ViperSoftX campaign steals cryptocurrency and targets password managers
Security experts have discovered a new version of ViperSoftX, a malware that steals cryptocurrency and targets password managers, such as KeePass and 1Password.
passwords
Cybercriminals use proxies and configurations to launch credential stuffing attacks
The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.
GitLab issues security update for Critical hard-coded password vulnerability (CVE-2022-1162)
GitLab has issued a security update to address a Critical vulnerability CVE-2022-1162 where static passwords were inadvertently set during OmniAuth-based registration.
Alert: Threat actors continue to exploit patched Pulse Secure VPN devices
Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.
Flipboard confirms data breach, resets passwords
News aggregator Flipboard warned that an unauthorized person gained access to subset of user account data and cryptographically protected passwords.
Nearly 800M email records exposed in massive data breach
A massive data breach dubbed “Collection #1” exposed nearly 800 million email addresses and millions of passwords. Security expert Troy Hunt was alerted of the leaked data made available for free download from popular MEGA cloud storage service. The data consisted of over 12,000 separate files and more than 87GB of data.