PrivacyDigest · @PrivacyDigest
310 followers · 1291 posts · Server mas.to
#Meta Moves to Counter New #Malware and Repeat Account Takeovers
The company is adding new tools as bad actors use ChatGPT-themed lures and mask their infrastructure in an attempt to trick victims and elude defenders.
#accounttakeover #chatgpt
https://www.wired.com/story/meta-attacker-tactics-business-tool/
#chatgpt #accounttakeover #malware #meta
Stephen Lawton · @StephenLawton
18 followers · 10 posts · Server federated.press
Bank customers have expectations that money in their checking accounts are safe from #cyberattacks. Sometimes their FDIC-insured funds aren't so safe. Here's a cautionary tale in @DarkReading: When Banking Laws Don't Protect Consumers From #Cybertheft #accounttakeover
https://www.darkreading.com/edge-articles/when-banking-laws-don-t-protect-consumers-from-cybertheft
#cyberattacks #cybertheft #accounttakeover
· @Capros
14 followers · 27 posts · Server sfba.social
Bank customers have expectations that money in their checking accounts are safe from #cyberattacks. Sometimes their FDIC-insured funds aren't so safe. Here's a cautionary tale in @DarkReading: When Banking Laws Don't Protect Consumers From #Cybertheft #accounttakeover
https://www.darkreading.com/edge-articles/when-banking-laws-don-t-protect-consumers-from-cybertheft
#cyberattacks #cybertheft #accounttakeover
DHd2023 · @DHdKonferenz
248 followers · 51 posts · Server fedihum.org
📢#AccountTakeover durch die Stipendiat:innen der #DHd2023
Wir sind gespannt und freuen uns!
Tech news from Canada · @TechNews
284 followers · 7290 posts · Server mastodon.roitsystems.caWired: How to Protect Yourself from Twitter’s 2FA Crackdown https://www.wired.com/story/twitter-2fa-sms-alternatives-twitter-blue/ #Tech #wired #TechNews #IT #Technology via @morganeogerbc #Security/SecurityAdvice #Security/SecurityNews #Security/Privacy #AccountTakeover #cybersecurity #Passwords #Security #security #hacking #twitter #how-to
#Tech #wired #technews #it #technology #security #accounttakeover #cybersecurity #passwords #hacking #Twitter #how
IT News · @itnewsbot
2914 followers · 250407 posts · Server schleuss.onlineHow to Protect Yourself from Twitter’s 2FA Crackdown - Twitter is disabling SMS-based two-factor authentication. Switch to these alternatives to... - https://www.wired.com/story/twitter-2fa-sms-alternatives-twitter-blue/ #security/securityadvice #security/securitynews #security/privacy #accounttakeover #security
TribalCyberSecurity · @tribalcyber
27 followers · 11 posts · Server infosec.exchange
"PayPal accounts breached in large-scale credential stuffing attack"
#PayPal #Cyberattack #Bot #BotAttack #credentialstuffing #ATO #AccountTakeOver
#paypal #cyberattack #bot #botattack #credentialstuffing #ato #accounttakeover
nieldk :verified: 💻 · @nieldk
186 followers · 274 posts · Server infosec.exchange
This is still going on. Just helped s friend recover from this #scam #accounttakeover attack. USE MFA! Everywhere! And DO NOT, ever, send ANY codes to ANYONE!
Zate 🦘🇦🇺 · @zate
486 followers · 968 posts · Server infosec.exchangeIt looks like we have another round of the #LastPass running in circles arm waving, so I will add here what I just replied to one of the threads.
So, generally, many, many websites use your email address to log you in. some use a username, but it's more the norm to use your email.
The same email that has been in countless leaks for years and years is on countless "consolidated" lists etc., and is likely run against all manner of websites as part of the standard billions-long email stuffing lists.
Given that so many websites have email enumeration issues because it is sort of hard to both allow a user to lookup if their email exists or not when registering and make it not able to tell the same thing to a massively distributed, slow attack coming from residential IP's .. then they are going to know quickly if you are on a site.
They likely don't care. The list of URLs your email is associated with is unlikely to give any of these extensive operations any advantage. They already factor in that knowledge.
So then, I assume you're going to jump ship to some other password provider, of which there are many. Of which, just about all are, or will be, under attack at some point. If you think you are going to jump to a provider who can protect your stuff 100%, then that's funny.
I know, I know, we can/should all host our passwords on our self-hosted service or only locally in our systems, and sure, that likely does provide a certain measure of security, I guess? But I already do that. It's an encrypted block here locally that I ask LastPass to store and backup.
For this kind of thing, you must factor in Shannon's maxim / Kerckhoffs's principle in that the enemy knows the system. Assume they can get to the encrypted blob, and assume they can know your username on a site. The controls still hold secure in this case.
#LastPass #InfoSec #cybersecurity #accounttakeover #passwords
#lastpass #infosec #cybersecurity #accounttakeover #passwords
Mufasa · @ne1for23
349 followers · 3432 posts · Server mastodon.sdf.orgMeta reportedly disciplined or fired more than two dozen workers for taking over Facebook user accounts
Meta Platforms fired or disciplined dozens of employees and contractors over the course of the last year for compromising Facebook user accounts, according to reporting by The Wall Street Journal.
In some cases, the Journal wrote, the contractors, working for Allied Universal, accepted bribes to take control of user accounts.
#Meta #Facebook #AccountTakeover #Bribes
https://www.cnbc.com/2022/11/17/meta-disciplined-or-fired-employees-for-taking-over-user-accounts-wsj.html
#meta #facebook #accounttakeover #bribes
Ken · @Khansen
8 followers · 6 posts · Server mastodon.online
How Banks Can Fight The Surge in Account Takover #accounttakeover #banking #cybercrime https://thefinancialbrand.com/news/payments-trends/how-banks-can-fight-the-surge-in-account-takeover-fraud-154292/
#cybercrime #banking #accounttakeover
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Spotify Users Hit with Rash of Account Takeovers - Users of the music streaming service were targeted by attackers using credential-stuffing approach... https://threatpost.com/spotify-account-takeovers/161495/ #elasticsearchdatabase #credentialstuffing #spotifycredentials #accounttakeover #musicstreaming #cloudsecurity #passwordreuse #websecurity #cyberattack #vpnmentor #spotify #breach #hacks
#hacks #breach #spotify #vpnmentor #cyberattack #websecurity #passwordreuse #cloudsecurity #musicstreaming #accounttakeover #spotifycredentials #credentialstuffing #elasticsearchdatabase
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Exposed Database Reveals 100K+ Compromised Facebook Accounts - Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised ... https://threatpost.com/exposed-database-100k-facebook-accounts/161247/ #seewhovisitsyourprofile #exposeddatabased #accounttakeover #facebookaccount #elasticsearch #websecurity #bitcoinscam #facebook #bitcoin #hacks #fraud #scam
#scam #fraud #hacks #bitcoin #facebook #bitcoinscam #websecurity #elasticsearch #facebookaccount #accounttakeover #exposeddatabased #seewhovisitsyourprofile
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlineNando’s Hackers Feast on Customer Accounts - Multiple chicken diners said their usernames and passwords were stolen and the accounts used to pl... https://threatpost.com/nandos-hackers-customer-accounts/160527/ #accountcredentials #credentialstuffing #highvolumeorders #accounttakeover #periperichicken #websecurity #compromise #breach #nandos #hacks
#hacks #nandos #breach #compromise #websecurity #periperichicken #accounttakeover #highvolumeorders #credentialstuffing #accountcredentials
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Office 365 OAuth Attack Targets Coinbase Users - Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take c... https://threatpost.com/office-365-oauth-attack-coinbase/160337/ #maliciousoauthapp #accounttakeover #websecurity #emailattack #inboxaccess #consentapp #microsoft #office365 #coinbase #hacks #oauth
#oauth #hacks #coinbase #office365 #microsoft #consentapp #inboxaccess #emailattack #websecurity #accounttakeover #maliciousoauthapp
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Gamer Credentials Now a Booming, Juicy Target for Hackers - Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools. https://threatpost.com/gamer-juicy-target-for-hackers/159507/ #two-factorauthentication #accounttakeover #credentialtheft #mobilesecurity #counter-strike #cyberattacks #battlefield #coronavirus #bruteforce #steveragan #dreamhack #minecraft #fortnite #akamai #gamers #gaming #hacks #2fa #ato
#ato #2fa #hacks #gaming #gamers #akamai #fortnite #minecraft #dreamhack #steveragan #bruteforce #coronavirus #battlefield #cyberattacks #counter #mobilesecurity #credentialtheft #accounttakeover #two
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Activision Refutes Claims of 500K-Account Hack - The Call of Duty behemoth said that the reports of widespread hacks are false. https://threatpost.com/activision-refutes-claims-account-hack/159433/ #twofactorauthentication #accounttakeover #bruteforcing #websecurity #activision #callofduty #passwords #accounts #breach #denies #gaming #hacks #hack #ato
#ato #hack #hacks #gaming #denies #breach #accounts #passwords #callofduty #activision #websecurity #bruteforcing #accounttakeover #twofactorauthentication
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts - The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave ... https://threatpost.com/cyberattacks-canadian-tax-benefit-accounts/158400/ #canadarevenueagency #credentialstuffing #servicesuspension #accounttakeover #passwordreuse #cyberattacks #websecurity #password #canada #hacks #gckey #hack #cra
#cra #hack #gckey #hacks #canada #password #websecurity #cyberattacks #passwordreuse #accounttakeover #servicesuspension #credentialstuffing #canadarevenueagency
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Attackers Horn in on MFA Bypass Options for Account Takeovers - Legacy applications don't support modern authentication -- and cybercriminals know this. https://threatpost.com/attackers-mfa-bypass-account-takeovers/158189/ #multifactorauthentication #businessemailcompromise #legacyapplications #conditionalaccess #abnormalsecurity #vulnerabilities #accounttakeover #mobilesecurity #cloudsecurity #websecurity #mfabypass #office365 #privacy #breach #hacks
#hacks #breach #privacy #office365 #mfabypass #websecurity #cloudsecurity #mobilesecurity #accounttakeover #vulnerabilities #abnormalsecurity #conditionalaccess #legacyapplications #businessemailcompromise #multifactorauthentication
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack - Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers acc... more: https://threatpost.com/popular-tp-link-family-of-kasa-security-cams-vulnerable-to-attack/157371/ #kasasmartkc300s2system #vulnerabilities #accounttakeover #consumercamera #kasacamkc120 #tp-linkpatch #securitycam #tp-link #hacks #kc200 #kasa #ato
#ato #kasa #kc200 #hacks #securitycam #tp #kasacamkc120 #consumercamera #accounttakeover #vulnerabilities #kasasmartkc300s2system