Microsoft Says Phishing Campaign Skirted MFA to Access Email

Data Breach Today

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes.

Access 278

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Krebs on Security

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

Google, Microsoft and Apple are bitter arch-rivals who don’t often see eye-to-eye. Related: Microsoft advocates regulation of facial recognition tools. Yet, the tech titans recently agreed to adopt a common set of standards supporting passwordless access to websites and apps.

Harassment Site Kiwi Farms Breached

Data Breach Today

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses.

The Top 5 Business Outcomes Companies Can Achieve From Monitoring Consolidation

In this eBook, learn what the top five business outcomes are that organizations see when leveraging Datadog's end-to-end monitoring tool.

FBI: Russian Forums Sell Higher Education Credentials

Data Breach Today

Agency Spotted Compromised Credentials On Various Dark Web Forums The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums.

More Trending

H0lyGh0st Ransomware Linked to North Korean Hackers

Data Breach Today

Small and Mid-Size Businesses Targeted Globally But So Far Extortion Attempts Have Failed Microsoft security researches say they're tracking a hacking group originating from North Korea that may be a side project of an established threat actor.

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level.

Microsoft Patches 'DogWalk' Zero-Day in August Patch Tuesday

Data Breach Today

Monthly Dump Includes Patches for 141 Flaws, Including 17 'Critical' Fixes More than two years after being notified of it, Microsoft issued a fix for a Microsoft Windows Support Diagnostic Tool vulnerability known as DogWalk.

IRS Will Soon Require Selfies for Online Access

Krebs on Security

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year.

Access 285

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Ukraine and Romania Suffer Large Scale DDoS Attacks

Data Breach Today

Killnet Claims Responsibility for Targeting Romanian Authorities The Computer Emergency Response Team of Ukraine, along with the National Bank of Ukraine, are warning of massive DDoS attacks against pro-Ukrainian targets.

Experian, You Have Some Explaining to Do

Krebs on Security

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs.

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency.

Mining 281

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Why Are Ransomware Attacks Intensifying?

Data Breach Today

The latest edition of the ISMG Security Report analyzes why the number of ransomware attacks and the amounts being paid in ransoms are both on the rise. It also discusses today's cyberthreat landscape and whether organizations should rely on user training to improve security

Report: Missouri Governor’s Office Responsible for Teacher Data Leak

Krebs on Security

Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers.

Reports: Russian IPs Scanning US Energy Firms, Others

Data Breach Today

Bulletin Reportedly Issued Just Days Before Biden Warned of Cyber Activity Just days before U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S.,

How Criminals Are Weaponizing Leaked Ransomware Data

Data Breach Today

Accenture's Robert Boyce Advises Firms to Update Monitoring and Approval Processes Accenture analyzed the top 20 most active ransomware leak sites to see how threat actors are posting sensitive corporate information and making the data easy to search and exploit.

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

Predatory Sparrow's Hacks: There's Smoke, There's Fire

Data Breach Today

Hack Attacks That Affect Operational Security Environments Remain Rare The Predatory Sparrow hacking group recently claimed to have triggered fires in multiple state-run Iranian steel foundries via hack attacks. Clearly, industrial cybersecurity remains essential.

Norton 360 Now Comes With a Cryptominer

Krebs on Security

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers.

Mining 278

Vendor Ransomware Breach Affects 942,000 Patients

Data Breach Today

Incident Is Among Latest Fallout From Attacks on Healthcare Sector Entities A New York-based practice management vendor has notified 28 healthcare entity clients and more than 942,000 of their patients that sensitive information was compromised in a ransomware attack in April.

Feds Allege Former IT Consultant Hacked Healthcare Company

Data Breach Today

Experts: Case Spotlights Critical, But Often Overlooked, Insider Threats, Risks A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization.

IT 268

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

A $150 Million Plan to Secure Open-Source Software

Data Breach Today

Areas of Proposed Investments Include SBOMs, Software Supply Chains The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S.

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

GUEST ESSAY: Why organizations need to prepare for cyber attacks fueled by quantum computers

The Last Watchdog

In today’s times, we are more aware of cyberattacks as these have become front-page news. We most recently witnessed this as Russia invaded Ukraine. Cyberattacks were used as the first salvo before any bullet or missile was fired. Related: The role of post-quantum encryption.

Transacting in Person with Strangers from the Internet

Krebs on Security

Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill.

Sales 245

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Hospitals in U.S., France Dealing With Cyber Extortionists

Data Breach Today

Texas Hospital Still Being Pressured, While French Hospital Responds to Ransomware A Texas-based hospital is apparently still contending with pressure to pay an extortion group that claims to have stolen patient data months ago, while a French medical center responds to a weekend attack and demands to pay a $10 million ransom.

Phisher Jailed After Tricking Pentagon Out of $24 Million

Data Breach Today

California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice.

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms.