-
Slack Bug Allowed Automating Account Takeover Attacks
Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using a HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/.
- March 13, 2020
- 07:44 PM
0
-
Domain Takeover at Gunpoint Gets Influencer 14 Years in Jail
Social media influencer Rossi Lorathio Adams II was sentenced to 14 years in federal prison for plotting an Internet domain hijacking at gunpoint and an armed home invasion with his cousin Sherman Hopkins, Jr.
- December 11, 2019
- 08:00 AM
1
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps
A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API.
- December 10, 2019
- 10:14 AM
- 0
-
Twitter Suspends SMS-Based Tweeting After High-Profile Account Hacks
Twitter on Wednesday announced that it would turn off its Tweet via SMS feature for an unspecified period following abuses that led to hackers posting from at least two high-profile accounts.
- September 05, 2019
- 07:14 AM
- 0
-
Starbucks Abandons Azure Site, Exposed Subdomain to Hijacking
An oversight from Starbucks exposed one of its subdomains to takeover threat, which could be further leveraged in attacks against customers and the company.
- August 29, 2019
- 05:46 AM
- 2
-
Crooks Sell Credentials Using Combolists-as-a-Service Model
Cybercriminals are now using a combolists-as-a-service model to sell credential collections to other crooks, which will later use them as part of large scale malicious account takeover attacks targetting both individuals and organizations.
- July 30, 2019
- 11:04 AM
- 0
-
Researchers Hack Surveillance Systems to Show Fake Video Feed
Security researchers analyzing the security flaws present in IoT devices used in smart buildings were able to replace the real video feeds with arbitrary footage.
- July 30, 2019
- 08:08 AM
- 0
-
Google Wants Your Phone to Protect Against Account Takeover Attacks
In a report on Friday, Google highlights the importance of linking a phone to an account when it comes to fighting hijacking attempts from automated attempts from bots, phishing, and targeted attacks.
- May 19, 2019
- 01:20 PM
- 0
-
DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims
The DNSpionage malware campaign has added a new reconnaissance stage showing that the attackers have become more picky with their targets, as well as a new .NET-based malware dubbed Karkoff and designed to allow them to execute code remotely on compromised hosts.
- April 23, 2019
- 03:24 PM
- 0
-
'Sea Turtle' Campaign Focuses on DNS Hijacking to Compromise Targets
For at least two years, a highly capable threat actor has been running a campaign that relied on DNS hijacking to reach their targets. In the operation, at least 40 public and private organizations in 13 countries have been compromised.
- April 18, 2019
- 03:32 AM
- 0
-
VSDC Site Hacked Again to Spread Password Stealing Malware
The website of the free multimedia editor VSDC was breached again by hackers, this time the download links being used to distribute a banking trojan and an info stealer.
- April 11, 2019
- 08:55 AM
- 2
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
The Department of Homeland Security has issued an emergency directive that requires all U.S. agencies that operate a .gov domain or agency-managed domain to audit their DNS records and servers to verify that they are resolving to the right IP addresses. They further require them harden the security related to DNS accounts.
- January 23, 2019
- 02:21 AM
- 0
-
Google Services Unreachable After Traffic Hijacking
Services from Google on Monday became unavailable for up to two hours as user traffic followed a tortuous path through operators in Russia and Nigeria before hitting the Great Firewall of China.
- November 13, 2018
- 11:28 AM
- 0
-
Abandoned Tweet Counter Hijacked With Malicious Script
An abandoned Tweet counter that was still being loaded by 800+ sites was hijacked with a malicious script that caused visitors to be redirected to scam sites.
- October 17, 2018
- 03:00 AM
- 0
-
Over 3,700 MikroTik Routers Abused In CryptoJacking Campaigns
Ever since exploit code for CVE-2018-14847 became publicly available, miscreants have launched attacks against MikroTik routers. Thousands of unpatched devices are mining for cryptocurrency at the moment.
- September 10, 2018
- 02:35 PM
- 0
-
Hackers Exploiting DLink Routers to Redirect Users to Fake Brazilian Banks
Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker's control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user's account information.
- August 11, 2018
- 01:27 PM
- 1
-
U.S. Payment Processing Services Targeted by BGP Hijacking Attacks
According to a new report, three United States payment processing service providers were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data.
- August 06, 2018
- 03:01 AM
- 0
-
Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer, More
Hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software.
- July 11, 2018
- 02:00 PM
- 1
-
Internet Transit Providers Disconnect Infamous "BGP Hijack Factory"
Several Internet transit providers —companies that route global Internet traffic between local ISPs, end users, and data centers— have banded together to ban a fellow transit provider that has carried out at least 130 Internet route (BGP) hijacks in the past few years, most of which, experts say, were with malicious intent.
- July 11, 2018
- 12:30 AM
- 1
-
DNS Poisoning or BGP Hijacking Suspected Behind Trezor Wallet Phishing Incident
The team behind the Trezor multi-cryptocurrency wallet service has discovered a phishing attack against some of its users that took place over the weekend.
- July 01, 2018
- 06:14 PM
- 1
