🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥
✕
Login
Home
News
Messages
Startup Showcase
Trackers
Premium
Premium Content
Jobs
Notifications
Settings
Try our Valuation Calculator →
Log In
News on Medial
Attackers are pummeling networks around the world with millions of login attempts
Arstechnica
·
1y ago
Medial
Cisco's Talos security team has issued a warning about a widespread credential compromise campaign targeting various networks. The campaign involves login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The attacks utilize generic usernames as well as usernames specific to targeted organizations. The compromised accounts could potentially lead to unauthorized network access, account lockouts, or denial-of-service conditions. The attacks have been increasing in intensity since March 18 and the IP addresses used in the attacks appear to originate from TOR exit nodes and other anonymizing tunnels and proxies. Cisco has provided a list of recommendations for preventing these attacks, including enabling detailed logging, securing default remote access accounts, and blocking known malicious sources.
View Source
Related News
Account compromise of “unprecedented scale” uses everyday home devices
Arstechnica
·
1y ago
Medial
Okta has issued a warning about an ongoing campaign that uses fraudulent login requests to conceal malicious activity. The campaign involves routing login attempts through the mobile devices and browsers of everyday users, making it difficult to identify and combat the attacks. The attackers use various techniques, including the TOR network and proxy services, to mask their IP addresses. They then use these devices in credential-stuffing attacks, trying to gain unauthorized access to online accounts by using login credentials obtained from previous breaches. Okta advises users to be cautious when installing apps or enrolling in services and provides guidance for network administrators to protect against credential-stuffing attacks.
View Source
Millions of low-cost Android devices turn home networks into crime platforms
Arstechnica
·
1m ago
Medial
Millions of low-cost Android devices are infected with BadBox malware, turning consumer networks into crime platforms. BadBox, derived from the Triada malware, enables malicious activities like ad fraud and spreading malware. Despite Google's attempts to block such threats, BadBox infections persist, often found pre-installed on devices. The FBI warns users to check their IoT devices for signs of infection and to avoid suspicious low-cost products.
View Source
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
Arstechnica
·
4m ago
Medial
A sophisticated "malvertising" campaign targeted nearly 1 million Windows devices, stealing login credentials, cryptocurrency, and more. The attackers used a four-stage malware process, starting with infection via malicious ad links leading to GitHub-hosted files. The malware disabled detection apps, connected to command servers, and exfiltrated data like browser histories and login details. Microsoft suspects unauthorized streaming sites hosted the ads, and now detects the attack's files. Users are advised to take preventive measures.
View Source
WordPress websites are being hacked to hijack your browser — and then attack other sites
Techradar
·
1y ago
Medial
Cybercriminals are utilizing compromised WordPress websites to create a vast network for credential stuffing attacks, according to security researchers. The attackers are seeking vulnerable sites to insert a script into their HTML templates, which forces visitors to unknowingly attempt to log in to different WordPress sites using various combinations of usernames and passwords. Once a successful login is achieved, the victim is used to relay the information back to the attackers and receive further instructions. The attackers previously used this technique to install malware, but have now shifted to building a larger base for more destructive attacks.
View Source
Genetic testing giant 23andMe is reportedly turning the blame back on its customers for its recent data breach
Business Insider
·
1y ago
Medial
In October, hackers stole the data of millions of 23andMe customers in a data breach. The hackers used previously compromised login credentials to access the data. 23andMe is now facing a series of class-action lawsuits from victims of the breach. The company is reportedly blaming the users, stating that they should have been more cautious about recycling their login credentials. 23andMe claims that the incident was not a result of their alleged failure to maintain reasonable security measures. The hackers gained access to around 14,000 accounts initially and then used a feature of 23andMe to access approximately 7 million accounts.
View Source
They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating
Arstechnica
·
1y ago
Medial
Ransomware hackers are exploiting recently fixed vulnerabilities in WS_FTP Server, posing a significant threat to enterprise networks. One vulnerability, with a severity rating of 10, allows attackers to execute malicious code without authentication. Another vulnerability, rated at 9.9, also enables remote code execution but requires authentication. The vulnerabilities were discovered by researchers and are being actively exploited. Progress Software, the maker of the affected software, has encouraged customers to patch their environments as soon as possible. The exploit potentially compromises networks and has impacted several organizations worldwide.
View Source
A Google Kubernetes security flaw could let anyone with a Gmail account compromise your business
Techradar
·
1y ago
Medial
Google Kubernetes Engine (GKE) had a vulnerability named Sys:All, which allowed attackers with a Gmail account to take control of a Kubernetes cluster. It was revealed that there are around 250,000 active GKE clusters susceptible to this flaw. The system:authenticated group in GKE includes both verified and non-verified Google authenticated accounts, enabling threat actors to exploit a Google OAuth 2.0 bearer token and deploy malware, move within networks, or steal sensitive data. Google addressed the issue in versions 1.28 and later of GKE by blocking the binding of system:authenticated group to the cluster-admin role.
View Source
Coinbase expects up to $400 million hit from cyber attack
Economic Times
·
1m ago
Medial
Coinbase experienced a cyberattack, impacting a small number of customer accounts, leading to a projected $180-$400 million loss. The hackers accessed some personal data but not login details. Coinbase will reimburse affected customers, refused a $20 million ransom, and established a reward for information on the attackers. The breach, coupled with upcoming inclusion in the S&P 500, highlights ongoing security challenges in the cryptocurrency industry amidst rising digital heists.
View Source
FCC and crypto firms are being hit in advanced phishing attacks using fake Okta logins
Techradar
·
1y ago
Medial
Security researchers have discovered a sophisticated phishing campaign targeting employees of the US Federal Communications Commission (FCC) and leading cryptocurrency exchanges, including Binance and Coinbase. The threat actor behind the campaign aims to obtain login credentials for Okta, a popular authentication platform. The attackers create fake landing pages that are nearly identical to the genuine ones and use phishing kit CryptoChameleon to engage with victims through emails, calls, and SMS messages. The campaign has successfully phished over 100 victims so far, with many still being targeted. The researchers believe the campaign is similar to the 2022 Oktapus campaign.
View Source
Co-working firm Innov8 goes into arbitration with Rahul Yadav's 4B Networks for unpaid dues
Money Control
·
1y ago
Medial
Rahul Yadav, the founder of 4B Networks, is facing mounting legal troubles, including arbitration and criminal cases. In addition to his arbitration dispute with Info Edge, it's revealed that 4B Networks and Yadav are also in arbitration with Innov8 over unpaid rent of Rs 1.08 crore for an office space. Innov8 has filed a criminal case under the Arbitration and Conciliation Act after failed attempts to resolve the issue. Another arbitration case involving 4B Networks is also facing difficulties, with Yadav requesting more time for understanding the arbitration case with Info Edge. A criminal case has also been filed against Yadav by an ad agency for Rs 10 crore in unpaid dues.
View Source
Trackers
Active Indian VC’s
OG Capital
Email
With a hands-on approach, OG Capital aims to invest in over 20 promising...
Accel Partners
Email
Early and growth-stage investments in disruptive technology companies with...
Blume
Email
Early-stage venture capital firm investing in technology startups in India. Focus on...
Access All Trackers
Startup Showcase Winners
June 2025
Buddy
Helping your parents when you are miles away
BiteStop
The Pit Stop Your Cravings Deserve
Bloomer
The next generation E-commerce platform
Enter Ongoing Startup Showcase
Top Users
Trending News on Medial
Download the medial app to read full posts, comements and news.
Go to Medial App
Not Now
Know everything that’s happening in the startup ecosystem, first.
Enable Notifications?
No, thanks
Count me in
