Steam Security Saga Continues with Vulnerability Fix Bypass
A bypass for a recent Steam vulnerability that could allow malware or a local attacker to gain admin privileges has been disclosed on Twitter. This new method allows an attacker to bypass the fix created by Steam and exploit the vulnerability again. […]
Mozilla Firefox Bug Let Third-Parties Access Saved Passwords
Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser’s built-in Save Logins database even when protected with a master password. […]
Decade-Long Bank Account Hacking Scheme Gets Fraudster 57 Months
Brooklyn man Jason Mickel Elcock was sentenced today to 57 months in prison for a series of account hijacking attacks spanning more than a decade, having used stolen personal and financial information to pilfer over $1.1 million from banks and online retailers. […]
Google Estimates 1.5% of Web Logins Exposed in Data Breaches
A study released by Google estimates that a 1.5% of all logins used across the web are vulnerable to credential stuffing attacks due to being disclosed in data breaches. While this percentage is quite small, when you take into consideration the total of amount of users and login credentials being used on the web, the number gets […]
Lateral Phishing Attacks: A Growing Threat to the Enterprise
A growing threat targeting the enterprise are phishing scams targeting users from compromised email accounts in the same organization. This type of attack is called lateral phishing as it is conducted from an email address within, rather than outside, the organization. […]