twilio – PossibleThreat Articles

A week in security (July 1 – July 7)

July 8, 2024 0 Comments Authy, cobalt strike, evil twin, news, prudential, taylor swift, twilio

A list of topics we covered in the week of July 1 to July 7 of 2024

Authy phone numbers accessed by cybercriminals, warns Twilio

July 4, 2024 0 Comments Authy, news, phone numbers, Privacy, twilio, unsecured api

Authy users have been warned that their phone numbers have been obtained by cybercriminals that abused an unsecured API endpoint.

Independent Krebs Security

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

January 30, 2024 0 Comments 0ktapus, A Little Sunshine, Breadcrumbs, elijah, grails, group-ib, king bob, mailchimp, Ne'er-Do-Well News, noah michael urban, okta, plex, scattered spider, signal, SIM swapping, sosa, twilio, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 30 Jan 2024 19:07:18 +0000

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Independent Krebs Security

How 1-Time Passcodes Became a Corporate Liability

August 30, 2022 0 Comments 0ktapus, christopher knauer, CloudFlare, Data Breaches, digitalocean, doordash, group-ib, klaviyo, mailchimp, matthew prince, security keys, security tools, signal, sitel group, T-Mobile, teleperformance, twilio, twitter, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

MalwareBytes Security

Twilio data breach turns out to be more elaborate than suspected

August 29, 2022 0 Comments 2fa, Authy, CloudFlare, klaviyo, mailchimp, news, okta, oktapus, otp, scatter swine, signal, twilio

Categories: News

Tags: twilio

Tags: okta

Tags: Authy

Tags: Signal

Tags: Cloudflare

Tags: MailChimp

Tags: Klaviyo

Tags: scatter swine

Tags: oktapus

Tags: 2fa

Tags: otp

Even if you don’t know a thing about Twilio, you may have been affected by their data breach.

MalwareBytes Security

Twilio breached after social engineering attack on employees

August 9, 2022 0 Comments LinkedIn, news, okta, Social engineering, sso, text messages, twilio

Categories: News

Categories: Social engineering

Tags: Twilio

Tags: text messages

Tags: sso

Tags: okta

Tags: linkedin

Twilio says it has fallen victim to a breach after an attacker sent text messages to a large number of employees.

Independent Krebs Security

Fighting Fake EDRs With ‘Credit Ratings’ for Police

April 27, 2022 0 Comments A Little Sunshine, Apple, AT&T, Coinbase, discord, emergency data request, FBI, github, Google, kodex, LinkedIn, matt donahue, meta, Microsoft, snapchat, T-Mobile, The Coming Storm, TikTok, twilio, twitter, verizon, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.