Tag Archives: phishing

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched

Enlarge / Using Teams in a browser is actually safer than using Microsoft’s desktop apps, which are wrapped around a browser. It’s a lot to work through. reader comments 65 with 41 posters participating Share this story Microsoft’s Teams client stores users’ authentication tokens in an unprotected text format, potentially allowing attackers with local access… Read More »

I’m a security reporter and got fooled by a blatant phish

Enlarge / This is definitely not a Razer mouse—but you get the idea. (credit: calvio via Getty Images) There has been a recent flurry of phishing attacks so surgically precise and well-executed that they’ve managed to fool some of the most aware people working in the cybersecurity industry. On Monday, Tuesday, and Wednesday, two-factor authentication… Read More »

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well. In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown… Read More »

How Apple, Google, and Microsoft will kill passwords and phishing in one stroke

Getty Images reader comments 186 with 108 posters participating, including story author Share this story For more than a decade, we’ve been promised that a world without passwords is just around the corner, and yet year after year, this security nirvana proves out of reach. Now, for the first time, a workable form of passwordless… Read More »

Behold, a password phishing site that can trick even savvy users

Getty Images reader comments 111 with 88 posters participating, including story author Share this story When we teach people how to avoid falling victim to phishing sites, we usually advise closely inspecting the address bar to make sure it does contain HTTPS and that it doesn’t contain suspicious domains such as google.evildomain.com or substitute letters such… Read More »

Neiman Marcus data breach impacts 4.6 million customers

reader comments 28 with 25 posters participating Share this story American luxury retailer Neiman Marcus Group (NMG) has just disclosed a major data breach impacting approximately 4.6 million customers. The breach occurred sometime in May 2020 after “an unauthorized party” obtained the personal information of some Neiman Marcus customers from their online accounts. Neiman Marcus… Read More »

Microsoft Outlook shows real person’s contact info for IDN phishing emails

reader comments 47 with 40 posters participating Share this story If you receive an email from someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The ‘і’ character in there is from the Cyrillic script and not the Latin alphabet. This… Read More »

Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos

Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. reader comments 34 with 22 posters participating, including story author Share this story The LA Times reported this week that Los Angeles man Hao Kuo “David” Chi pled guilty to four federal… Read More »