Iran-linked hackers were found conducting extensive password spraying attacks against Office 365 accounts of defense technology and global maritime firms in the U.S. and Israel. The group attempts to gain access to commercial satellite imagery and proprietary shipping plans/logs. Microsoft notified the victims and provided them with the information required to secure their accounts.
Researchers have proven it’s possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.
The bank issued a statement on Monday to inform customers about the cyberattack, it also added to have “identified a cybersecurity incident in our systems that has partially disabled our services.”
New research from cloud security firm Zscaler, presented at the recent VB2021 conference, exploits bugs and coding errors in malware code to thwart infections by botnets, ransomware, and trojans.
By exploiting the WDAC security bypass vulnerability tracked as CVE-2020-0951, threat actors can execute PowerShell commands that would otherwise be blocked when WDAC is enabled.
First released in 1997, the L0phtCrack tool can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.
In a Form 10-K filing with the Securities and Exchange Commission (SEC) last week, the company confirmed that the attackers were able to steal some proprietary information from its servers.
It was only last month that the Port of Houston fended off a cyberattack and there is no reason to believe cyberattacks on OT systems won’t continue — or, perhaps, become more common.
The NSA clued in organizations against the use of wildcard TLS certificates that may lead to a widespread attack on an organization, as well as invite the new ALPACA TLS attack. According to researchers, around 119,000 web servers are still exposed to the new ALPACA attacks.
An Android-based phishing campaign was observed targeting customers of telecommunication services based in Japan. The malware-laced fake app steals credentials and session cookies. Experts recommend bypass such risks by avoiding apps downloads from unknown third-party stores.