Found 19 bookmarks
Custom sorting
Hackers spoof Microsoft ADFS login pages to steal credentials
Hackers spoof Microsoft ADFS login pages to steal credentials
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. #ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover
#Computer#MFA#Phishing#Microsoft#InfoSec#Account#Lateral#ADFS#Takeover#Notification#Security#Push
·bleepingcomputer.com·
Hackers spoof Microsoft ADFS login pages to steal credentials
Subaru Starlink flaw let hackers hijack cars in US and Canada
Subaru Starlink flaw let hackers hijack cars in US and Canada
Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. #Account #Canada #Car #Computer #Hacking #InfoSec #Japan #Security #Starlink #Subaru #Takeover #USA
#Takeover#Starlink#Subaru#Japan#Canada#Account#Security#Computer#InfoSec#USA#Hacking#Car
·bleepingcomputer.com·
Subaru Starlink flaw let hackers hijack cars in US and Canada
Effective Phishing Campaign Targeting European Companies and Organizations
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
#unit42#EN#2024#Phishing#Campaign#EU#Azure#takeover#HubSpot#analysis
·unit42.paloaltonetworks.com·
Effective Phishing Campaign Targeting European Companies and Organizations
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
#bleepingcomputer#EN#2024#Plugin#Computer#LiteSpeed#InfoSec#Takeover#WordPress#Cache#Security#Website#Admin
·bleepingcomputer.com·
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
Hackers hijack govt and business accounts on X for crypto scams
Hackers hijack govt and business accounts on X for crypto scams
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers.
#bleepingcomputer#ENM#2024#Media#Account#InfoSec#Scam#Takeover#Security#Computer#Verified#Twitter#CryptoCurrency#Social#X
·bleepingcomputer.com·
Hackers hijack govt and business accounts on X for crypto scams
Synology NAS DSM Account Takeover: When Random is not Secure
Synology NAS DSM Account Takeover: When Random is not Secure
  • Team82 has uncovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the company’s network-attached storage (NAS) products The insecure Math.random() method was used to generate the password of the admin password for the NAS device itself. Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account. * The vulnerability, tracked as CVE-2023-2729, has been addressed by Synology. Synology’s advisory is here.
#claroty#team42#EN#2023#CVE-2023-2729#ynology#NAS#DSM#Account#Takeover#random
·claroty.com·
Synology NAS DSM Account Takeover: When Random is not Secure