Security news aggregator

Latest coverage for Credentials

Stolen credentials can enable account takeover and lateral movement; phishing-resistant MFA, password managers, and rapid revocation reduce the risk.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Credentials are the data used to verify a user's identity to a system, commonly including usernames, passwords, security tokens, or biometric identifiers. They serve as gatekeepers for access to accounts, applications, and sensitive information. Attackers target credentials to impersonate users, escalate privileges, or gain unauthorized system access.

Compromise of credentials can occur through phishing, credential stuffing, or theft from insecure storage. Effective defenses include enforcing strong, unique passwords, implementing multi-factor authentication (MFA), and securely storing credentials using hashing or encryption. Monitoring for unusual login patterns and promptly revoking compromised credentials are also critical to limit attacker impact.

Showing 12 most recent headlines Filtered view

Chinese Nation-State Hackers Used a Custom Utility to Capture PacketsChinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco's cybersecurity unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos.

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies

Credential-Stuffing Breaches Affected Nearly 200,000 Warby Parker CustomersFederal regulators have levied a $1.5 million HIPAA civil monetary penalty against eyeglass maker and retailer Warby Parker over credential-stuffing hacks that affected about 200,000 people. The HIPAA enforcement action is the first disclosed in the second Trump administration.

Bank Info Security 1 year, 4 months ago

Infostealers Tied to Stolen AI and Defense Credentials

Information-Stealing Malware Continues to Feed Markets for Stolen CredentialsDefense sector and military agency employees, and artificial intelligence service users, all show signs of having been infected by information-stealing malware, as the market for buying and selling stolen credentials continues to thrive, experts warn.

Because stealing your credentials, banking info, and IP just wasn’t enough A new variant of Snake Keylogger is making the rounds, primarily hitting Windows users across Asia and Europe. This strain also uses the BASIC-like scripting language AutoIt to deploy itself, adding an extra layer of obfuscation to help it slip past detection.…

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services