accounts

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Aug 16, 2024 by iHash Leave a Comment

Aug 16, 2024Ravie LakshmananCloud Security / Application Security A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign, including the … [Read more...] about Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Hijacking GitHub accounts using phishing emails

Jun 29, 2024 by iHash Leave a Comment

We recently wrote about how attackers have learned to use legitimate social media infrastructure to deliver plausible-looking warnings about the blocking of business accounts, leading to password theft. It turns out that for several months now, a very similar method has been used to attack developer accounts on GitHub, which is a cause for concern for corporate information … [Read more...] about Hijacking GitHub accounts using phishing emails

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

Mar 25, 2024 by iHash Leave a Comment

Mar 25, 2024NewsroomSupply Chain Attack / Cryptocurrency Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser … [Read more...] about Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Dec 6, 2023 by iHash Leave a Comment

Dec 06, 2023NewsroomAccess Management / Cloud Security Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks. The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a … [Read more...] about Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

How Ducktail steals Facebook accounts

Nov 23, 2023 by iHash Leave a Comment

Our researchers have discovered a new version of malware from the Ducktail family. Cybercriminals are using it to target company employees who either hold fairly senior positions or work in HR, digital marketing, or social-media marketing. Their ultimate goal is to hijack Facebook Business accounts, so it makes sense that the attackers are interested in folks most likely to … [Read more...] about How Ducktail steals Facebook accounts

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

Jul 1, 2023 by iHash Leave a Comment

Jul 01, 2023Ravie LakshmananWebsite Security / Cyber Threat As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on … [Read more...] about Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

May 4, 2023 by iHash Leave a Comment

May 04, 2023Ravie LakshmananOnline Security / ChatGPT Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used … [Read more...] about Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

How cybercriminals hijack Telegram accounts

Feb 17, 2023 by iHash Leave a Comment

Telegram users have recently begun encountering various Telegram messenger hijacking schemes. Things usually start off with a message from one of their contacts containing a link to some site. The bait can be an invitation to take part in an online vote or contest, a Telegram Premium gift or trial version, a request to sign a collective petition, or something else. What all … [Read more...] about How cybercriminals hijack Telegram accounts

Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts

Feb 1, 2023 by iHash Leave a Comment

Feb 01, 2023Ravie LakshmananEnterprise Security / Authentication Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were … [Read more...] about Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

Sep 23, 2022 by iHash Leave a Comment

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent … [Read more...] about Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54