The FTC charged Amazon-owned Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts.
The post Amazon Settles Ring Customer Spying Complaint appeared first on SecurityWeek.
The all in one place for non-profit security aid.
The FTC charged Amazon-owned Ring with failing to implement basic protections to stop hackers or employees from accessing people’s devices or accounts.
The post Amazon Settles Ring Customer Spying Complaint appeared first on SecurityWeek.
Authorities Busted Cybercrime Platform That Steal Passwords & Card Details
[[{“value”:”
International law enforcement agencies have successfully dismantled a notorious cybercrime platform, LabHost, which facilitated criminals in conducting phishing attacks to steal sensitive information such as passwords, addresses, and card details from unsuspecting victims worldwide.
This collaborative effort underscores the increasing global commitment to combating cybercrime and protecting citizens from online fraud.
The operation, named Stargrew, saw the Metropolitan Police, the City of London Police, the National Crime Agency (NCA), and Europol joining forces to disrupt and take down LabHost’s network.
On Wednesday, authorities seized control of LabHost’s fraudulent sites, marking a significant victory against cybercrime.
Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors – Register Here.
In a dramatic twist, a video titled ‘LabHost Wrapped’ was sent to its criminal subscribers, taunting them with the police’s success in accessing the stored data and warning them to reconsider their holiday destinations, hinting at the international reach of their crimes.
A total of 37 suspects have been arrested across the UK, including significant apprehensions at Manchester and Luton airports and in Essex and London.
These arrests highlight the tangible impact of international cooperation in the fight against cybercrime, showcasing the ability of law enforcement agencies to work together across borders to dismantle criminal networks.
IBC, a prominent media outlet, has reported that law enforcement officials have successfully dismantled a cybercrime platform used to execute attacks aimed at stealing sensitive information such as passwords and credit card details.
LabHost’s operations have had a devastating impact on victims, with the platform enabling criminals to deceive individuals into surrendering their personal information.
Over 70,000 Brits have been targeted, with more than 25,000 British victims already contacted by the Metropolitan Police to inform them of the compromise to their data.
The scale of the operation is staggering. Police estimate that more than 40,000 fake websites were created, leading to the theft of 480,000 card numbers, 64,000 PINs, and over 1 million passwords.
The success of Operation Stargrew is a testament to the power of international cooperation in the fight against cybercrime.
Dame Lynne Owens, Deputy Commissioner of the Metropolitan Police Service, emphasized that the operation proves online fraudsters cannot act with impunity and that digital identities and platforms are not beyond the reach of law enforcement.
The Secretary General of Interpol, Jurgen Stock, also highlighted the changing nature of cybercrime. Criminals organize themselves in dynamic, ad-hoc groups, making international collaboration even more crucial.
The dismantling of LabHost marks a significant victory in the ongoing battle against cybercrime. It showcases the effectiveness of international cooperation and the commitment of law enforcement agencies worldwide to protect citizens from online fraud.
Protect Your Business Emails with Trusitifi’s AI-Powered Security —stopping 99% of phishing attacks – Request a Free Demo
The post Authorities Busted Cybercrime Platform That Steal Passwords & Card Details appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free
Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!
Introducing SaaS Pulse: Free Continuous SaaS Risk Management
Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly Read More
Hackers Can Hijack Your MFA Enabled Email Accounts By Stealing Cookies
MFA enhances the security of email accounts by requiring users to provide additional verification beyond just their password.
Implementing MFA reduces the risk of unauthorized access which makes it a critical security measure for protecting sensitive information in email accounts.
Cybersecurity researchers at Malwarebytes uncovered that hackers can hack MFA-enabled email accounts by stealing cookies.
Threat actors have started stealing session cookies in order to evade multi-factor authentication (MFA).
When you log into any website, the server creates a unique session ID, which is saved in your browser as a cookie-labeled session or a cookie that remembers you.
This cookie’s lifetime is usually 30 days, and it acts as a log-in beacon, helping you log in without a hassle.
Challenges that MDR can help you resolve -> Get a Free Guide
But in the case where a threat actor steals this specific login session cookie, they can use it to grant themselves access to the account, even when MFA is in place, reads the report.
This is because the stolen cookie contains the valid session information, which allows the attacker to bypass the additional authentication step required by MFA.
In the most recent event, the FBI declared that users’ accounts were seriously threatened by actors who exploited this vulnerability.
When a threat actor gains unauthorized access to an email account, the criminal discovers a treasure trove of sensitive information, including credit card numbers and addresses used in online stores.
Such data may be used as source data or even to carry out an identity theft or “Person in the Middle” attack.
Moreover, the email account used for hacking may be used to send spam and phishing emails to the contacts that are stored in the address book of the email account.
One important technique is hacking session cookies and other data. Session cookies are small pieces of data that web browsers store to maintain a user’s login state across different pages or sessions.
In the case of an attack and DDoS, if a hacker takes away a session cookie, the hacker can install applications on another account, which allows quick access to the email account without the need for the actual account credentials.
Session cookies, on the other hand, can be breached in multiple ways, including MitM attacks on weak networks or malware infections targeting the user’s device, which can steal session data.
Even though session cookies can be taken from the user’s device or from a network in some cases, this is usually done with the help of information-stealing malware, which is a more sophisticated version that has the exclusive purpose of penetrating and stealing session cookies and other important data from the infected device.
Once threat actors have obtained these session cookies, they can use the victim’s email account as if their actual login and password are not needed.
Here below we have mentioned all the recommendations:-
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The post Hackers Can Hijack Your MFA Enabled Email Accounts By Stealing Cookies appeared first on Cyber Security News.