belonging to fake personas into phishing sites posing as widely used enterprise applications, and waited to see what the phishers …
Cybersecurity leaders lacking basic cyber hygiene
Constella Intelligence released the results of a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to …
As online fraud rises, 72% of retail brands expect to grow fraud teams
Retailers around the world are increasing their fraud teams and budgets because of a significant rise in all types of online fraud during the pandemic, a research by Ravelin …
Featured news
Sponsored
Don't miss
- Researchers unearth two previously unknown Linux backdoors
- AxoSyslog: Open-source scalable security data processor
- Product showcase: Augmenting penetration testing with Plainsea
- CWE top 25 most dangerous software weaknesses
- Enhancing visibility for better security in multi-cloud and hybrid environments