How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — includi...

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't...

1.1M Compromised Accounts Found at 17 Major Companies

There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes o...

Brace yourselves: Holiday shopping season is coming

The E-commerce market has seen tremendous revenue growth during the pandemic. Along with that good news for E-business, there has been an increase in fraudulent activities online that may cost retailers over $20 billion in losses by the end of 2021. According to eMarketer, worldwide retail...

How to Vaccinate Against the Poor Password Policy Pandemic

Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have acce...

Credential Stuffing and Account Takeovers -- The Business View

Account takeovers ATOs, in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like...

Post Breach, Peatix Data Reportedly Found on Instagram, Telegram

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed...

It's universal: We all love to exchange gifts. Singles' Day and Diwali are two more reasons to do so.

There is scientific evidence that humans secrete "feel good" chemicals in their brain, such as serotonin, dopamine, and oxytocin, while giving. So it's no wonder that many of us look forward to the holidays. Online mobile shopping trends for Singles' Day and Diwali certainly confirm that. Sadly,...

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesnt happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No,...

Cyberattacks Hit Thousands of Canadian Tax, Benefit Accounts

Canadian authorities said almost 15,000 online accounts for various government services have been targeted in three recent waves of credential-stuffing attacks. These accounts could give attackers access to Canadians’ tax-related and benefits information, coronavirus relief fund money and more...

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security,...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...