Cookies for MFA Bypass Gain Traction Among Cyberattackers
Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.
Theft in cybersecurity covers stolen data, credentials, devices, and funds, often creating risks of unauthorized access, fraud, and privacy loss.
Search across headline titles and summaries.
Background for this topic.
Unauthorized taking or copying of information, credentials, intellectual property, or digital assets is cyber theft. News under this tag may involve stolen passwords, payment data, personal information, source code, cloud tokens, cryptocurrency, or sensitive business files. Theft can result from phishing, malware, compromised accounts, insider access, exposed storage, or the loss of an unencrypted device; the relevant issue is the unauthorized acquisition or control of an asset, whether or not the attacker also alters systems.
Security teams should identify where valuable data and credentials are stored, restrict access by role, require strong authentication, encrypt data at rest and in transit, and monitor unusual downloads or transfers. Vulnerability management matters when flaws expose databases, endpoints, or cloud services to unauthorized retrieval. After suspected theft, preserving logs, revoking tokens and credentials, determining what was accessed or copied, and assessing privacy or notification obligations are central to containing the incident and measuring its impact.
Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.
It's no secret that antivirus software is as essential to your computer as a power cord
A threat group tracked as 'Worok' hides malware within PNG images to infect victims' machines with information-stealing malware without raising alarms. [...]
A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards.
Australian health insurance giant Medibank has warned customers that the ransomware group behind last month's breach has started to leak data stolen from its systems. [...]
The leaked data includes personal data like names, addresses and phone numbers, among others
A new Chrome browser botnet named 'Cloud9' has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks. [...]
Two breaches: one in 2012, another in 2015 – saw 18m folks' records stolen Experian and T-Mobile have reached separate settlements with 40 US states following a pair of data breaches in 2012 and 2015. The settlement will net authorities $16 million, along with assurances it won't happen again.…
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month's ransomware attack against Australian health insurance provider Medibank Private Limited. [...]
One attack used 400 mule accounts to steal money by making fraudulent withdrawals, researchers say.
Tech giants and startups rush into the next big thing in security The theft of billions of dollars in cryptocurrency over recent months could have been prevented, and confidential computing is a key to the security fix.…
We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns.