Feds Charge Five Men in ‘Scattered Spider’ Roundup

Credit to Author: BrianKrebs| Date: Thu, 21 Nov 2024 20:13:08 +0000

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.

Read more

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Credit to Author: BrianKrebs| Date: Tue, 30 Jan 2024 19:07:18 +0000

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Read more

How 1-Time Passcodes Became a Corporate Liability

Credit to Author: BrianKrebs| Date: Tue, 30 Aug 2022 14:53:39 +0000

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Read more

Twilio data breach turns out to be more elaborate than suspected

Categories: News

Tags: twilio

Tags: okta

Tags: Authy

Tags: Signal

Tags: Cloudflare

Tags: MailChimp

Tags: Klaviyo

Tags: scatter swine

Tags: oktapus

Tags: 2fa

Tags: otp

Even if you don’t know a thing about Twilio, you may have been affected by their data breach.

(Read more…)

The post Twilio data breach turns out to be more elaborate than suspected appeared first on Malwarebytes Labs.

Read more

Twilio breached after social engineering attack on employees

Categories: News

Categories: Social engineering

Tags: Twilio

Tags: text messages

Tags: sso

Tags: okta

Tags: linkedin

Twilio says it has fallen victim to a breach after an attacker sent text messages to a large number of employees.

(Read more…)

The post Twilio breached after social engineering attack on employees appeared first on Malwarebytes Labs.

Read more

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Read more