#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Credential Theft | Breaking Cybersecurity News | The Hacker News

Category — Credential Theft
Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing

Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing

Aug 15, 2023 Enterprise Security / Cybersecurity
Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join  Graham Cluley , renowned cybersecurity expert and host of the Smashing Security podcast, and  Mike Britton , CISO at Abnormal Security, for an illuminating webinar that delves into the world of credential phishing and offers actionable insights. What Will You Learn? Understanding the Lure:  How attackers manipulate victims into submitting credentials, employing tactics such as generative AI. Why Victims Fall for the Trap:  A detailed look at why security awareness training may not always succeed in preventing employees from taking the bait. Effective Strategies to Comb...
Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

Sep 23, 2022
A hack-for-hire group that was  first exposed in 2019  has expanded its focus to set its sights on entities with business or political ties to Russia. Dubbed Void Balaur , the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021. "Void Balaur [...] primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro  noted  at the time. Attacks conducted by the group are typically both generic and opportunistic and are aimed at gaining unauthorized access to widely-used email services, social media, messaging, and corporate accounts. Earlier this June, Google's Threat Analysis Group (TAG) took the wraps off a set of  credential theft attacks  targeting journalists, European politicians, and non-profit's mounted by the threat actor. "Void Balaur also goes after targ...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
Credential Theft Is (Still) A Top Attack Method

Credential Theft Is (Still) A Top Attack Method

Aug 15, 2022
Credential theft is clearly still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication,  password  stealing remains a top attack method used by cyber criminals. The latest  report  from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren't revoking credentials that are no longer needed, meaning passwords can go unattended and dormant like a sitting duck (similar to what happened with Colonial Pipeline). And  Verizon's Data Breach Investigations Report  cites that nearly 50% of all data breaches were caused by stolen credentials. The stats don't lie. Cybercriminals are advancing, there's no doubt, but if there's an option to take the path of least resistance, they'll take it. Too often, that means compromising passwords and exploiting vulnerable access points.  Credential Theft and Criti...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Expert Insights / Articles Videos
Cybersecurity Resources