Before we start go to your LinkedIn account now and check: Threat actors are hacking into and taking over LinkedIn accounts by apparently using the simplest of hacks – brute-forcing or using leaked credentials. LinkedIn and Microsoft are not helping the situation by dragging their feet and being “out of …
Windows 11 will get a biometric uplift
Windows Hello, the biometric/PIN authentication and access tool, that ships with the latest versions of Windows installed on suitable hardware is expanding its supported operations. Windows 11 is getting a built-in passkey manager for Windows Hello (bleepingcomputer.com) A new passkey manager will enable the PIN or biometric sensors in your …
JD Sports hit by a cyber incident
The sportswear company JD Sports is reporting that potentially the data it held on over 10 million customers may have been accessed in a cyber attack: JD Sports says 10 million customers hit by cyber attack. – BBC News The issues covers several of the company’s brands: JD Sports is …
A hack and some good planning
Planet Ice – operators of an ice rink in Bristol – have been hacked and customer data has been compromised. That is the bad news. The good news is – and I am going to say here that Planet Ice planned this, but I have no evidence, just the benefit …
What do threat actors do with your stolen credentials?
I have written about one of the possible malicious uses of stolen credentials over on CyberAwake and I explain why if one of your team reuses a compromised password your organisation could be at risk. Read on here.
Surely people are not reusing passwords!
Even though there are warnings all over the internet about the risks of reusing passwords and the ease that threat actors can run credential stuffing attacks to exploit this negligent behaviour – people still reuse passwords: DraftKings denies platform breach, says about $300,000 stolen from compromised accounts – The Record …
Mass spamming starts with no MFA and credential stuffing
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”