credentials – Noise

Cybercriminals Targeting Payroll Sites

Bruce Schneier — Tue, 04 Nov 2025 12:05:54 +0000

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for...

Automate the Creation & Rotation of Amazon Simple Email Service SMTP Credentials

Zip Zieper — Tue, 11 Mar 2025 05:47:00 +0000

[Amazon Simple Email Service] provides a secure email solution that scales with your business needs. Unfortunately, all email systems, including Amazon SES, remain the primary target for spammers and bad actors due to email’s widespread use and accessibility. While SES offers powerful features for application-based email sending, its SMTP credentials require careful management to prevent […]

Trojaned AI Tool Leads to Disney Hack

Bruce Schneier — Tue, 04 Mar 2025 12:08:31 +0000

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.

New Windows Malware Locks Computer in Kiosk Mode

Bruce Schneier — Wed, 25 Sep 2024 11:00:29 +0000

Clever:

A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.

Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker...

Security Analysis of the EU’s Digital Wallet

Bruce Schneier — Thu, 27 Jun 2024 11:06:32 +0000

A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet.

Detect Stripe keys in S3 buckets with Amazon Macie

Koulick Ghosh — Mon, 19 Feb 2024 18:58:35 +0000

Many customers building applications on Amazon Web Services (AWS) use Stripe global payment services to help get their product out faster and grow revenue, especially in the internet economy. It’s critical for customers to securely and properly handle the credentials used to authenticate with Stripe services. Much like your AWS API keys, which enable access […]

Leaving Authentication Credentials in Public Code

Bruce Schneier — Thu, 16 Nov 2023 12:10:04 +0000

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code:

Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000...

FBI (and Others) Shut Down Genesis Market

Bruce Schneier — Wed, 05 Apr 2023 15:55:02 +0000

Genesis Market is shut down:

Active since 2018, Genesis Market’s slogan was, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin...

You can now assign multiple MFA devices in IAM

Liam Wadman — Wed, 16 Nov 2022 23:17:05 +0000

At Amazon Web Services (AWS), security is our top priority, and configuring multi-factor authentication (MFA) on accounts is an important step in securing your organization. Now, you can add multiple MFA devices to AWS account root users and AWS Identity and Access Management (IAM) users in your AWS accounts. This helps you to raise the […]

NSA on Authentication Hacks (Related to SolarWinds Breach)

Bruce Schneier — Fri, 18 Dec 2020 16:35:38 +0000

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about, and represents one of the techniques the SVR is using once it has gained access to target networks.

From the summary:

Malicious cyberactors are abusing trust in federated authentication environments to access protected data. The exploitation occurs after the actors have gained initial access to a victim’s on-premises network. The actors leverage privileged access in the on-premises environment to subvert the mechanisms that the organization uses to grant access to cloud and on-premises resources and/or to compromise administrator credentials with the ability to manage cloud resources. The actors demonstrate two sets of tactics, techniques,and procedures (TTP) for gaining access to the victim network’s cloud resources, often with a particular focus on organizational email...