twilio
Authy phone numbers accessed by cybercriminals, warns Twilio
Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint.
Read moreFla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
Credit to Author: BrianKrebs| Date: Tue, 30 Jan 2024 19:07:18 +0000
On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.
Read moreHow 1-Time Passcodes Became a Corporate Liability
Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000
Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.
Read moreTwilio data breach turns out to be more elaborate than suspected
Categories: News Tags: twilio Tags: okta Tags: Authy Tags: Signal Tags: Cloudflare Tags: MailChimp Tags: Klaviyo Tags: scatter swine Tags: oktapus Tags: 2fa Tags: otp Even if you don’t know a thing about Twilio, you may have been affected by their data breach. |
The post Twilio data breach turns out to be more elaborate than suspected appeared first on Malwarebytes Labs.
Read moreFighting Fake EDRs With ‘Credit Ratings’ for Police
Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.
Read more