#account-takeover

[ follow ]
Theregister
1 month ago
Web design

Meet clickjacking's slicker cousin, gesture jacking

Web browsers struggle to prevent clickjacking despite ongoing efforts by developers.
New variation named 'cross window forgery' requires victims to press Enter or Space on attacker site. [ more ]
Cloud Pro
3 months ago
Business intelligence

Hundreds of enterprises are being targeted in a Microsoft Azure cloud account takeover campaign - here's what you need to know

Executives and directors are popular targets in a cloud account takeover campaign.
The campaign is specifically targeting Microsoft Azure environments. [ more ]
Theregister
3 months ago
Privacy professionals

Meta brushes off risk of account theft via number recycling

Telecom companies recycling phone numbers can lead to malicious account takeovers.
Meta (formerly Facebook) sees phone number reuse as a concern but doesn't consider it eligible for its bug bounty program. [ more ]
Ars Technica
3 months ago
Privacy professionals

Ongoing campaign compromises senior execs' Azure accounts, locks them using MFA

Unknown attackers are targeting Microsoft Azure accounts in an ongoing campaign to steal sensitive data and financial assets.
The attackers use phishing techniques and account takeovers to compromise the targeted accounts and enroll them in multifactor authentication to secure them. [ more ]
WIRED
4 months ago
Information security

How to Stop Your X Account From Getting Hacked Like the SEC's

The SEC and Mandiant both experienced account takeovers on social media platforms due to vulnerabilities in their security practices.
Both accounts had two-factor authentication (2FA) disabled at the time of the breaches, highlighting the importance of using this security measure. [ more ]
[ Load more ]