Security news aggregator

Latest coverage for Credentials

Stolen credentials can enable account takeover and lateral movement; phishing-resistant MFA, password managers, and rapid revocation reduce the risk.

13 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Credentials are the data used to verify a user's identity to a system, commonly including usernames, passwords, security tokens, or biometric identifiers. They serve as gatekeepers for access to accounts, applications, and sensitive information. Attackers target credentials to impersonate users, escalate privileges, or gain unauthorized system access.

Compromise of credentials can occur through phishing, credential stuffing, or theft from insecure storage. Effective defenses include enforcing strong, unique passwords, implementing multi-factor authentication (MFA), and securely storing credentials using hashing or encryption. Monitoring for unusual login patterns and promptly revoking compromised credentials are also critical to limit attacker impact.

Showing 13 most recent headlines Filtered view

Plus: why takedowns aren't in threat-intel analysts' best interest interview It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, thus allowing them to drain their accounts.…

Bank Info Security 11 months, 2 weeks ago

Nikesh Arora: Why Palo Alto Is Making a $25B Bet on Identity

CyberArk Deal Adds Privileged Access Capabilities to Palo Alto Networks' Core StackWith a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges as a new risk vector.

Bank Info Security 11 months, 2 weeks ago

Coyote Trojan Turns Accessibility Into Attack Surface

Brazil-Targeting Malware Exploits Windows UIA to Evade DetectionA banking Trojan long confined to Brazil has become the first known malware to exploit Microsoft's UI Automation framework to extract credentials, signaling a new tactic that may evade conventional detection. Akamai's findings point to a growing trend of attackers using legitimate system features.

New malware, even better social engineering chops The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims' networks using savvier social engineering techniques, searching for organizations' Snowflake database credentials, and deploying a handful of new ransomware variants, most recently DragonForce.  …