IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market. As we looked into what was behind the phish, we found a thriving and large-scale operation of over 600 phishing domains d

The video gaming landscape has changed drastically over the past few decades. Some of these changes have led to considerable developments in the cyberthreat landscape as it applies to gaming companies, the games themselves and the user base that enjoys them. Integration of the cloud, mobile apps and social networks, the diversity of games and platforms, th

We’ve previously discussed threats to managed service providers (MSPs), covering their status as a valuable secondary target to both an assortment of APT groups as well as financially motivated threat groups. The problem with covering new and novel attack vectors, however, is that behind each new vector is typically a system left unpatched, asset manag

Hollywood loves hacking in movies. White hats are able to perform miraculous feats with nothing more than mobile phones and subpar internet connections, while evildoers somehow manage to access banking and government systems worldwide as part of insidious plots for world domination. Top Six Weird and Wacky 2016 Data Breaches In truth, cyberattacks and respon

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android patches, high-profile breaches, and more ransomware. Check back every Friday to learn about the latest in security news.

The Credential Manager in Windows is a relatively unknown feature, even though a lot of people are using it without being aware of its existence. Windows stores credentials in special folders that they call “vaults” to help users login to websites and other computers. The Credential Manager as such is introduced with Windows 7. Operation Reviewin

IT professionals have long grappled with the inherent risks associated with privileged accounts. Whenever credentials that allow other employees to login to servers, routers, and so forth, are compromised, it can have a dire outcome on the rest of the network.A security firm this week is warning exactly how dire those consequences can be. Virtually no organi

Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the 

Co-authored by Dr. Gregory Neven If you ask your IT staff about passwords, they’ll probably advise you to use long and complicated codes, never reuse passwords across different websites, change passwords regularly and never write them down anywhere. You may think of your IT staff as paranoid, but their fear of passwords getting stolen by cybercriminals

A zero-day in a popular plugin for the Magento ecommerce platform is under attack.Attackers are using a few IP addresses to scan for vulnerable versions of Magmi, which is an open source database client that imports data into Magento. “We’ve seen a couple hundred requests for this specific attack coming from two or three IP addresses. They̵

This post explains how to use the PowerMemory script to reveal the passwords used by users of the computers running under Windows systems. Disclaimer Any actions and or activities related to the material contained within this blog is solely your responsibility.The misuse of the information in this website can result in crimina

A cybercriminal going by the name DetoxRansome claims to have stolen some of the login credentials of Bitdefender’s users and threatened to release the details if $15,000 is not paid as ransom. The attacker told Forbes that all information, including passwords and usernames, was unencrypted. The antivirus software provider Bitdefender confirmed that cu

Dumping the stored password hashes from a live Domain Controller can be tricky. There are a number of things to consider, and there have been several approaches over the years. Some of these approaches have had glaring problems with them. We’ve recently changed all that. Before we talk about our new approach, let’s take a look at the history ther

Recent revelations that Uber stored a sensitive database key on a publicly accessible GitHub page generated its share of amazement and outrage. Some Ars readers called for the immediate termination of the employees responsible or for the enactment of new legal penalties for similar blunders in the future.Further ReadingPSA: Don’t upload your import

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.This summer, the Metasploit team began the large undertaking of reworking credentials throughout the project. Metasploit, as you already know, began as a collection of traditional exp