Article Top Ads

Reddit Suffers Security Breach Exposing Internal Documents and Source Code

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.

The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, aimed at its employees.

Article Inline Ads

The attack entailed sending out “plausible-sounding prompts” that redirected to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.

  • AdwCleaner 8.4.0.0 Download

    adwcleaner

    AdwCleaner 8.4.0.0 Download AdwCleaner is a free program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web. ADWCLEANER USAGE INSTRUCTIONS:Using AdwCleaner is […]

  • New malware via job offers on LinkedIn

    new malware via job offers on LinkedIn

    New malware via job offers on LinkedIn. The attackers use social engineering to convince their targets to engage over WhatsApp, where they drop the malware payload “PlankWalk,” a C++ backdoor that helps them establish a foothold in the target’s corporate environment. According to Mandiant, which has been tracking the particular campaign since June 2022, the […]

  • Small Business Cyber Security Statistics in 2023

    Small Business Cybersecurity Statistics for 2023

    Small Business Cyber Security Statistics in 2023. Cyberattacks against small businesses have been on the rise in recent years. Despite the attitude among many small business owners. In fact, certain types of attacks–social engineering attacks, like phishing, for example–are much more commonly aimed at small businesses. Cybercriminals assume that weaker security measures will make small […]

  • Hackers Exploit Containerized Environments to Steal Proprietary Data

    SCARLETEEL-attack-chain

    Hackers Exploit Containerized Environments to Steal Proprietary Data The advanced cloud attack also entailed the deployment of crypto miner software, which the cybersecurity company said is either an attempt to generate illicit profits or a ploy to distract defenders and throw them off the trail. “The attacker exploited a containerized workload and then leveraged it […]

  • Want to make your name ringtone? Just follow these 6 steps

    build your own name ringtone

    Want to make your name ringtone? Just follow these 6 steps In the era of smartphones, we are trying new things every day. Phones, which were earlier only for communication, have gradually taken the form of smartphones. So everyone is doing some experiment through this medium to influence others. Some make reels, some keep status, some express their feelings […]

  • Why is Cyber Security Important In Today’s Era of Technology?

    cyber security

    Why is Cyber Security Important In Today’s Era of Technology? Why is Cyber Security Important In Today’s Era of Technology? We are reliant on technology like never before, and it has increased exponentially after the unprecedented lockdown. All our data, such as social media passwords, bank details, location, and social security numbers, are stored online […]

  • Hackers Abused Microsoft’s OAuth Apps “Verified Publisher” to Breach Corporate Email Accounts

    Hackers Abused Microsoft’s OAuth Apps “Verified Publisher” to Breach Corporate Email Accounts Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations’ cloud environments and steal email. “The applications created by these […]

  • Most Common ‘Human Errors’ in cybersecurity and preventive Tips – 2022

    Most Common ‘Human Errors’ in cybersecurity and preventive Tips – 2022 In a research finds that 95% of cybersecurity incidents occur due to human error. For a years, Human error in cybersecurity breaches is an age-old problem and it has been consistently identified as a major cybersecurity breaches. 2) Use of unauthorized software:If employees install […]

  • Why Cybersecurity Should Still Be A Top Priority For Businesses Cybersecurity is an important issue.

    Cybersecurity is an important issue

    Why Cybersecurity Should Still Be A Top Priority For Businesses Cybersecurity is an important issue. We know that cyber attacks continue to increase. In today’s technological age, organizations and individuals need to protect themselves from most types of threats. Unfortunately, there are some cybersecurity misconceptions that still prevent too many people from taking the necessary […]

  • Cybersecurity Maturity Report 2023 Reveals global cyberattacks increased by 38%

    Cybersecurity Maturity Report 2023 Reveals global cyberattacks increased by 38% In 2022, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market. With this rise in […]

  • Your Active Directory Threats & how to Prevent?

    Active Directory Threats

    Your Active Directory Threats & how to Prevent? Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. Many internal users have over-provisioned access and visibility into the internal network. Insiders’ level of access and trust in a network leads to unique vulnerabilities. Network security often focuses on keeping a threat […]

A single employee’s credentials is said to have been phished in this manner, enabling the threat actor to access Reddit’s internal systems. The affected employee self-reported the hack, it further added.

The company, however, stressed that there is no evidence to suggest that its production systems were breached or that users’ non-public data had been compromised. There is no indication that the accessed information has been published or distributed online.

“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” Reddit said.

It further noted “similar phishing attacks have been recently reported” without taking any specific names. It did not disclose what source code was accessed following the security lapse.

The development is yet another indication as to how threat actors are increasingly finding ways to defeat 2FA by setting up lookalike pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.

Article Bottom Ads

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here