-
SIM swappers hijacking phone numbers in eSIM attacks
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
- March 14, 2024
- 02:08 PM
5
-
Hijacked subdomains of major brands used in massive spam campaign
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.
- February 26, 2024
- 09:00 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Mandiant's X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."
- January 10, 2024
- 05:21 PM
- 1
-
SIM swapper gets 8 years in prison for account hacks, crypto theft
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft.
- November 29, 2023
- 02:26 PM
- 0
-
LinkedIn accounts hacked in widespread hijacking campaign
LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers.
- August 15, 2023
- 05:21 PM
- 9
-
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of users.
- June 22, 2023
- 11:45 AM
- 0
-
Hackers steal $3 million by impersonating crypto news journalists
A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks.
- June 10, 2023
- 10:09 AM
- 0
-
Google will delete accounts inactive for more than 2 years
Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years.
- May 21, 2023
- 11:07 AM
- 2
-
Researcher hijacks popular Packagist PHP packages to get a job
A researcher hijacked over a dozen Packagist packages—with some having been installed hundreds of millions of times over the course of their lifetime. The researcher reached out to BleepingComputer stating that by hijacking these packages he hopes to get a job. And, he seems pretty confident that this would work.
- May 03, 2023
- 11:30 AM
- 1
-
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- April 21, 2023
- 11:35 AM
- 0
-
All Dutch govt networks to use RPKI to prevent BGP hijacking
The Dutch government will adopt the RPKI (Resource Public Key Infrastructure) standard on all its systems before the end of 2024 to upgrade the security of its internet routing.
- April 09, 2023
- 11:21 AM
- 0
-
Microsoft Azure SFX bug let hackers hijack Service Fabric clusters
Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters.
- October 19, 2022
- 11:45 AM
- 0
-
Microsoft found TikTok Android flaw that let hackers hijack accounts
Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.
- August 31, 2022
- 12:00 PM
- 1
-
PyPI packages hijacked after developers fall for phishing emails
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.
- August 25, 2022
- 07:18 AM
- 0
-
Google now blocks Workspace account hijacking attempts automatically
Google Workspace (formerly G Suite) now comes with stronger protections for risky account actions, automatically blocking hijacking attempts with identity verification prompts and logging them for further investigation.
- August 10, 2022
- 12:18 PM
- 0
-
GitLab security update fixes critical account take over flaw
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.
- June 03, 2022
- 09:55 AM
- 0
-
Hackers steal WhatsApp accounts using call forwarding trick
There's a trick that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list.
- May 31, 2022
- 07:10 PM
- 0
-
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended.
- May 25, 2022
- 09:42 AM
- 2
-
Hackers can hack your online accounts before you even register them
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.
- May 23, 2022
- 01:02 PM
- 0
-
Ferrari subdomain hijacked to push fake Ferrari NFT collection
One of Ferrari's subdomains was hijacked yesterday to host a scam promoting fake Ferrari NFT collection, according to researchers. The Ethereum wallet associated with the cryptocurrency scam appears to have collected a few hundred dollars before the hacked subdomain was shut down.
- May 06, 2022
- 03:56 PM
- 0
