REDMOND, WA - Microsoft has issued a new security alert to users of its Microsoft Advertising platform, warning of a wave of OAuth consent phishing attacks - a sophisticated form of credential theft designed to look completely legitimate. In its notice, Microsoft explained that malicious actors are sending out fake login or permission prompts that appear identical to the company’s official consent screens. Once a user clicks “Accept”, the attacker gains access to sensitive … [Read more...]
Massive “Combo List 93M” Surfaces on Dark Web, Exposing Millions of Emails
WEST PALM BEACH, FL - A newly circulated credential database called Combo List 93M has emerged on underground forums, raising concerns for millions of email account holders. The massive compilation - reportedly containing over 93 million records - is being distributed within cybercriminal communities for use in credential-stuffing and phishing campaigns. What Is Combo List 93M? Unlike a traditional “data breach” tied to a single company, Combo List 93M appears to be an … [Read more...]
Experts: Hackers Registered Over 500,000 Domains for Massive Cyber-Attack
SANTA CLARA, CA - Hackers have been around since the debut of the Internet, and over the years they’ve learned a number of underhanded tricks to use on unsuspecting victims; one of the most prolific is registering new domains to use to disseminate malware and conduct fishing attacks – while posing as innocent and trustworthy websites – in order to get the unwary to share sensitive information or download malicious software. That being said, according to cybersecurity … [Read more...]